Knowledge Search


×
 

[ScreenOS] How to save full memory core dump to compact flash for ISG and NS5000 firewalls

  [KB7405] Show Article Properties


Summary:

This article provides information on how to prepare a compact flash card so a trace can be automatically written to the card when the firewall crashes and core dumps.

Symptoms:

By default, a core dump is displayed in the firewall console. In some scenarios, the core dump does not provide enough information for engineering to identify a root cause. Therefore, engineering may request a Full Memory Core Dump saved to compact flash.

For more information, refer to KB16757 - What Compact Flash Cards have been tested with ScreenOS firewalls.

Cause:

Solution:

When a core dump occurs, the coredump.txt file is created on the Juniper flash.

To save the file to a compact flash the next time the firewall crashes, perform the procedure below.

For steps to format a CF card using Mac OSX, scroll down to Mac OSX CF instructions.


Formatting CF card using Windows 95, 98, or NT

1. Format the compact flash card with FAT (not FAT32) from a Windows 95, 98, or NT system.

PC Cards can be formatted only by using Windows 95, Windows 98, or Windows NT. Windows 2000 uses a different formatting routine, which makes it unreadable via ScreenOS.

Note: FAT32 may be the default format on your system, so make sure to select FAT.


2. On the Juniper firewall, via the CLI, run the following command:

set core-dump flash coredump.bin 128

This command sets the size of the core dump trace on the compact flash card to 128 MB. If your flash card is 512MB, then specify 512 instead of 128, as in the example below:

ns5200(M)-> set core-dump flash coredump.bin 128
finish record FAT info

If you receive the error file cluster chain error, too little valid clusters failed to get file position, repeat Step 1 and make sure you format the flash card with FAT instead of FAT32.

Note: Locating or buying a small compact flash could be difficult. If you have a compact flash with over one gigabyte of capacity, try setting the file size in the above command to 200 MB or lower. Large files will be harder to transfer to JTAC and Juniper engineering for analyzing the crash. It has been observed that even with 200 MB core-dump compression, it is reduced to a 50 MB file.

Caution:

The firewall CPU usage can increase to over 80% after this command is executed as it needs to create a file on the flash card. The file creation process can take well over one hour to complete. The device may get into an inaccessible state during file creation. Even though this should not cause any issues with the pass-through traffic, it is advisable to perform this activity during a downtime or at the time of minimum impact.

On a cluster configuration, it is highly recommended that this CLI command be executed only on the backup firewall. Avoid executing the command on the Master Firewall as the CPU utilization increase could negatively impact system performance. Instead, after the file process is completed on the backup Firewall, a controlled failover should be executed and the CF card insertion/CLI command execution process repeated on the Now-Backup firewall. The file-creation process could again take over one hour. A maintenance window of sufficient time to accommodate at least three hours should be scheduled for this activity.


3. Verify that the Compact Flash card is properly inserted and able to be read by the system.

Execute the "get file" command on the CLI:

get file:
flash:/envar.rec 187
flash:/prngseed.bin 32
flash:/pkidatabase.digest 20
flash:/cli-log 49952
flash:/crash.dmp 262144

Cfcard device :
  cfcard:/.Trashes/
  cfcard:/.Spotlight-V100/
  cfcard:/.fseventsd/

After a core dump occurs, a line similar to the following will be included in the "get file" output:

cfcard:/coredump.bin           268435456

The next time the firewall crashes, it will dump to flash.

Sample output:

Image version:4.0.0w1.0 (SN: 0040052002000051, Firewall+VPN)
Exception Dump
System up time: 4 hours 16 minutes 19 seconds
Exception(Testing crash ...
)

IP: 0041fcd4
Task STACK: 20effde0
GPR:
r0:00001030 r1:20effde0 r2:00908000 r3:00009032
r4:0000000d r5:00009032 r6:00000000 r7:00000000
r8:00000000 r9:0000000a r10:00000000 r11:00cf2edc
r12:84000028 r13:009965c0 r14:fff006cc r15:fff00998
r16:fff01030 r17:fff019c8 r18:00000046 r19:fffffffc
r20:00000000 r21:00000000 r22:08cf3348 r23:00000000
r24:08cf334b r25:006f7ee8 r26:00000000 r27:00000000
r28:00000000 r29:00923844 r30:00009032 r31:006f9cc4

Special Register:
CR:24000022 XER:20000000 LR:0041fcd4 CTR:00110034
MSR:00001030 SRR0:0041d050 SRR1:00001032 DAR:00000000
DSISR:00000000 HID0:b000c000 HID1:d0000000 SDR1:1e0001ff
L2CR:80000000

BAT Registers:
IBAT0L:00000000 IBAT0U:00000000 IBAT1L:00580001 IBAT1U:00580006
IBAT2L:00000000 IBAT2U:00000000 IBAT3L:00000000 IBAT3U:00000000
DBAT0L:009a0002 DBAT0U:009a0002 DBAT1L:00dc0002 DBAT1U:00dc0002
DBAT2L:00000000 DBAT2U:00000000 DBAT3L:00000000 DBAT3U:00000000

Segment Registers:
SR0:00fffff0 SR1:10fffff1 SR2:0000000f SR3:70fffff3
SR4:30fffff4 SR5:30fffff5 SR6:30fffff6 SR7:30fffff7
SR8:30fffff8 SR9:30fffff9 SR10:30fffffa SR11:30fffffb
SR12:30fffffc SR13:30fffffd SR14:30fffffe SR15:10ffffff
Trace:
0041fcd4 0041fcec 0022569c 0021a89c 0021aa88 0021aa88 0021adbc 0021e0c8
0021e320 0021e2b4

System Level:
Image In Task Level
Current Task Is:cmd

Start to write to flash ... This could take several minutes
.
.
.
output 0x200000 data start from memptr 1de00000 of section 0
1048576 bytes data flash out.
2097152 bytes data flash out.
output 0x1de00000 data start from memptr 0 of section 1
Begin DRAM data compressing ...
3145728 bytes data flash out.
4194304 bytes data flash out.
5242880 bytes data flash out.
6291456 bytes data flash out.
7340032 bytes data flash out.
8388608 bytes data flash out.
9437184 bytes data flash out.
10485760 bytes data flash out.
11534336 bytes data flash out.
12582912 bytes data flash out.
13631488 bytes data flash out.
14680064 bytes data flash out.
15728640 bytes data flash out.
16777216 bytes data flash out.
17825792 bytes data flash out.
18874368 bytes data flash out.

Done.

The coredump.bin file is created and stored on the compact flash card. Regular compact flash cards take about 25 minutes and ultra compact flash cards take about 11 minutes.

Currently, there is no way to view the contents of the compact flash card when it is still installed in the firewall.

You have to remove the compact flash from the device, insert it into the PCMCIA adapter, and plug the PCMCIA card into the PCMCIA slot of your PC.

The PCMCIA card will mount as a removable media drive on Windows Explorer. View or save the contents of the Compact Flash, similar to viewing or saving any ordinary file on a Windows drive.


Commands for saving to the flash card:

  • To save the configuration to the compact flash card:

save config slot<slotnumber> backup.cfg

  • To save debugging information:

set log module system level debugging destination pcmcia


Formatting CF card using Mac OSX

1. Mount the compact flash card using a USB adapter.

Note the name of the disk mounted on your desktop.


2. Open a terminal.


3. Show the name of the disks.

Run "diskutil list" to show the name of the disks. Locate the disk with the same name as the one mounted on your desktop (for example, /dev/disk2).

#:   TYPE NAME                   SIZE        IDENTIFIER
0:   FDisk_partition_scheme      *521.8 MB   disk2
1:   DOS_FAT_16 CORE              521.7 MB   disk2s1


4. Run the "diskutil partitionDisk" command.

Syntax:

diskutil partitionDisk [Volume Identifier] 1 MBRFormat "MS-DOS FAT16" "[new partition name]" [size of partition][M/G]

Example:

sh-3.2# diskutil partitionDisk /dev/disk2 1 MBRFormat "MS-DOS FAT16" "CORE" 521M

Sample output:

Started partitioning on disk2
Unmounting disk
Creating the partition map
Waiting for the disks to reappear
Formatting disk2s1 as MS-DOS (FAT16) with name CORE
512 bytes per physical sector
/dev/rdisk2s1: 1018480 sectors in 63655 FAT16 clusters (8192 bytes/cluster)
bps=512 spc=16 res=1 nft=2 rde=512 mid=0xf8 spf=249 spt=32 hds=54 hid=63 drv=0x80 bsec=1019025
Mounting disk
Finished partitioning on disk2
/dev/disk2
#: TYPE NAME SIZE IDENTIFIER
0: FDisk_partition_scheme *521.8 MB disk2
1: DOS_FAT_16 CORE 521.7 MB disk2s1

Related Links: