ANOM_ABEND events are missing

ANOM_ABEND events are missing

[Steve Grubb]

Hello Richard & Paul,

I have been noticing something lately. I have applications that crash and I 
get a notification from abrtd but when I go looking, there is no matching 
ANOM_ABEND records. This is one a 4.11.11 kernel.

The purpose of the ANOM_ABEND record is to indicate that a program has crashed 
and receieved a SIGSEGV or any other signal that results in termination. By 
any chance has something changed where our hook is placed? I also can't tell 
you when this started, I have a feeling this has been happening for over a 
year.

-Steve

Re: ANOM_ABEND events are missing

[Paul Moore]

On Wed, Jul 26, 2017 at 11:33 AM, Steve Grubb <sgrubb@redhat.com> wrote:
> Hello Richard & Paul,
>
> I have been noticing something lately. I have applications that crash and I
> get a notification from abrtd but when I go looking, there is no matching
> ANOM_ABEND records. This is one a 4.11.11 kernel.
>
> The purpose of the ANOM_ABEND record is to indicate that a program has crashed
> and receieved a SIGSEGV or any other signal that results in termination. By
> any chance has something changed where our hook is placed? I also can't tell
> you when this started, I have a feeling this has been happening for over a
> year.

I know we talked about this a bit offline, but for the sake of the
list and anyone else who may be experiencing this: a reproducer would
be extremely helpful ... and when I say a reproducer, I'm not talking
about a process that crashes, that is easy enough, I'm talking about a
reliable procedure that results in a program crash which is not logged
via audit.

-- 
paul moore
www.paul-moore.com