From: Srinivasa Cherukuri (SCherukuri@yak.ca)
Date: Thu Oct 06 2005 - 13:40:48 EDT
Hello all
This is the excellent response I have received. The only intention of
posting the entire response is that it is looking very useful and some
one else may take the advantage.
Thanks Bill.
-----Original Message-----
From: Bill R. Williams [mailto:brw@etsu.edu]
Sent: Thursday, October 06, 2005 1:33 PM
To: Srinivasa Cherukuri
Subject: Re: URGENT PLEASE
Well, not good on sunmanagers, but I'll give you what hints I can. :-)
The reboot may have been as the result of Ctrl-Alt-Delete at the
console. (IOW: No one typed a command to reboot the machine.)
Use 'who -b' to see when (month day time) the system last booted.
I see nothing in the output of your 'last' which would indicate a
logged user; however, 'last' doesn't indicate every connection!
For example:
ssh someuser@yourhost
will show in the 'last' output, but ...
ssh someuser@yourhost 'uname -a'
will NOT be in the output!
So, if someone could do:
ssh root@yourhost '/sbin/reboot'
it will not show in 'last', nor will it be in ~root/.bash_history !
Look at /var/log/secure (or secure.1) to see who might have run
/sbin/{poweroff,halt,reboot} at the time the system went down.
Look at /var/log/dmesg *and* the 'dmesg | less' to see if there are
any suggestions of imminent failure. (Only /var/log/dmesg exists --
no dmesg.1, etc. and is only for the last/current boot.)
Also scan /var/log/messages* for signs of failure -- look for "panic"
and failing that check all "kernel" items.
It's possible that you have some intermittent hardware failure.
I'm not so sure about the net-snmp thing; I've never heard of it
causing such a thing. I'm not saying it can't or won't, just that
I've never heard of it.
Maybe this helps. Maybe not.
-- --------------------------------------------- Bill R. Williams <brw@etsu.edu> ------------------------ ETSU Library Systems On Thu, Oct 06, 2005 at 12:09:21PM -0400, Srinivasa Cherukuri wrote: > Hello all > > One of our servers (Linux ens1 2.4.21-32.ELsmp #1 SMP Fri Apr 15 > 21:17:59 EDT 2005 i686 i686 i386 GNU/Linux) has been rebooted on Tue. We > want to know exactly who typed the command reboot. Searched all the > related .bash_hisotry files and no clue. One of the team mates says it > is done by the system itself due to the installation of another version > of net-snmp due to a conflict with the existing net-snmp. The kind of > Linux which is on the server by default has net-snmp. Am I correct? > > (****) /home/***>last > ens pts/0 **.180.***.50 Tue Oct 4 12:10 - 15:02 (02:52) > > reboot system boot 2.4.21-32.ELsmp Tue Oct 4 09:33 > (2+01:31) > ens pts/1 .180.**.50 Mon Oct 3 18:38 - 19:34 (00:55) > > wtmp begins Sat Oct 1 12:56:08 2005 > > > I will summarize. Thanks in advance. _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:32:14 EDT