weblogic服务经常宕机，怀疑是JRockit的问题，那么如何跟踪问题了呢？
weblogic有如下建议：

Enabling Core Dumps

If you are using Red Hat Enterprise Linux AS/ES/WS 2.1 (32-bit) and want to ensure that a core/javacore file is created in the working directory in the event WebLogic JRockit crashes, you need to enable core dumps. To do this, set the ulimit -c value to something greater than zero, but no greater than a value your filesystem can accommodate; for example, ulimit -c 10000000. These values are measured in blocks, with each block equaling one kilobyte. You can set the ulimit value either from the command line, in the *.profile file, or in a shell script.

文章来源：http://edocs.bea.com/wljrockit/docs81/tunelnux/migrate.html#999818

redhat则有如下kbase:
http://kbase.redhat.com/faq/FAQ_52_2890.shtm

In Red Hat Enterprise Linux core file creation is disabled by default. This is done by the following ulimit command in /etc/profile:

ulimit -S -c 0 > /dev/null 2>1

There are a couple of ways to enable core file creation. The first is to replace the above ulimit command in /etc/profile with the following:

ulimit -S -c unlimited > /dev/null 2>1

This will allow all users to produce core files of unlimited size.

To disallow users of the system to be able to dump core files, configure the /etc/security/limits.conf file to allow only certain users or groups to create core files. For example, if all the members of the "devel" group are to be allowed to dump core files:

 
#<domain> <type> <item> <value>
@devel soft core <value> 

The <value> is the maximum block size of a core file. The /etc/security/limits.conf file is well documented with usage and options at the top of the file. Please note that for these settings to be honored, it is necessary to comment out the above mentioned ulimit command in the /etc/profile file as follows:

 
# No core files by default
# ulimit -S -c 0 > /dev/null 2>1

If this application is being started within its init script with the daemon command, edit the /etc/init.d/functions file to comment out or change this line:

ulimit -S -c 0 >/dev/null 2>1

With this setup, a core file from the application should result. If this does not then make sure that the application has the correct uid and that it does not use setuid to change uid when running. On Red Hat Enterprise Linux 3, use the following command to enable the dumping of setuid applications:

echo 1 > /proc/sys/kernel/core_setuid_ok

Alternatively, add the following call to the application source (in the C language):

prctl(PR_SET_DUMPABLE, 1);

By default, core files are created in the working directory of the faulting application. To override this and specify a location for the files, enter the following command (as root) replacing "/tmp" with the desired target directory:

echo "/tmp" > /proc/sys/kernel/core_pattern

我们一定要超越具体的发行版本（ linux要以不变应万变）

Controlling core files (Linux)

Author: TonyLawrence
Date: Mon Mar 14 13:53:36 2005
Subject: Controlling core files (Linux)

If you don't want core files at all, set "ulimit -c 0" in your startup files. That's the default on many systems; in /etc/profile you may find
 
ulimit -S -c 0 > /dev/null 2>&1 
 

If you DO want core files, you need to reset that in your own .bash_profile:

 
ulimit -c 50000 
 

would allow core files but limit them to 50,000 bytes.

You have more control of core files in /proc/sys/kernel/

For example, you can do eliminate the tagged on pid by

 
echo "0" > /proc/sys/kernel/core_uses_pid 
 

Core files will then just be named "core". People do things like that so that a user can choose to put a non-writable file named "core" in directories where they don't want to generate core dumps. That could be a directory (mkdir core) or a file (touch core;chmod 000 core). I've seen it suggested that a symlink named core would redirect the dump to wherever it pointed, but I found that didn't work.

But perhaps more interesting is that you can do:


mkdir /tmp/corefiles 
chmod 777 /tmp/corefiles 
echo "/tmp/corefiles/core" > /proc/sys/kernel/core_pattern 
 

All corefiles then get tossed to /tmp/corefiles (don't change core_uses_pid if you do this).

Test this with a simple script:

 
# script that dumps core 
kill -s SIGSEGV $$ 
 

But wait, there's more (if your kernel is new enough). From "man proc":


/proc/sys/kernel/core_pattern 
    This file (new in Linux 2.5) provides finer control over the
    form of a core filename than the obsolete
    /proc/sys/kernel/core_uses_pid file described below. The name
    for a core file is controlled by defining a template in
    /proc/sys/kernel/core_pattern. The template can contain %
    specifiers which are substituted by the following values when
    a core file is created: 
 
     
  %%  A single % character 
  %p  PID of dumped process 
  %u  real UID of dumped process 
  %g  real GID of dumped process 
  %s  number of signal causing dump 
  %t  time of dump (secs since 0:00h, 1 Jan 1970) 
  %h  hostname (same as the 'nodename'  
      returned by uname(2)) 
  %e  executable filename 
     
 
    A single % at the end of the template is dropped from the core
    filename, as is the combination of a % followed by any character
    other than those listed above. All other characters in the
    template become a literal part of the core filename. The maximum
    size of the resulting core filename is 64 bytes. The default
    value in this file is "core". For backward compatibility, if
    /proc/sys/kernel/core_pattern does not include "%p" and
    /proc/sys/kernel/core_uses_pid is non-zero, then .PID will be
    appended to the core filename. 
 
If you are running a Linux kernel that doesn't support this, you'll get no core files at all, which is also what happens if the directory in core_pattern doesn't exist or isn't writable by the user dumping core. So that's yet another way to not dump core for certain users: set core_pattern to a directory that they can't write to, and give write permission to the users who you do want to create core files.
文章来源：http://aplawrence.com/Linux/limit_core_files.html