Logging and tracing tools collect vital information (i.e., log and trace data) related to a program running on a computing system. The collected information is initially written to a memory buffer, and subsequently recorded in a file on a persistent storage medium (e.g., hard disk). Utilities separate from the log and trace tools are used to analyze the log and trace data collected and recorded. When a system crash occurs, log and trace data is important for problem determination, but this data may not have been completely written out to persistent storage before the system crash occurred. Typically, the most important portions of log and trace data are those that are collected closest to the time of the crash, but those are also the portions that are most likely to be missing from the persistent storage files.
Conventional techniques attempting to address the retrieval of log or trace data stored in buffers in the event of a system crash include: kernel level debuggers, crash dump tools, and the Linux Kernel Messages Dump tool (kmsgdump). Kernel level debuggers are limited because they require a re-creation of the system problem, and are unable to record the contents of buffers automatically. Crash dump tools (e.g., Linux Kernel Crash Dump (LKCD) and In-memory core dump system for Linux) are limited by the time-consuming and inefficient dump of the entire system memory or large portions of memory when only a relatively small portion of memory includes the desired buffers. Further, undesirable development and maintenance costs are related to intelligence that must be built into either the crash dump tool or a separate utility that extracts the desired buffers from the dump. Additional development costs are involved because this intelligence must be customized for each log or trace tool. The kmsgdump tool extracts messages from the system at crash time and transfers them onto a floppy diskette, but costly customized, hardware-dependent code must be developed and maintained for each device.
Therefore, there is a need for an improved technique for extracting log and trace data from buffers in the event of a system crash.