FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 01-07-2012, 09:02 PM
Joe Zeff
 
Default Recovering forensic data from a failed boot

As I may have mentioned before, my laptop runs F16 but will only boot
properly from my last F14 kernel. All attempts to boot from a 3.X
kernel fail before gdm starts. Are there any logs that survive after I
reboot into the old 2.X kernel so that I can see just what's happening?
I presume that some of the data will be in /var/log/messages, but is
there anything else? Is there a way to be sure that a copy of boot.log
is kept, or if it already is, where is it? So far, just reporting on
the error messages I see on the screen hasn't led to any suggestions how
to correct whatever's wrong, so I'm hoping there's a way to get more data.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 01-08-2012, 06:28 PM
Kernel Guardian
 
Default Recovering forensic data from a failed boot

Maybe could help to boot into runlevel 3, and turn on debug on in systemd. Or try to boot into single user.

On Jan 7, 2012 11:02 PM, "Joe Zeff" <joe@zeff.us> wrote:
As I may have mentioned before, my laptop runs F16 but will only boot properly from my last F14 kernel. *All attempts to boot from a 3.X kernel fail before gdm starts. *Are there any logs that survive after I reboot into the old 2.X kernel so that I can see just what's happening? *I presume that some of the data will be in /var/log/messages, but is there anything else? *Is there a way to be sure that a copy of boot.log is kept, or if it already is, where is it? *So far, just reporting on the error messages I see on the screen hasn't led to any suggestions how to correct whatever's wrong, so I'm hoping there's a way to get more data.


--

users mailing list

users@lists.fedoraproject.org

To unsubscribe or change subscription options:

https://admin.fedoraproject.org/mailman/listinfo/users

Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

Have a question? Ask away: http://ask.fedoraproject.org


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 01-08-2012, 06:49 PM
Joe Zeff
 
Default Recovering forensic data from a failed boot

On 01/08/2012 11:28 AM, Kernel Guardian wrote:

Maybe could help to boot into runlevel 3, and turn on debug on in
systemd. Or try to boot into single user.


Thank you. I hadn't known about debug (I presume I could do that while
running the old kernel and then try booting the newer one?) Single
user's also a good idea. It hadn't occurred to me that it would save
that much state. I won't have time to play with it until at least
tomorrow, but when I do, I'll report back.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 01-30-2012, 08:21 PM
Joe Zeff
 
Default Recovering forensic data from a failed boot

On 01/08/2012 11:28 AM, Kernel Guardian wrote:

Maybe could help to boot into runlevel 3, and turn on debug on in
systemd. Or try to boot into single user.


I've had too many other things going on to deal with this for quite some
time. However, I did learn via fedoraforums that there are several
backups of boot.log in /var/log, as well as at least one of dmesg. I've
got time to play, a little, now, and will report if I find anything
interesting/relevant.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 01-30-2012, 08:38 PM
jdow
 
Default Recovering forensic data from a failed boot

On 2012/01/30 13:21, Joe Zeff wrote:

On 01/08/2012 11:28 AM, Kernel Guardian wrote:

Maybe could help to boot into runlevel 3, and turn on debug on in
systemd. Or try to boot into single user.


I've had too many other things going on to deal with this for quite some time.
However, I did learn via fedoraforums that there are several backups of boot.log
in /var/log, as well as at least one of dmesg. I've got time to play, a little,
now, and will report if I find anything interesting/relevant.


First one must take a dd level record of the infected disk(s).

Then one can mount those disks read only and paw through them for forensic
data. Otherwise forensic data may get lost, particularly from log files, as
logs rotate.

If you only have one disk make a backup of /var/log/messages to another
directory immediately. Then treat that backup as read only.

{o.o}
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 01-30-2012, 09:24 PM
Joe Zeff
 
Default Recovering forensic data from a failed boot

On 01/30/2012 01:38 PM, jdow wrote:

First one must take a dd level record of the infected disk(s).


The disk isn't infected. It just won't boot into any 3.x kernel, but
boots fine with the last kernel from F14.


I do, however, have a little more data: ever since the "upgrade," my
laptop's been unable to mount CD/DVD discs although it never had any
trouble under F14. If I put a DVD into the drive and try to reboot to a
3.x kernel, instead of getting error messages about the sdb cache, I get
errors about not being able to read the disc. For some reason, the 3.x
kernels are trying to read from that drive even when it's empty, and
hanging because it can't. I doubt it's something in the BIOS, or boot
order, because the old 2.x kernel has no trouble booting, even though it
can't read from the drive any more either.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 01-30-2012, 11:27 PM
Michael Hennebry
 
Default Recovering forensic data from a failed boot

On Mon, 30 Jan 2012, Joe Zeff wrote:

I do, however, have a little more data: ever since the "upgrade," my
laptop's been unable to mount CD/DVD discs although it never had any
trouble under F14. If I put a DVD into the drive and try to reboot to a
3.x kernel, instead of getting error messages about the sdb cache, I get
errors about not being able to read the disc. For some reason, the 3.x
kernels are trying to read from that drive even when it's empty, and
hanging because it can't. I doubt it's something in the BIOS, or boot
order, because the old 2.x kernel has no trouble booting, even though it


IIRC the BIOS will try to boot from the first disc it finds.
If said disc is not bootable, it will complain without trying elsewhere.


can't read from the drive any more either.


--
Michael hennebry@web.cs.ndsu.NoDak.edu
"On Monday, I'm gonna have to tell my kindergarten class,
whom I teach not to run with scissors,
that my fiance ran me through with a broadsword." -- Lily
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 01-31-2012, 03:50 AM
Joe Zeff
 
Default Recovering forensic data from a failed boot

On 01/30/2012 04:27 PM, Michael Hennebry wrote:

IIRC the BIOS will try to boot from the first disc it finds.
If said disc is not bootable, it will complain without trying elsewhere.


The messages aren't from the BIOS, but come up during boot. If nothing
else, I don't know of any BIOS that would refer to "sdb."

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 06:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org