Date: Thu, 18 Sep 2008 20:52:43 -0400 From: "Grant Peel" <gpeel@thenetnow.com> To: "H.fazaeli" <fazaeli@sepehrs.com> Cc: freebsd-questions@freebsd.org Subject: Re: Mystical Server Shutdown. Message-ID: <F671E70CF3E14D9481428BD9AA6BBAF3@GRANT> References: <FD15F879D39E42B3BCF6CCD3F809571A@GRANT><48D1FEB0.6060903@infracaninophile.co.uk> <48D21FFE.5090109@sepehrs.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi H, and Matt, and all, I had instigated all.log, and here is what happened at 04:08 EDT this morning...any clues you see here? ... Sep 18 04:04:08 defiant named[601]: unexpected RCODE (SERVFAIL) resolving 'examplewhole.com/NS/IN': 192.168.0.3#53 Sep 18 04:08:14 defiant syslogd: restart Sep 18 04:08:14 defiant syslogd: kernel boot file is /boot/kernel/kernel Sep 18 04:08:14 defiant kernel: Copyright (c) 1992-2007 The FreeBSD Project. ... Lastlog shows nothing of note... mssclien ftp bas7-london14-1 Thu Sep 18 08:58 - 09:04 (00:05) reboot ~ Thu Sep 18 04:08 ringette ftp CPE001310e9a482 Thu Sep 18 00:10 - 00:11 (00:00) -Grant ----- Original Message ----- From: "H.fazaeli" <fazaeli@sepehrs.com> To: "Grant Peel" <gpeel@thenetnow.com> Cc: <freebsd-questions@freebsd.org> Sent: Thursday, September 18, 2008 5:31 AM Subject: Re: Mystical Server Shutdown. > > If you applied all the Matthew's suggestions and it is still a > mystery, and if server's shutdown is clean, look for a > a (buggy) user land process that sends SIGUSR2 signal > to init(1). > > > Matthew Seaman wrote: >> Grant Peel wrote: >>> Hi all, >>> >>> I started getting watchmouse errors about on pf my servers not >>> responding. There is a DRAC on the machine, and the sensor data was all >>> good. When I got the machine back up and running, I seen this in >>> lastlog: >>> >>> client1 ftp hostname1here Wed Sep 17 17:02 - shutdown >>> (00:46) >>> client2 ftp hostname2here Wed Sep 17 17:02 - shutdown >>> (00:46) >>> client2 ftp hostname2here Wed Sep 17 17:02 - shutdown >>> (00:46) >>> client3 ftp hostname3here Wed Sep 17 17:01 - 17:06 >>> (00:04) >>> >>> >>> Should I be worried about seeing 'shutdown' in an ftp line of last? >> >> That just means the ftp user was still logged in at the time the >> system shut down. >> >>> If not, how would you suggest I find the process or program that issued >>> the shutdown command? >> >> Read the system logs, basically. /var/log/messages or /var/log/all.log >> (if you've enabled it). The shutdown(8) command will always write >> syslog messages when invoked. halt(8) or reboot(8) will write a >> 'shutdown' >> record into wtmp (ie. look at 'last shutdown') but don't log anything >> to syslog. >> >> However, you're quite likely to find that there is nothing in the log >> or wtmp files to explain what happened. All this means is that the >> system went down suddenly -- perhaps power dropped out momentarily, or >> a thermal cutout tripped or the system panic'd for one of any number of >> reasons. You'ld be able to detect log file traces showing fsck(8) >> being run on the root f/s following any of those sort of unclean >> shutdowns, and if the system panic'd then you may well have a core dump >> sitting in /var/db/crash -- depends whether you've enabled that >> functionality or not. >> >> Cheers, >> >> Matthew >> > > -- > > > Best regards. > > Hooman Fazaeli <hf@sepehrs.com> > Sepehr S. T. Co. Ltd. > > Web: http://www.sepehrs.com > Tel: (9821)88975701-2 > Fax: (9821)88983352 > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F671E70CF3E14D9481428BD9AA6BBAF3>