Date: Thu, 18 Sep 2008 08:09:36 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Grant Peel <gpeel@thenetnow.com> Cc: freebsd-questions@freebsd.org Subject: Re: Mystical Server Shutdown. Message-ID: <48D1FEB0.6060903@infracaninophile.co.uk> In-Reply-To: <FD15F879D39E42B3BCF6CCD3F809571A@GRANT> References: <FD15F879D39E42B3BCF6CCD3F809571A@GRANT>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigAE5D79A99A3B14E7E92CD47A
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Grant Peel wrote:
> Hi all,
>=20
> I started getting watchmouse errors about on pf my servers not=20
> responding. There is a DRAC on the machine, and the sensor data was all=
=20
> good. When I got the machine back up and running, I seen this in lastlo=
g:
>=20
> client1 ftp hostname1here Wed Sep 17 17:02 - shutdown =20
> (00:46)
> client2 ftp hostname2here Wed Sep 17 17:02 - shutdown =20
> (00:46)
> client2 ftp hostname2here Wed Sep 17 17:02 - shutdown =20
> (00:46)
> client3 ftp hostname3here Wed Sep 17 17:01 - 17:06 (00:0=
4)
>=20
>=20
> Should I be worried about seeing 'shutdown' in an ftp line of last?
That just means the ftp user was still logged in at the time the
system shut down.
> If not, how would you suggest I find the process or program that issued=
=20
> the shutdown command?
Read the system logs, basically. /var/log/messages or /var/log/all.log
(if you've enabled it). The shutdown(8) command will always write
syslog messages when invoked. halt(8) or reboot(8) will write a 'shutdow=
n'
record into wtmp (ie. look at 'last shutdown') but don't log anything
to syslog.
However, you're quite likely to find that there is nothing in the log
or wtmp files to explain what happened. All this means is that the
system went down suddenly -- perhaps power dropped out momentarily, or
a thermal cutout tripped or the system panic'd for one of any number of=20
reasons. You'ld be able to detect log file traces showing fsck(8)
being run on the root f/s following any of those sort of unclean shutdown=
s, and if the system panic'd then you may well have a core dump sitting i=
n /var/db/crash -- depends whether you've enabled that functionality or n=
ot.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enigAE5D79A99A3B14E7E92CD47A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkjR/rYACgkQ8Mjk52CukIw8WgCfeltPYrlZNC2xJ6kKbGo+Z0dW
lUAAnRJ8rb1sfD9ahG5i2aSfDs4Xyn50
=bXpq
-----END PGP SIGNATURE-----
--------------enigAE5D79A99A3B14E7E92CD47A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48D1FEB0.6060903>