Re: ANOM_ABEND events are missing
On Wed, Jul 26, 2017 at 11:33 AM, Steve Grubb <sgrubb(a)redhat.com> wrote:
Hello Richard & Paul,
I have been noticing something lately. I have applications that crash and I
get a notification from abrtd but when I go looking, there is no matching
ANOM_ABEND records. This is one a 4.11.11 kernel.
The purpose of the ANOM_ABEND record is to indicate that a program has crashed
and receieved a SIGSEGV or any other signal that results in termination. By
any chance has something changed where our hook is placed? I also can't tell
you when this started, I have a feeling this has been happening for over a
year.
I know we talked about this a bit offline, but for the sake of the
list and anyone else who may be experiencing this: a reproducer would
be extremely helpful ... and when I say a reproducer, I'm not talking
about a process that crashes, that is easy enough, I'm talking about a
reliable procedure that results in a program crash which is not logged
via audit.
--
paul moore
www.paul-moore.com