FreeBSD/GNU Linux: should I leave kernel crash dumps enabled or disabled on a production server?

Question

I did a google search on kernel crash dumps, and while I found plenty of information on what they are and how to set them up, I could not seem to get a recommendation on whether they should be enabled or disabled on a production server.

From what I understand, kernel crash dumps are mostly useful for developers who are debugging kernels.

Would enabling kernel crash dumps provide any value to the average system administrator? And if so, are there downsides to enabling them (e.g., introducing security vulnerabilities or causing thrashing on low memory systems)?

Answer 1

Great question. I highly recommend leaving them on with a caveat... you have to have someone on the team who can understand them. Being able to understand the linux subsystems at that level where checking the dump file will be helpful is definitely advanced level. That said, the dump will include information on what caused the issue and which process or system call was the offending culprit and can be very helpful in an environment with development or custom code being created.

Answer 2

Typically crash dumps, or running crash kernels is something you want to limit to just doing when you are trying to debug a specific issue or problem on a production server.

Reasons for this are two-fold:

1- Crash dumps or core files, can take up space on disk and depending on how you have this configured, this can be a small amount or the entire contents of memory. This can cause disk space issues, and depending on the frequency of the crashes, can fill up a disk extremely fast.

2 - Running something like kdump, kexec, or crash kernel, uses additional memory. This can be a non-issue if configured properly, but it is something to think about for systems running at the razors edge in regards to memory utilization.

RedHat has a really good guide on configuring kexec and kdump here:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/kernel_administration_guide/kernel_crash_dump_guide

Typically these are awesome tools for debugging, but aren't meant to really be used for long-term stable production servers.