Core dump files found for Palo Alto Networks


Palo Alto Networks


A core dump is created when a process crashes. Indeni will alert when a core dump file is created.

Remediation Steps

The list of core dumps is retrieved by logging into the shell over SSH and retrieving the details of files found in /var/log/dump/usermode/, /var/tmp/*core* or /var/crash. Investigate the core dump files. If the issue is not clear, open up a case with vendor support and send them the file.

How does this work?

This script logs into the Palo Alto Networks firewall through SSH and retrieves the list of system files on the device. In that list, it searches for the core dumps.

Why is this important?

Knowing if a critical process created a core dump is important. A core dump usually occurs when a process crashes, indicating an unexpected behavior. This can result in service disruption without a clear reason why - the user experience would be that sometimes "things don't work".

Without Indeni how would you find this?

A user would wait for "weird experiences" and open a support ticket with TAC. The TAC support engineer may direct the user to look at the core dumps.

View Source Code