Boot time, crash time, and uptime

Previous page
Table of content
Next page

UNIX systems keep track of the current time as well as the time when they were booted . The current time is usually easy to find, but sometimes the boot time is a bit trickier. In postmortem system crash dump files, the current time is actually the time of the crash.

The time of the crash can play a vital role in system crash dump analysis. For example, if you find you have several crashes from one system that all occurred at the same time but on different days, you are much closer to finding the source. In such cases, often a specific cron job turns out to be the program that is triggering the crashes.

Comparing the boot time to the current or crash time also provides useful information. Subtracting the crash time from the boot time gives the system uptime. A system that, according to the savecore files, was up for several months presents a different picture than a system that was up for merely a few minutes.

Looking first at a Solaris 1 system, let's get the boot time and the time of the system crash. These are conveniently stored in kernel variables boottime and time . UNIX time is maintained as the number of seconds since January 1, 1970. As you may recall from the previous chapter, in adb the /Y command says to show the 32-bit value stored in the specified variable as a date instead of, say, a hexadecimal value.

Figure 9-3 Displaying the boot time and crash time on a Solaris 1 crash 
 Hiya...  adb -k vmunix.0 vmcore.0  physmem 3f98  boottime/Y  _boottime:  _boottime:    1993 Oct 25 13:02:25  time/Y  _time:  _time:        1993 Nov 3 00:14:06  $q  Hiya...

Solaris 2 also has a time variable but doesn't keep track of the boot time as a fixed value, as is done in Solaris 1. Instead, it keeps track of the 100ths of seconds that have passed since the system was booted. This value is kept in a kernel variable called lbolt, which is an abbreviation for "lightning bolts," or clock ticks .

To get the boot time on a Solaris 2 system, we have to get the lbolt value, divide it by 100 to get whole seconds, and subtract that value from the current or crash time. Within adb we can do this simple arithmetic and ask adb to display the result in time format.

Figure 9-4 Displaying the boot time and crash time on a Solaris 2 crash 
 Hiya...  adb -k /dev/ksyms /dev/mem  physmem 1e16  time/Y  time:  time:            1994 Mar 13 21:12:49  time/X  time:  time: 2d8381d1  lbolt/X  lbolt:  lbolt: a50e3  2d8381d1-(a50e3%0t100)=Y  1994 Mar 13 19:20:09  $q  Hiya...

The % sign says to divide. The 0t specifies that the next value is in decimal instead of the adb default base, hexadecimal. Instead of 0t100 we could have simply put 64, as 100 decimal is 64 hexadecimal. The =Y says to show the result of the formula in date format.

When calculating the boot time, you might find it easier to work in decimal. We will perform the same operation again, this time using all decimal values. We can easily do the division by 100 in our head by simply dropping the last two digits from lbolt . 

 Hiya...  adb -k /dev/ksyms /dev/mem  physmem 1e16  time/D  time:  time: 763593169  lbolt/D  lbolt:  lbolt: 676067  0t763593169-0t6760=Y  1994 Mar 13 19:20:09  $q  Hiya...

Previous page
Table of content
Next page
PANIC. UNIX System Crash Dump Analysis Handbook
PANIC! UNIX System Crash Dump Analysis Handbook (Bk/CD-ROM)
ISBN: 0131493868
EAN: 2147483647
Year: 1994
Pages: 289
Authors: Chris Drake
BUY ON AMAZON
Strategies for Information Technology Governance
Visual C# 2005 How to Program (2nd Edition)
Programming Microsoft ASP.NET 3.5
Pocket Guide to the National Electrical Code(R), 2005 Edition (8th Edition)
User Interfaces in C#: Windows Forms and Custom Controls
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy