Skip to Content

New way to collect core dump file in Linux

Core dumps are binary files that contain the memory image of a crashed process, which can be invaluable for debugging purposes.

To collect a core dump file in Linux, you need to configure your system to generate core dumps when a program crashes. By default, many Linux distributions disable core dumps to save disk space and prevent potential security issues.

In this article, we will cover all the steps on how to collect core dump files in Red Hat-based distributions (RHEL 6/7/8, CentOS, Fedora)

  • Remove the core file size limits
  • Install abrt tool
  • Start abrt service
  • Generate core dump file
  • Get core dump file from abrt directory

 

Get Your Free Linux training!

Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!

Remove core dump file size limits

In Linux, you can remove or increase core dump file size limits using the ulimit command or by modifying system configuration files.

1. Using the ulimit command:
You can use the ulimit command to set or remove the core dump file size limits for your current shell session. Follow these steps:

  • Open a terminal window.
  • Check your current core file size limit by running the following command: ulimit -c
  • To remove the limit, set it to “unlimited” using the following command: ulimit -c unlimited
  • Verify that the limit has been removed by running the ulimit -c command again.

Note: This change will only apply to the current shell session. If you want to make this change permanent, you can add the ulimit command to your shell’s startup script (e.g., .bashrc or .bash_profile for Bash).

2. Modifying system configuration files (for system-wide changes):

To remove the core dump file size limits system-wide, you can modify the configuration file (e.g., /etc/security/limits.conf or /etc/security/limits.d/) depending on your Linux distribution.

Here’s how you can do it using /etc/security/limits.conf:

  • Open the /etc/security/limits.conf file using a text editor with administrative privileges, such as sudo nano or sudo vi:
    sudo nano /etc/security/limits.conf
  • Add the following lines to the file to set the core dump file size limit to “unlimited” for all users:
    * hard core unlimited
    * soft core unlimited
  • Save the file and exit the text editor.
  • To apply the changes, you need to log out and log back in.

 

Please note that the exact file locations and procedures may vary depending on your Linux distribution and version. Make sure to backup any configuration files before making changes and consult your system’s documentation for the most accurate information.

Install abrt tool

ABRT (Automatic Bug Reporting Tool) is a tool used in Linux distributions to automatically detect and report system errors, crashes, and application failures.

To install ABRT on your Linux system, you’ll need to use the package manager specific to your distribution.

Here are the installation commands for some popular Linux distributions:

Red Hat-based distributions (RHEL, CentOS, Fedora):

For recent versions using dnf:

sudo dnf install abrt abrt-addon-ccpp abrt-tui

For older versions using yum:

sudo yum install abrt abrt-addon-ccpp abrt-tui

Please note that the availability and installation process may vary slightly depending on your specific Linux distribution and version.

After we install ABRT, we need to install ccpp hook with following commands.

# abrt-install-ccpp-hook install
# abrt-install-ccpp-hook is-installed; echo $?;

The second command should return 0 (hooks installed)

Start abrt service

To start the ABRT (Automatic Bug Reporting Tool) services on a Linux system, you can use the systemctl command.

However, you need to have administrative privileges to start services.

Here are the commands:

Start the ABRT daemon service (abrtd.service):

sudo systemctl start abrtd.service

This command starts the ABRT daemon, which is responsible for collecting and processing crash and error reports.

Start the ABRT Crash-Catcher service (abrt-ccpp.service):

sudo systemctl start abrt-ccpp.service

The ABRT Crash-Catcher service is responsible for catching crashes in C/C++ applications and generating error reports.

After running these commands with administrative privileges, the ABRT services should be started on your system. You can check the status of the services to ensure they are running correctly:

sudo systemctl status abrtd.service
sudo systemctl status abrt-ccpp.service

The output should indicate that both services are active (running) if they started successfully.

Generate core dump file

Here are the steps to generate a core dump file:

Run the sleep command in the background with a delay of 600 seconds:

bash-4.4$ sleep 600 &
[1] 6

Check the PID (Process ID) of the sleep process:

bash-4.4$ ps aux | grep sleep
default 6 0.0 0.1 23044 1396 pts/0 S 06:06 0:00 /usr/bin/coreutils --coreutils-prog-shebang=sleep /usr/bin/sleep 600
default 8 0.0 0.0 9204 1152 pts/0 S+ 06:07 0:00 grep sleep

Send the SIGABRT signal to the sleep process (PID 6):

bash-4.4$ kill -SIGABRT 6
bash-4.4$
[1]+ Aborted (core dumped) sleep 600

 

Get core dump file with abrt-cli list command

To get core dump information, you can use the following command:

abrt-cli list

When you run this command, you will see a list of core dump reports along with details such as the time of the dump, the executable that crashed, the package it belongs to, and more.

Run 'abrt-cli list'.
[root@podman83 ~]# abrt-cli list
id b633e788c46b56b1cae41db8bf4d17f49afbb315
reason: coreutils killed by SIGABRT
time: Mon May 31 15:11:05 2021
cmdline: /usr/bin/coreutils --coreutils-prog-shebang=sleep /usr/bin/sleep 600
uid: 1001 ()
count: 1
Directory: /var/spool/abrt/ccpp-2021-05-31-15:11:05-77032