From owner-freebsd-questions@FreeBSD.ORG Fri Sep 19 00:52:51 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 26FAE106566C for ; Fri, 19 Sep 2008 00:52:51 +0000 (UTC) (envelope-from gpeel@thenetnow.com) Received: from thenetnow.com (thenetnow.com [69.90.69.141]) by mx1.freebsd.org (Postfix) with ESMTP id F1A158FC08 for ; Fri, 19 Sep 2008 00:52:50 +0000 (UTC) (envelope-from gpeel@thenetnow.com) Received: from hpeel.ody.ca ([216.240.12.2] helo=GRANT) by constellation.thenetnow.com with esmtpa (Exim 4.63 (FreeBSD)) (envelope-from ) id 1KgUEo-0008p4-PT; Thu, 18 Sep 2008 20:52:46 -0400 Message-ID: From: "Grant Peel" To: "H.fazaeli" References: <48D1FEB0.6060903@infracaninophile.co.uk> <48D21FFE.5090109@sepehrs.com> Date: Thu, 18 Sep 2008 20:52:43 -0400 Organization: The Net Now MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.5512 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5579 X-Mailman-Approved-At: Fri, 19 Sep 2008 01:11:41 +0000 Cc: freebsd-questions@freebsd.org Subject: Re: Mystical Server Shutdown. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Grant Peel List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Sep 2008 00:52:51 -0000 Hi H, and Matt, and all, I had instigated all.log, and here is what happened at 04:08 EDT this morning...any clues you see here? ... Sep 18 04:04:08 defiant named[601]: unexpected RCODE (SERVFAIL) resolving 'examplewhole.com/NS/IN': 192.168.0.3#53 Sep 18 04:08:14 defiant syslogd: restart Sep 18 04:08:14 defiant syslogd: kernel boot file is /boot/kernel/kernel Sep 18 04:08:14 defiant kernel: Copyright (c) 1992-2007 The FreeBSD Project. ... Lastlog shows nothing of note... mssclien ftp bas7-london14-1 Thu Sep 18 08:58 - 09:04 (00:05) reboot ~ Thu Sep 18 04:08 ringette ftp CPE001310e9a482 Thu Sep 18 00:10 - 00:11 (00:00) -Grant ----- Original Message ----- From: "H.fazaeli" To: "Grant Peel" Cc: Sent: Thursday, September 18, 2008 5:31 AM Subject: Re: Mystical Server Shutdown. > > If you applied all the Matthew's suggestions and it is still a > mystery, and if server's shutdown is clean, look for a > a (buggy) user land process that sends SIGUSR2 signal > to init(1). > > > Matthew Seaman wrote: >> Grant Peel wrote: >>> Hi all, >>> >>> I started getting watchmouse errors about on pf my servers not >>> responding. There is a DRAC on the machine, and the sensor data was all >>> good. When I got the machine back up and running, I seen this in >>> lastlog: >>> >>> client1 ftp hostname1here Wed Sep 17 17:02 - shutdown >>> (00:46) >>> client2 ftp hostname2here Wed Sep 17 17:02 - shutdown >>> (00:46) >>> client2 ftp hostname2here Wed Sep 17 17:02 - shutdown >>> (00:46) >>> client3 ftp hostname3here Wed Sep 17 17:01 - 17:06 >>> (00:04) >>> >>> >>> Should I be worried about seeing 'shutdown' in an ftp line of last? >> >> That just means the ftp user was still logged in at the time the >> system shut down. >> >>> If not, how would you suggest I find the process or program that issued >>> the shutdown command? >> >> Read the system logs, basically. /var/log/messages or /var/log/all.log >> (if you've enabled it). The shutdown(8) command will always write >> syslog messages when invoked. halt(8) or reboot(8) will write a >> 'shutdown' >> record into wtmp (ie. look at 'last shutdown') but don't log anything >> to syslog. >> >> However, you're quite likely to find that there is nothing in the log >> or wtmp files to explain what happened. All this means is that the >> system went down suddenly -- perhaps power dropped out momentarily, or >> a thermal cutout tripped or the system panic'd for one of any number of >> reasons. You'ld be able to detect log file traces showing fsck(8) >> being run on the root f/s following any of those sort of unclean >> shutdowns, and if the system panic'd then you may well have a core dump >> sitting in /var/db/crash -- depends whether you've enabled that >> functionality or not. >> >> Cheers, >> >> Matthew >> > > -- > > > Best regards. > > Hooman Fazaeli > Sepehr S. T. Co. Ltd. > > Web: http://www.sepehrs.com > Tel: (9821)88975701-2 > Fax: (9821)88983352 > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >