Hi H, and Matt, and all,

I had instigated all.log, and here is what happened at 04:08 EDT this morning...any clues you see here?


...
Sep 18 04:04:08 defiant named[601]: unexpected RCODE (SERVFAIL) resolving 'examplewhole.com/NS/IN': 192.168.0.3#53
Sep 18 04:08:14 defiant syslogd: restart
Sep 18 04:08:14 defiant syslogd: kernel boot file is /boot/kernel/kernel
Sep 18 04:08:14 defiant kernel: Copyright (c) 1992-2007 The FreeBSD Project.
...

Lastlog shows nothing of note...


mssclien         ftp      bas7-london14-1  Thu Sep 18 08:58 - 09:04  (00:05)
reboot           ~                         Thu Sep 18 04:08
ringette         ftp      CPE001310e9a482  Thu Sep 18 00:10 - 00:11  (00:00)

-Grant






----- Original Message ----- From: "H.fazaeli" <[EMAIL PROTECTED]>
To: "Grant Peel" <[EMAIL PROTECTED]>
Cc: <freebsd-questions@freebsd.org>
Sent: Thursday, September 18, 2008 5:31 AM
Subject: Re: Mystical Server Shutdown.



If you applied all the Matthew's suggestions and it is still a
mystery, and if server's shutdown is clean, look for a
a (buggy) user land process that sends SIGUSR2 signal
to init(1).


Matthew Seaman wrote:
Grant Peel wrote:
Hi all,

I started getting watchmouse errors about on pf my servers not responding. There is a DRAC on the machine, and the sensor data was all good. When I got the machine back up and running, I seen this in lastlog:

client1 ftp hostname1here Wed Sep 17 17:02 - shutdown (00:46) client2 ftp hostname2here Wed Sep 17 17:02 - shutdown (00:46) client2 ftp hostname2here Wed Sep 17 17:02 - shutdown (00:46) client3 ftp hostname3here Wed Sep 17 17:01 - 17:06 (00:04)


Should I be worried about seeing 'shutdown' in an ftp line of last?

That just means the ftp user was still logged in at the time the
system shut down.

If not, how would you suggest I find the process or program that issued the shutdown command?

Read the system logs, basically.  /var/log/messages or /var/log/all.log
(if you've enabled it).  The shutdown(8) command will always write
syslog messages when invoked. halt(8) or reboot(8) will write a 'shutdown'
record into wtmp (ie. look at 'last shutdown') but don't log anything
to syslog.

However, you're quite likely to find that there is nothing in the log
or wtmp files to explain what happened.  All this means is that the
system went down suddenly -- perhaps power dropped out momentarily, or
a thermal cutout tripped or the system panic'd for one of any number of reasons. You'ld be able to detect log file traces showing fsck(8) being run on the root f/s following any of those sort of unclean shutdowns, and if the system panic'd then you may well have a core dump sitting in /var/db/crash -- depends whether you've enabled that functionality or not.

    Cheers,

    Matthew


--


Best regards.

Hooman Fazaeli <[EMAIL PROTECTED]>
Sepehr S. T. Co. Ltd.

Web: http://www.sepehrs.com
Tel: (9821)88975701-2
Fax: (9821)88983352




_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"



_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to