Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Red Hat Linux (http://www.linux-archive.org/red-hat-linux/)
-   -   how to check if shutdown/halt has been executed (http://www.linux-archive.org/red-hat-linux/448477-how-check-if-shutdown-halt-has-been-executed.html)

ESGLinux 11-05-2010 08:05 AM

how to check if shutdown/halt has been executed
 
Hi All,

I have arrived today at work and I have found a RHEL 5 server poweroff.

I want to know what has happened. So, I first want to know if someone has
executed shutdown/halt/poweroff or any other command that can power off the
machine,

I have checked the messages file but I cant see nothing:

Nov 4 12:24:34 www smartd[2097]: In the system's table of devices NO
devices found to scan
Nov 4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI devices
Nov 4 12:24:34 www smartd[2099]: smartd has fork()ed into background mode.
New PID=2099.
Nov 5 09:20:01 www syslogd 1.4.1: restart.
Nov 5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg started.

at 09:20 I restart the machine.

With the sar command I see this:

06:40:02 AM all 0.10 0.00 0.08 0.48 0.01
99.33
06:50:01 AM all 0.11 0.00 0.07 0.36 0.01
99.45
07:00:01 AM all 0.13 0.00 0.07 0.80 0.01
98.98
Average: all 0.12 0.00 0.07 0.80 0.01
98.99

09:19:48 AM LINUX RESTART

09:30:01 AM CPU %user %nice %system %iowait %steal
%idle
09:40:01 AM all 0.60 0.00 0.11 5.57 0.01
93.71

So between 07:00 and 07:10 the system goes down, but WHY???

with the ausearch command I get this:

----
time->Fri Nov 5 07:01:01 2010
type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
auid=4294967295 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond"
(hostname=?, addr=?, terminal=cron res=success)'
----
time->Fri Nov 5 07:01:01 2010
type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
auid=4294967295 new auid=0
----
time->Fri Nov 5 07:01:01 2010
type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0 auid=0
msg='PAM: session open acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
----
time->Fri Nov 5 07:01:01 2010
type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0 auid=0
msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
terminal=cron res=success)'
----
time->Fri Nov 5 07:01:01 2010
type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0 auid=0
msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?,
addr=?, terminal=cron res=success)'
----
time->Fri Nov 5 09:20:00 2010
type=DAEMON_START msg=audit(1288945200.613:9651): auditd start, ver=1.7.17
format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
----

If the systems goes down because of power failure or something strange, is
there any way to check it?

Thanks in advance

ESG
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Dennis Comeaux 11-11-2010 02:00 PM

how to check if shutdown/halt has been executed
 
Have you tried /var/log/messages? I have notes in there about Kernel
logging stopping when it goes down. If someone just gave the machine the
finger (hit the power button and held it down so it went down without an
ACPI poweroff call), then you won't have anything. I think it may also be
recorded in /var/log/daemon.log on some installs. However WHO requested it
may or may not be.

On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com> wrote:

> Hi All,
>
> I have arrived today at work and I have found a RHEL 5 server poweroff.
>
> I want to know what has happened. So, I first want to know if someone has
> executed shutdown/halt/poweroff or any other command that can power off the
> machine,
>
> I have checked the messages file but I cant see nothing:
>
> Nov 4 12:24:34 www smartd[2097]: In the system's table of devices NO
> devices found to scan
> Nov 4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI devices
> Nov 4 12:24:34 www smartd[2099]: smartd has fork()ed into background mode.
> New PID=2099.
> Nov 5 09:20:01 www syslogd 1.4.1: restart.
> Nov 5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg started.
>
> at 09:20 I restart the machine.
>
> With the sar command I see this:
>
> 06:40:02 AM all 0.10 0.00 0.08 0.48 0.01
> 99.33
> 06:50:01 AM all 0.11 0.00 0.07 0.36 0.01
> 99.45
> 07:00:01 AM all 0.13 0.00 0.07 0.80 0.01
> 98.98
> Average: all 0.12 0.00 0.07 0.80 0.01
> 98.99
>
> 09:19:48 AM LINUX RESTART
>
> 09:30:01 AM CPU %user %nice %system %iowait %steal
> %idle
> 09:40:01 AM all 0.60 0.00 0.11 5.57 0.01
> 93.71
>
> So between 07:00 and 07:10 the system goes down, but WHY???
>
> with the ausearch command I get this:
>
> ----
> time->Fri Nov 5 07:01:01 2010
> type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
> auid=4294967295 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond"
> (hostname=?, addr=?, terminal=cron res=success)'
> ----
> time->Fri Nov 5 07:01:01 2010
> type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
> auid=4294967295 new auid=0
> ----
> time->Fri Nov 5 07:01:01 2010
> type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0 auid=0
> msg='PAM: session open acct="root" : exe="/usr/sbin/crond" (hostname=?,
> addr=?, terminal=cron res=success)'
> ----
> time->Fri Nov 5 07:01:01 2010
> type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0 auid=0
> msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?, addr=?,
> terminal=cron res=success)'
> ----
> time->Fri Nov 5 07:01:01 2010
> type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0 auid=0
> msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?,
> addr=?, terminal=cron res=success)'
> ----
> time->Fri Nov 5 09:20:00 2010
> type=DAEMON_START msg=audit(1288945200.613:9651): auditd start, ver=1.7.17
> format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
> ----
>
> If the systems goes down because of power failure or something strange, is
> there any way to check it?
>
> Thanks in advance
>
> ESG
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>



--
"il n'y a pas de liberté s'il y a dépendance"
--Theobalt
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

ESGLinux 11-12-2010 09:27 AM

how to check if shutdown/halt has been executed
 
Hi,

I think something put the finger in the power, because I don´t get any log
in messages or other file.

Now I´m going to investigate who has made that without telling nothing :-(((

Thanks

ESG

2010/11/11 Dennis Comeaux <dennis.comeaux@gmail.com>

> Have you tried /var/log/messages? I have notes in there about Kernel
> logging stopping when it goes down. If someone just gave the machine the
> finger (hit the power button and held it down so it went down without an
> ACPI poweroff call), then you won't have anything. I think it may also be
> recorded in /var/log/daemon.log on some installs. However WHO requested it
> may or may not be.
>
> On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com> wrote:
>
> > Hi All,
> >
> > I have arrived today at work and I have found a RHEL 5 server poweroff.
> >
> > I want to know what has happened. So, I first want to know if someone has
> > executed shutdown/halt/poweroff or any other command that can power off
> the
> > machine,
> >
> > I have checked the messages file but I cant see nothing:
> >
> > Nov 4 12:24:34 www smartd[2097]: In the system's table of devices NO
> > devices found to scan
> > Nov 4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI devices
> > Nov 4 12:24:34 www smartd[2099]: smartd has fork()ed into background
> mode.
> > New PID=2099.
> > Nov 5 09:20:01 www syslogd 1.4.1: restart.
> > Nov 5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg started.
> >
> > at 09:20 I restart the machine.
> >
> > With the sar command I see this:
> >
> > 06:40:02 AM all 0.10 0.00 0.08 0.48 0.01
> > 99.33
> > 06:50:01 AM all 0.11 0.00 0.07 0.36 0.01
> > 99.45
> > 07:00:01 AM all 0.13 0.00 0.07 0.80 0.01
> > 98.98
> > Average: all 0.12 0.00 0.07 0.80 0.01
> > 98.99
> >
> > 09:19:48 AM LINUX RESTART
> >
> > 09:30:01 AM CPU %user %nice %system %iowait %steal
> > %idle
> > 09:40:01 AM all 0.60 0.00 0.11 5.57 0.01
> > 93.71
> >
> > So between 07:00 and 07:10 the system goes down, but WHY???
> >
> > with the ausearch command I get this:
> >
> > ----
> > time->Fri Nov 5 07:01:01 2010
> > type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
> > auid=4294967295 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond"
> > (hostname=?, addr=?, terminal=cron res=success)'
> > ----
> > time->Fri Nov 5 07:01:01 2010
> > type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
> > auid=4294967295 new auid=0
> > ----
> > time->Fri Nov 5 07:01:01 2010
> > type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0
> auid=0
> > msg='PAM: session open acct="root" : exe="/usr/sbin/crond" (hostname=?,
> > addr=?, terminal=cron res=success)'
> > ----
> > time->Fri Nov 5 07:01:01 2010
> > type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0 auid=0
> > msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
> addr=?,
> > terminal=cron res=success)'
> > ----
> > time->Fri Nov 5 07:01:01 2010
> > type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0 auid=0
> > msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?,
> > addr=?, terminal=cron res=success)'
> > ----
> > time->Fri Nov 5 09:20:00 2010
> > type=DAEMON_START msg=audit(1288945200.613:9651): auditd start,
> ver=1.7.17
> > format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
> > ----
> >
> > If the systems goes down because of power failure or something strange,
> is
> > there any way to check it?
> >
> > Thanks in advance
> >
> > ESG
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
>
>
>
> --
> "il n'y a pas de liberté s'il y a dépendance"
> --Theobalt
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

hike 11-12-2010 09:41 AM

how to check if shutdown/halt has been executed
 
isn't the last command still available in RHEL?


On Fri, Nov 12, 2010 at 5:27 AM, ESGLinux <esggrupos@gmail.com> wrote:

> Hi,
>
> I think something put the finger in the power, because I don´t get any log
> in messages or other file.
>
> Now I´m going to investigate who has made that without telling nothing
> :-(((
>
> Thanks
>
> ESG
>
> 2010/11/11 Dennis Comeaux <dennis.comeaux@gmail.com>
>
> > Have you tried /var/log/messages? I have notes in there about Kernel
> > logging stopping when it goes down. If someone just gave the machine the
> > finger (hit the power button and held it down so it went down without an
> > ACPI poweroff call), then you won't have anything. I think it may also
> be
> > recorded in /var/log/daemon.log on some installs. However WHO requested
> it
> > may or may not be.
> >
> > On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com> wrote:
> >
> > > Hi All,
> > >
> > > I have arrived today at work and I have found a RHEL 5 server poweroff.
> > >
> > > I want to know what has happened. So, I first want to know if someone
> has
> > > executed shutdown/halt/poweroff or any other command that can power off
> > the
> > > machine,
> > >
> > > I have checked the messages file but I cant see nothing:
> > >
> > > Nov 4 12:24:34 www smartd[2097]: In the system's table of devices NO
> > > devices found to scan
> > > Nov 4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI devices
> > > Nov 4 12:24:34 www smartd[2099]: smartd has fork()ed into background
> > mode.
> > > New PID=2099.
> > > Nov 5 09:20:01 www syslogd 1.4.1: restart.
> > > Nov 5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg
> started.
> > >
> > > at 09:20 I restart the machine.
> > >
> > > With the sar command I see this:
> > >
> > > 06:40:02 AM all 0.10 0.00 0.08 0.48 0.01
> > > 99.33
> > > 06:50:01 AM all 0.11 0.00 0.07 0.36 0.01
> > > 99.45
> > > 07:00:01 AM all 0.13 0.00 0.07 0.80 0.01
> > > 98.98
> > > Average: all 0.12 0.00 0.07 0.80 0.01
> > > 98.99
> > >
> > > 09:19:48 AM LINUX RESTART
> > >
> > > 09:30:01 AM CPU %user %nice %system %iowait %steal
> > > %idle
> > > 09:40:01 AM all 0.60 0.00 0.11 5.57 0.01
> > > 93.71
> > >
> > > So between 07:00 and 07:10 the system goes down, but WHY???
> > >
> > > with the ausearch command I get this:
> > >
> > > ----
> > > time->Fri Nov 5 07:01:01 2010
> > > type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
> > > auid=4294967295 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond"
> > > (hostname=?, addr=?, terminal=cron res=success)'
> > > ----
> > > time->Fri Nov 5 07:01:01 2010
> > > type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
> > > auid=4294967295 new auid=0
> > > ----
> > > time->Fri Nov 5 07:01:01 2010
> > > type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0
> > auid=0
> > > msg='PAM: session open acct="root" : exe="/usr/sbin/crond" (hostname=?,
> > > addr=?, terminal=cron res=success)'
> > > ----
> > > time->Fri Nov 5 07:01:01 2010
> > > type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0
> auid=0
> > > msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
> > addr=?,
> > > terminal=cron res=success)'
> > > ----
> > > time->Fri Nov 5 07:01:01 2010
> > > type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0
> auid=0
> > > msg='PAM: session close acct="root" : exe="/usr/sbin/crond"
> (hostname=?,
> > > addr=?, terminal=cron res=success)'
> > > ----
> > > time->Fri Nov 5 09:20:00 2010
> > > type=DAEMON_START msg=audit(1288945200.613:9651): auditd start,
> > ver=1.7.17
> > > format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
> > > ----
> > >
> > > If the systems goes down because of power failure or something strange,
> > is
> > > there any way to check it?
> > >
> > > Thanks in advance
> > >
> > > ESG
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> >
> >
> >
> > --
> > "il n'y a pas de liberté s'il y a dépendance"
> > --Theobalt
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

ESGLinux 11-12-2010 12:24 PM

how to check if shutdown/halt has been executed
 
yes it´s avaliable but I don´t see anything about the shutdown :-(

Greetings,

ESG

2010/11/12 hike <mh1272@gmail.com>

> isn't the last command still available in RHEL?
>
>
> On Fri, Nov 12, 2010 at 5:27 AM, ESGLinux <esggrupos@gmail.com> wrote:
>
> > Hi,
> >
> > I think something put the finger in the power, because I don´t get any
> log
> > in messages or other file.
> >
> > Now I´m going to investigate who has made that without telling nothing
> > :-(((
> >
> > Thanks
> >
> > ESG
> >
> > 2010/11/11 Dennis Comeaux <dennis.comeaux@gmail.com>
> >
> > > Have you tried /var/log/messages? I have notes in there about Kernel
> > > logging stopping when it goes down. If someone just gave the machine
> the
> > > finger (hit the power button and held it down so it went down without
> an
> > > ACPI poweroff call), then you won't have anything. I think it may also
> > be
> > > recorded in /var/log/daemon.log on some installs. However WHO
> requested
> > it
> > > may or may not be.
> > >
> > > On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com> wrote:
> > >
> > > > Hi All,
> > > >
> > > > I have arrived today at work and I have found a RHEL 5 server
> poweroff.
> > > >
> > > > I want to know what has happened. So, I first want to know if someone
> > has
> > > > executed shutdown/halt/poweroff or any other command that can power
> off
> > > the
> > > > machine,
> > > >
> > > > I have checked the messages file but I cant see nothing:
> > > >
> > > > Nov 4 12:24:34 www smartd[2097]: In the system's table of devices NO
> > > > devices found to scan
> > > > Nov 4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI devices
> > > > Nov 4 12:24:34 www smartd[2099]: smartd has fork()ed into background
> > > mode.
> > > > New PID=2099.
> > > > Nov 5 09:20:01 www syslogd 1.4.1: restart.
> > > > Nov 5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg
> > started.
> > > >
> > > > at 09:20 I restart the machine.
> > > >
> > > > With the sar command I see this:
> > > >
> > > > 06:40:02 AM all 0.10 0.00 0.08 0.48
> 0.01
> > > > 99.33
> > > > 06:50:01 AM all 0.11 0.00 0.07 0.36
> 0.01
> > > > 99.45
> > > > 07:00:01 AM all 0.13 0.00 0.07 0.80
> 0.01
> > > > 98.98
> > > > Average: all 0.12 0.00 0.07 0.80
> 0.01
> > > > 98.99
> > > >
> > > > 09:19:48 AM LINUX RESTART
> > > >
> > > > 09:30:01 AM CPU %user %nice %system %iowait
> %steal
> > > > %idle
> > > > 09:40:01 AM all 0.60 0.00 0.11 5.57
> 0.01
> > > > 93.71
> > > >
> > > > So between 07:00 and 07:10 the system goes down, but WHY???
> > > >
> > > > with the ausearch command I get this:
> > > >
> > > > ----
> > > > time->Fri Nov 5 07:01:01 2010
> > > > type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
> > > > auid=4294967295 msg='PAM: setcred acct="root" : exe="/usr/sbin/crond"
> > > > (hostname=?, addr=?, terminal=cron res=success)'
> > > > ----
> > > > time->Fri Nov 5 07:01:01 2010
> > > > type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
> > > > auid=4294967295 new auid=0
> > > > ----
> > > > time->Fri Nov 5 07:01:01 2010
> > > > type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0
> > > auid=0
> > > > msg='PAM: session open acct="root" : exe="/usr/sbin/crond"
> (hostname=?,
> > > > addr=?, terminal=cron res=success)'
> > > > ----
> > > > time->Fri Nov 5 07:01:01 2010
> > > > type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0
> > auid=0
> > > > msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
> > > addr=?,
> > > > terminal=cron res=success)'
> > > > ----
> > > > time->Fri Nov 5 07:01:01 2010
> > > > type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0
> > auid=0
> > > > msg='PAM: session close acct="root" : exe="/usr/sbin/crond"
> > (hostname=?,
> > > > addr=?, terminal=cron res=success)'
> > > > ----
> > > > time->Fri Nov 5 09:20:00 2010
> > > > type=DAEMON_START msg=audit(1288945200.613:9651): auditd start,
> > > ver=1.7.17
> > > > format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
> > > > ----
> > > >
> > > > If the systems goes down because of power failure or something
> strange,
> > > is
> > > > there any way to check it?
> > > >
> > > > Thanks in advance
> > > >
> > > > ESG
> > > > --
> > > > redhat-list mailing list
> > > > unsubscribe mailto:redhat-list-request@redhat.com
> ?subject=unsubscribe
> > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > >
> > >
> > >
> > >
> > > --
> > > "il n'y a pas de liberté s'il y a dépendance"
> > > --Theobalt
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

hike 11-12-2010 11:18 PM

how to check if shutdown/halt has been executed
 
the UNIX last command lists reboots and shutdowns from the command line.
the RHEL last should do the same thing (IIRC, it does but we rarely use last
on linux boxes).
if it doesn't list anything, that means the shutdown/reboot was not caused
by a command such as shutdown or reboot. this indicates a spontaneous
shutdown caused by any number of things--power outage, drastic software or
hardware problems, etc.
this is what you asked for, isn't it.



On Fri, Nov 12, 2010 at 8:24 AM, ESGLinux <esggrupos@gmail.com> wrote:

> yes it´s avaliable but I don´t see anything about the shutdown :-(
>
> Greetings,
>
> ESG
>
> 2010/11/12 hike <mh1272@gmail.com>
>
> > isn't the last command still available in RHEL?
> >
> >
> > On Fri, Nov 12, 2010 at 5:27 AM, ESGLinux <esggrupos@gmail.com> wrote:
> >
> > > Hi,
> > >
> > > I think something put the finger in the power, because I don´t get any
> > log
> > > in messages or other file.
> > >
> > > Now I´m going to investigate who has made that without telling nothing
> > > :-(((
> > >
> > > Thanks
> > >
> > > ESG
> > >
> > > 2010/11/11 Dennis Comeaux <dennis.comeaux@gmail.com>
> > >
> > > > Have you tried /var/log/messages? I have notes in there about Kernel
> > > > logging stopping when it goes down. If someone just gave the machine
> > the
> > > > finger (hit the power button and held it down so it went down without
> > an
> > > > ACPI poweroff call), then you won't have anything. I think it may
> also
> > > be
> > > > recorded in /var/log/daemon.log on some installs. However WHO
> > requested
> > > it
> > > > may or may not be.
> > > >
> > > > On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com>
> wrote:
> > > >
> > > > > Hi All,
> > > > >
> > > > > I have arrived today at work and I have found a RHEL 5 server
> > poweroff.
> > > > >
> > > > > I want to know what has happened. So, I first want to know if
> someone
> > > has
> > > > > executed shutdown/halt/poweroff or any other command that can power
> > off
> > > > the
> > > > > machine,
> > > > >
> > > > > I have checked the messages file but I cant see nothing:
> > > > >
> > > > > Nov 4 12:24:34 www smartd[2097]: In the system's table of devices
> NO
> > > > > devices found to scan
> > > > > Nov 4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI
> devices
> > > > > Nov 4 12:24:34 www smartd[2099]: smartd has fork()ed into
> background
> > > > mode.
> > > > > New PID=2099.
> > > > > Nov 5 09:20:01 www syslogd 1.4.1: restart.
> > > > > Nov 5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg
> > > started.
> > > > >
> > > > > at 09:20 I restart the machine.
> > > > >
> > > > > With the sar command I see this:
> > > > >
> > > > > 06:40:02 AM all 0.10 0.00 0.08 0.48
> > 0.01
> > > > > 99.33
> > > > > 06:50:01 AM all 0.11 0.00 0.07 0.36
> > 0.01
> > > > > 99.45
> > > > > 07:00:01 AM all 0.13 0.00 0.07 0.80
> > 0.01
> > > > > 98.98
> > > > > Average: all 0.12 0.00 0.07 0.80
> > 0.01
> > > > > 98.99
> > > > >
> > > > > 09:19:48 AM LINUX RESTART
> > > > >
> > > > > 09:30:01 AM CPU %user %nice %system %iowait
> > %steal
> > > > > %idle
> > > > > 09:40:01 AM all 0.60 0.00 0.11 5.57
> > 0.01
> > > > > 93.71
> > > > >
> > > > > So between 07:00 and 07:10 the system goes down, but WHY???
> > > > >
> > > > > with the ausearch command I get this:
> > > > >
> > > > > ----
> > > > > time->Fri Nov 5 07:01:01 2010
> > > > > type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
> > > > > auid=4294967295 msg='PAM: setcred acct="root" :
> exe="/usr/sbin/crond"
> > > > > (hostname=?, addr=?, terminal=cron res=success)'
> > > > > ----
> > > > > time->Fri Nov 5 07:01:01 2010
> > > > > type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
> > > > > auid=4294967295 new auid=0
> > > > > ----
> > > > > time->Fri Nov 5 07:01:01 2010
> > > > > type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0
> > > > auid=0
> > > > > msg='PAM: session open acct="root" : exe="/usr/sbin/crond"
> > (hostname=?,
> > > > > addr=?, terminal=cron res=success)'
> > > > > ----
> > > > > time->Fri Nov 5 07:01:01 2010
> > > > > type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0
> > > auid=0
> > > > > msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
> > > > addr=?,
> > > > > terminal=cron res=success)'
> > > > > ----
> > > > > time->Fri Nov 5 07:01:01 2010
> > > > > type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0
> > > auid=0
> > > > > msg='PAM: session close acct="root" : exe="/usr/sbin/crond"
> > > (hostname=?,
> > > > > addr=?, terminal=cron res=success)'
> > > > > ----
> > > > > time->Fri Nov 5 09:20:00 2010
> > > > > type=DAEMON_START msg=audit(1288945200.613:9651): auditd start,
> > > > ver=1.7.17
> > > > > format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
> > > > > ----
> > > > >
> > > > > If the systems goes down because of power failure or something
> > strange,
> > > > is
> > > > > there any way to check it?
> > > > >
> > > > > Thanks in advance
> > > > >
> > > > > ESG
> > > > > --
> > > > > redhat-list mailing list
> > > > > unsubscribe mailto:redhat-list-request@redhat.com
> > ?subject=unsubscribe
> > > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > "il n'y a pas de liberté s'il y a dépendance"
> > > > --Theobalt
> > > > --
> > > > redhat-list mailing list
> > > > unsubscribe mailto:redhat-list-request@redhat.com
> ?subject=unsubscribe
> > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

ESGLinux 11-15-2010 06:52 AM

how to check if shutdown/halt has been executed
 
Hi,

Yes that was my question,.

Now I´m totally sure that anybody rebooted the system. I´m looking for a
power problem,

Thanks a lot for your help,.

ESG

2010/11/13 hike <mh1272@gmail.com>

> the UNIX last command lists reboots and shutdowns from the command line.
> the RHEL last should do the same thing (IIRC, it does but we rarely use
> last
> on linux boxes).
> if it doesn't list anything, that means the shutdown/reboot was not caused
> by a command such as shutdown or reboot. this indicates a spontaneous
> shutdown caused by any number of things--power outage, drastic software or
> hardware problems, etc.
> this is what you asked for, isn't it.
>
>
>
> On Fri, Nov 12, 2010 at 8:24 AM, ESGLinux <esggrupos@gmail.com> wrote:
>
> > yes it´s avaliable but I don´t see anything about the shutdown :-(
> >
> > Greetings,
> >
> > ESG
> >
> > 2010/11/12 hike <mh1272@gmail.com>
> >
> > > isn't the last command still available in RHEL?
> > >
> > >
> > > On Fri, Nov 12, 2010 at 5:27 AM, ESGLinux <esggrupos@gmail.com> wrote:
> > >
> > > > Hi,
> > > >
> > > > I think something put the finger in the power, because I don´t get
> any
> > > log
> > > > in messages or other file.
> > > >
> > > > Now I´m going to investigate who has made that without telling
> nothing
> > > > :-(((
> > > >
> > > > Thanks
> > > >
> > > > ESG
> > > >
> > > > 2010/11/11 Dennis Comeaux <dennis.comeaux@gmail.com>
> > > >
> > > > > Have you tried /var/log/messages? I have notes in there about
> Kernel
> > > > > logging stopping when it goes down. If someone just gave the
> machine
> > > the
> > > > > finger (hit the power button and held it down so it went down
> without
> > > an
> > > > > ACPI poweroff call), then you won't have anything. I think it may
> > also
> > > > be
> > > > > recorded in /var/log/daemon.log on some installs. However WHO
> > > requested
> > > > it
> > > > > may or may not be.
> > > > >
> > > > > On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com>
> > wrote:
> > > > >
> > > > > > Hi All,
> > > > > >
> > > > > > I have arrived today at work and I have found a RHEL 5 server
> > > poweroff.
> > > > > >
> > > > > > I want to know what has happened. So, I first want to know if
> > someone
> > > > has
> > > > > > executed shutdown/halt/poweroff or any other command that can
> power
> > > off
> > > > > the
> > > > > > machine,
> > > > > >
> > > > > > I have checked the messages file but I cant see nothing:
> > > > > >
> > > > > > Nov 4 12:24:34 www smartd[2097]: In the system's table of
> devices
> > NO
> > > > > > devices found to scan
> > > > > > Nov 4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI
> > devices
> > > > > > Nov 4 12:24:34 www smartd[2099]: smartd has fork()ed into
> > background
> > > > > mode.
> > > > > > New PID=2099.
> > > > > > Nov 5 09:20:01 www syslogd 1.4.1: restart.
> > > > > > Nov 5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg
> > > > started.
> > > > > >
> > > > > > at 09:20 I restart the machine.
> > > > > >
> > > > > > With the sar command I see this:
> > > > > >
> > > > > > 06:40:02 AM all 0.10 0.00 0.08 0.48
> > > 0.01
> > > > > > 99.33
> > > > > > 06:50:01 AM all 0.11 0.00 0.07 0.36
> > > 0.01
> > > > > > 99.45
> > > > > > 07:00:01 AM all 0.13 0.00 0.07 0.80
> > > 0.01
> > > > > > 98.98
> > > > > > Average: all 0.12 0.00 0.07 0.80
> > > 0.01
> > > > > > 98.99
> > > > > >
> > > > > > 09:19:48 AM LINUX RESTART
> > > > > >
> > > > > > 09:30:01 AM CPU %user %nice %system %iowait
> > > %steal
> > > > > > %idle
> > > > > > 09:40:01 AM all 0.60 0.00 0.11 5.57
> > > 0.01
> > > > > > 93.71
> > > > > >
> > > > > > So between 07:00 and 07:10 the system goes down, but WHY???
> > > > > >
> > > > > > with the ausearch command I get this:
> > > > > >
> > > > > > ----
> > > > > > time->Fri Nov 5 07:01:01 2010
> > > > > > type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
> > > > > > auid=4294967295 msg='PAM: setcred acct="root" :
> > exe="/usr/sbin/crond"
> > > > > > (hostname=?, addr=?, terminal=cron res=success)'
> > > > > > ----
> > > > > > time->Fri Nov 5 07:01:01 2010
> > > > > > type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0
> old
> > > > > > auid=4294967295 new auid=0
> > > > > > ----
> > > > > > time->Fri Nov 5 07:01:01 2010
> > > > > > type=USER_START msg=audit(1288936861.720:3709): user pid=9601
> uid=0
> > > > > auid=0
> > > > > > msg='PAM: session open acct="root" : exe="/usr/sbin/crond"
> > > (hostname=?,
> > > > > > addr=?, terminal=cron res=success)'
> > > > > > ----
> > > > > > time->Fri Nov 5 07:01:01 2010
> > > > > > type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601
> uid=0
> > > > auid=0
> > > > > > msg='PAM: setcred acct="root" : exe="/usr/sbin/crond"
> (hostname=?,
> > > > > addr=?,
> > > > > > terminal=cron res=success)'
> > > > > > ----
> > > > > > time->Fri Nov 5 07:01:01 2010
> > > > > > type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0
> > > > auid=0
> > > > > > msg='PAM: session close acct="root" : exe="/usr/sbin/crond"
> > > > (hostname=?,
> > > > > > addr=?, terminal=cron res=success)'
> > > > > > ----
> > > > > > time->Fri Nov 5 09:20:00 2010
> > > > > > type=DAEMON_START msg=audit(1288945200.613:9651): auditd start,
> > > > > ver=1.7.17
> > > > > > format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440
> res=success
> > > > > > ----
> > > > > >
> > > > > > If the systems goes down because of power failure or something
> > > strange,
> > > > > is
> > > > > > there any way to check it?
> > > > > >
> > > > > > Thanks in advance
> > > > > >
> > > > > > ESG
> > > > > > --
> > > > > > redhat-list mailing list
> > > > > > unsubscribe mailto:redhat-list-request@redhat.com
> > > ?subject=unsubscribe
> > > > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > > > >
> > > > >
> > > > >
> > > > >
> > > > > --
> > > > > "il n'y a pas de liberté s'il y a dépendance"
> > > > > --Theobalt
> > > > > --
> > > > > redhat-list mailing list
> > > > > unsubscribe mailto:redhat-list-request@redhat.com
> > ?subject=unsubscribe
> > > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > > --
> > > > redhat-list mailing list
> > > > unsubscribe mailto:redhat-list-request@redhat.com
> ?subject=unsubscribe
> > > > https://www.redhat.com/mailman/listinfo/redhat-list
> > > >
> > > --
> > > redhat-list mailing list
> > > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > > https://www.redhat.com/mailman/listinfo/redhat-list
> > >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Sanjay Chakraborty 11-18-2010 01:04 AM

how to check if shutdown/halt has been executed
 
It happens because some one might have run "poweroff". This command
not let any output in any log file.


On Fri, Nov 12, 2010 at 7:18 PM, hike <mh1272@gmail.com> wrote:
> the UNIX last command lists reboots and shutdowns from the command line.
> the RHEL last should do the same thing (IIRC, it does but we rarely use last
> on linux boxes).
> if it doesn't list anything, that means the shutdown/reboot was not caused
> by a command such as shutdown or reboot. *this indicates a spontaneous
> shutdown caused by any number of things--power outage, drastic software or
> hardware problems, etc.
> this is what you asked for, isn't it.
>
>
>
> On Fri, Nov 12, 2010 at 8:24 AM, ESGLinux <esggrupos@gmail.com> wrote:
>
>> yes it´s avaliable but I don´t see anything about the shutdown :-(
>>
>> Greetings,
>>
>> ESG
>>
>> 2010/11/12 hike <mh1272@gmail.com>
>>
>> > isn't the last command still available in RHEL?
>> >
>> >
>> > On Fri, Nov 12, 2010 at 5:27 AM, ESGLinux <esggrupos@gmail.com> wrote:
>> >
>> > > Hi,
>> > >
>> > > I think something put the finger in the power, because *I don´t get any
>> > log
>> > > in messages or other file.
>> > >
>> > > Now I´m going to investigate who has made that without telling nothing
>> > > :-(((
>> > >
>> > > Thanks
>> > >
>> > > ESG
>> > >
>> > > 2010/11/11 Dennis Comeaux <dennis.comeaux@gmail.com>
>> > >
>> > > > Have you tried /var/log/messages? *I have notes in there about Kernel
>> > > > logging stopping when it goes down. *If someone just gave the machine
>> > the
>> > > > finger (hit the power button and held it down so it went down without
>> > an
>> > > > ACPI poweroff call), then you won't have anything. *I think it may
>> also
>> > > be
>> > > > recorded in /var/log/daemon.log on some installs. *However WHO
>> > requested
>> > > it
>> > > > may or may not be.
>> > > >
>> > > > On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com>
>> wrote:
>> > > >
>> > > > > Hi All,
>> > > > >
>> > > > > I have arrived today at work and I have found a RHEL 5 server
>> > poweroff.
>> > > > >
>> > > > > I want to know what has happened. So, I first want to know if
>> someone
>> > > has
>> > > > > executed shutdown/halt/poweroff or any other command that can power
>> > off
>> > > > the
>> > > > > machine,
>> > > > >
>> > > > > I have checked the messages file but I cant see nothing:
>> > > > >
>> > > > > Nov *4 12:24:34 www smartd[2097]: In the system's table of devices
>> NO
>> > > > > devices found to scan
>> > > > > Nov *4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI
>> devices
>> > > > > Nov *4 12:24:34 www smartd[2099]: smartd has fork()ed into
>> background
>> > > > mode.
>> > > > > New PID=2099.
>> > > > > Nov *5 09:20:01 www syslogd 1.4.1: restart.
>> > > > > Nov *5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg
>> > > started.
>> > > > >
>> > > > > at 09:20 I restart the machine.
>> > > > >
>> > > > > With the sar command I see this:
>> > > > >
>> > > > > 06:40:02 AM * * * all * * *0.10 * * *0.00 * * *0.08 * * *0.48
>> > *0.01
>> > > > > 99.33
>> > > > > 06:50:01 AM * * * all * * *0.11 * * *0.00 * * *0.07 * * *0.36
>> > *0.01
>> > > > > 99.45
>> > > > > 07:00:01 AM * * * all * * *0.13 * * *0.00 * * *0.07 * * *0.80
>> > *0.01
>> > > > > 98.98
>> > > > > Average: * * * * *all * * *0.12 * * *0.00 * * *0.07 * * *0.80
>> > *0.01
>> > > > > 98.99
>> > > > >
>> > > > > 09:19:48 AM * * * LINUX RESTART
>> > > > >
>> > > > > 09:30:01 AM * * * CPU * * %user * * %nice * %system * %iowait
>> > *%steal
>> > > > > %idle
>> > > > > 09:40:01 AM * * * all * * *0.60 * * *0.00 * * *0.11 * * *5.57
>> > *0.01
>> > > > > 93.71
>> > > > >
>> > > > > So between 07:00 and 07:10 the system *goes down, but WHY???
>> > > > >
>> > > > > with the ausearch command I get this:
>> > > > >
>> > > > > ----
>> > > > > time->Fri Nov *5 07:01:01 2010
>> > > > > type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
>> > > > > auid=4294967295 msg='PAM: setcred acct="root" :
>> exe="/usr/sbin/crond"
>> > > > > (hostname=?, addr=?, terminal=cron res=success)'
>> > > > > ----
>> > > > > time->Fri Nov *5 07:01:01 2010
>> > > > > type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
>> > > > > auid=4294967295 new auid=0
>> > > > > ----
>> > > > > time->Fri Nov *5 07:01:01 2010
>> > > > > type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0
>> > > > auid=0
>> > > > > msg='PAM: session open acct="root" : exe="/usr/sbin/crond"
>> > (hostname=?,
>> > > > > addr=?, terminal=cron res=success)'
>> > > > > ----
>> > > > > time->Fri Nov *5 07:01:01 2010
>> > > > > type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0
>> > > auid=0
>> > > > > msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
>> > > > addr=?,
>> > > > > terminal=cron res=success)'
>> > > > > ----
>> > > > > time->Fri Nov *5 07:01:01 2010
>> > > > > type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0
>> > > auid=0
>> > > > > msg='PAM: session close acct="root" : exe="/usr/sbin/crond"
>> > > (hostname=?,
>> > > > > addr=?, terminal=cron res=success)'
>> > > > > ----
>> > > > > time->Fri Nov *5 09:20:00 2010
>> > > > > type=DAEMON_START msg=audit(1288945200.613:9651): auditd start,
>> > > > ver=1.7.17
>> > > > > format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
>> > > > > ----
>> > > > >
>> > > > > If the systems goes down because of power failure or something
>> > strange,
>> > > > is
>> > > > > there any way to check it?
>> > > > >
>> > > > > Thanks in advance
>> > > > >
>> > > > > ESG
>> > > > > --
>> > > > > redhat-list mailing list
>> > > > > unsubscribe mailto:redhat-list-request@redhat.com
>> > ?subject=unsubscribe
>> > > > > https://www.redhat.com/mailman/listinfo/redhat-list
>> > > > >
>> > > >
>> > > >
>> > > >
>> > > > --
>> > > > "il n'y a pas de liberté s'il y a dépendance"
>> > > > * --Theobalt
>> > > > --
>> > > > redhat-list mailing list
>> > > > unsubscribe mailto:redhat-list-request@redhat.com
>> ?subject=unsubscribe
>> > > > https://www.redhat.com/mailman/listinfo/redhat-list
>> > > --
>> > > redhat-list mailing list
>> > > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> > > https://www.redhat.com/mailman/listinfo/redhat-list
>> > >
>> > --
>> > redhat-list mailing list
>> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> > https://www.redhat.com/mailman/listinfo/redhat-list
>> >
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list



--
Regards.
Sanjay Chakraborty

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

"Kyle O'Donnell" 11-18-2010 01:15 AM

how to check if shutdown/halt has been executed
 
will 'last' tell you?

On Wed, 17 Nov 2010 21:04:58 -0500, Sanjay Chakraborty
<sanjaychakrab@gmail.com> wrote:
> It happens because some one might have run "poweroff". This command
> not let any output in any log file.
>
>
> On Fri, Nov 12, 2010 at 7:18 PM, hike <mh1272@gmail.com> wrote:
>> the UNIX last command lists reboots and shutdowns from the command line.
>> the RHEL last should do the same thing (IIRC, it does but we rarely use last
>> on linux boxes).
>> if it doesn't list anything, that means the shutdown/reboot was not caused
>> by a command such as shutdown or reboot. *this indicates a spontaneous
>> shutdown caused by any number of things--power outage, drastic software or
>> hardware problems, etc.
>> this is what you asked for, isn't it.
>>
>>
>>
>> On Fri, Nov 12, 2010 at 8:24 AM, ESGLinux <esggrupos@gmail.com> wrote:
>>
>>> yes it´s avaliable but I don´t see anything about the shutdown :-(
>>>
>>> Greetings,
>>>
>>> ESG
>>>
>>> 2010/11/12 hike <mh1272@gmail.com>
>>>
>>> > isn't the last command still available in RHEL?
>>> >
>>> >
>>> > On Fri, Nov 12, 2010 at 5:27 AM, ESGLinux <esggrupos@gmail.com> wrote:
>>> >
>>> > > Hi,
>>> > >
>>> > > I think something put the finger in the power, because *I don´t get any
>>> > log
>>> > > in messages or other file.
>>> > >
>>> > > Now I´m going to investigate who has made that without telling nothing
>>> > > :-(((
>>> > >
>>> > > Thanks
>>> > >
>>> > > ESG
>>> > >
>>> > > 2010/11/11 Dennis Comeaux <dennis.comeaux@gmail.com>
>>> > >
>>> > > > Have you tried /var/log/messages? *I have notes in there about Kernel
>>> > > > logging stopping when it goes down. *If someone just gave the machine
>>> > the
>>> > > > finger (hit the power button and held it down so it went down without
>>> > an
>>> > > > ACPI poweroff call), then you won't have anything. *I think it may
>>> also
>>> > > be
>>> > > > recorded in /var/log/daemon.log on some installs. *However WHO
>>> > requested
>>> > > it
>>> > > > may or may not be.
>>> > > >
>>> > > > On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com>
>>> wrote:
>>> > > >
>>> > > > > Hi All,
>>> > > > >
>>> > > > > I have arrived today at work and I have found a RHEL 5 server
>>> > poweroff.
>>> > > > >
>>> > > > > I want to know what has happened. So, I first want to know if
>>> someone
>>> > > has
>>> > > > > executed shutdown/halt/poweroff or any other command that can power
>>> > off
>>> > > > the
>>> > > > > machine,
>>> > > > >
>>> > > > > I have checked the messages file but I cant see nothing:
>>> > > > >
>>> > > > > Nov *4 12:24:34 www smartd[2097]: In the system's table of devices
>>> NO
>>> > > > > devices found to scan
>>> > > > > Nov *4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI
>>> devices
>>> > > > > Nov *4 12:24:34 www smartd[2099]: smartd has fork()ed into
>>> background
>>> > > > mode.
>>> > > > > New PID=2099.
>>> > > > > Nov *5 09:20:01 www syslogd 1.4.1: restart.
>>> > > > > Nov *5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg
>>> > > started.
>>> > > > >
>>> > > > > at 09:20 I restart the machine.
>>> > > > >
>>> > > > > With the sar command I see this:
>>> > > > >
>>> > > > > 06:40:02 AM * * * all * * *0.10 * * *0.00 * * *0.08 * * *0.48
>>> > *0.01
>>> > > > > 99.33
>>> > > > > 06:50:01 AM * * * all * * *0.11 * * *0.00 * * *0.07 * * *0.36
>>> > *0.01
>>> > > > > 99.45
>>> > > > > 07:00:01 AM * * * all * * *0.13 * * *0.00 * * *0.07 * * *0.80
>>> > *0.01
>>> > > > > 98.98
>>> > > > > Average: * * * * *all * * *0.12 * * *0.00 * * *0.07 * * *0.80
>>> > *0.01
>>> > > > > 98.99
>>> > > > >
>>> > > > > 09:19:48 AM * * * LINUX RESTART
>>> > > > >
>>> > > > > 09:30:01 AM * * * CPU * * %user * * %nice * %system * %iowait
>>> > *%steal
>>> > > > > %idle
>>> > > > > 09:40:01 AM * * * all * * *0.60 * * *0.00 * * *0.11 * * *5.57
>>> > *0.01
>>> > > > > 93.71
>>> > > > >
>>> > > > > So between 07:00 and 07:10 the system *goes down, but WHY???
>>> > > > >
>>> > > > > with the ausearch command I get this:
>>> > > > >
>>> > > > > ----
>>> > > > > time->Fri Nov *5 07:01:01 2010
>>> > > > > type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
>>> > > > > auid=4294967295 msg='PAM: setcred acct="root" :
>>> exe="/usr/sbin/crond"
>>> > > > > (hostname=?, addr=?, terminal=cron res=success)'
>>> > > > > ----
>>> > > > > time->Fri Nov *5 07:01:01 2010
>>> > > > > type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
>>> > > > > auid=4294967295 new auid=0
>>> > > > > ----
>>> > > > > time->Fri Nov *5 07:01:01 2010
>>> > > > > type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0
>>> > > > auid=0
>>> > > > > msg='PAM: session open acct="root" : exe="/usr/sbin/crond"
>>> > (hostname=?,
>>> > > > > addr=?, terminal=cron res=success)'
>>> > > > > ----
>>> > > > > time->Fri Nov *5 07:01:01 2010
>>> > > > > type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0
>>> > > auid=0
>>> > > > > msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
>>> > > > addr=?,
>>> > > > > terminal=cron res=success)'
>>> > > > > ----
>>> > > > > time->Fri Nov *5 07:01:01 2010
>>> > > > > type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0
>>> > > auid=0
>>> > > > > msg='PAM: session close acct="root" : exe="/usr/sbin/crond"
>>> > > (hostname=?,
>>> > > > > addr=?, terminal=cron res=success)'
>>> > > > > ----
>>> > > > > time->Fri Nov *5 09:20:00 2010
>>> > > > > type=DAEMON_START msg=audit(1288945200.613:9651): auditd start,
>>> > > > ver=1.7.17
>>> > > > > format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
>>> > > > > ----
>>> > > > >
>>> > > > > If the systems goes down because of power failure or something
>>> > strange,
>>> > > > is
>>> > > > > there any way to check it?
>>> > > > >
>>> > > > > Thanks in advance
>>> > > > >
>>> > > > > ESG
>>> > > > > --
>>> > > > > redhat-list mailing list
>>> > > > > unsubscribe mailto:redhat-list-request@redhat.com
>>> > ?subject=unsubscribe
>>> > > > > https://www.redhat.com/mailman/listinfo/redhat-list
>>> > > > >
>>> > > >
>>> > > >
>>> > > >
>>> > > > --
>>> > > > "il n'y a pas de liberté s'il y a dépendance"
>>> > > > * --Theobalt
>>> > > > --
>>> > > > redhat-list mailing list
>>> > > > unsubscribe mailto:redhat-list-request@redhat.com
>>> ?subject=unsubscribe
>>> > > > https://www.redhat.com/mailman/listinfo/redhat-list
>>> > > --
>>> > > redhat-list mailing list
>>> > > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>> > > https://www.redhat.com/mailman/listinfo/redhat-list
>>> > >
>>> > --
>>> > redhat-list mailing list
>>> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>> > https://www.redhat.com/mailman/listinfo/redhat-list
>>> >
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> --
> Regards.
> Sanjay Chakraborty

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Sanjay Chakraborty 11-21-2010 05:23 PM

how to check if shutdown/halt has been executed
 
poweroff ( one word) is a command to shutdown the server.

On Wed, Nov 17, 2010 at 9:15 PM, Kyle O'Donnell <redhat@isprime.org> wrote:
> will 'last' tell you?
>
> On Wed, 17 Nov 2010 21:04:58 -0500, Sanjay Chakraborty
> <sanjaychakrab@gmail.com> wrote:
>> It happens because some one might have *run "poweroff". This command
>> not let any output in any log file.
>>
>>
>> On Fri, Nov 12, 2010 at 7:18 PM, hike <mh1272@gmail.com> wrote:
>>> the UNIX last command lists reboots and shutdowns from the command line.
>>> the RHEL last should do the same thing (IIRC, it does but we rarely use last
>>> on linux boxes).
>>> if it doesn't list anything, that means the shutdown/reboot was not caused
>>> by a command such as shutdown or reboot. *this indicates a spontaneous
>>> shutdown caused by any number of things--power outage, drastic software or
>>> hardware problems, etc.
>>> this is what you asked for, isn't it.
>>>
>>>
>>>
>>> On Fri, Nov 12, 2010 at 8:24 AM, ESGLinux <esggrupos@gmail.com> wrote:
>>>
>>>> yes it´s avaliable but I don´t see anything about the shutdown :-(
>>>>
>>>> Greetings,
>>>>
>>>> ESG
>>>>
>>>> 2010/11/12 hike <mh1272@gmail.com>
>>>>
>>>> > isn't the last command still available in RHEL?
>>>> >
>>>> >
>>>> > On Fri, Nov 12, 2010 at 5:27 AM, ESGLinux <esggrupos@gmail.com> wrote:
>>>> >
>>>> > > Hi,
>>>> > >
>>>> > > I think something put the finger in the power, because *I don´t get any
>>>> > log
>>>> > > in messages or other file.
>>>> > >
>>>> > > Now I´m going to investigate who has made that without telling nothing
>>>> > > :-(((
>>>> > >
>>>> > > Thanks
>>>> > >
>>>> > > ESG
>>>> > >
>>>> > > 2010/11/11 Dennis Comeaux <dennis.comeaux@gmail.com>
>>>> > >
>>>> > > > Have you tried /var/log/messages? *I have notes in there about Kernel
>>>> > > > logging stopping when it goes down. *If someone just gave the machine
>>>> > the
>>>> > > > finger (hit the power button and held it down so it went down without
>>>> > an
>>>> > > > ACPI poweroff call), then you won't have anything. *I think it may
>>>> also
>>>> > > be
>>>> > > > recorded in /var/log/daemon.log on some installs. *However WHO
>>>> > requested
>>>> > > it
>>>> > > > may or may not be.
>>>> > > >
>>>> > > > On Fri, Nov 5, 2010 at 5:05 AM, ESGLinux <esggrupos@gmail.com>
>>>> wrote:
>>>> > > >
>>>> > > > > Hi All,
>>>> > > > >
>>>> > > > > I have arrived today at work and I have found a RHEL 5 server
>>>> > poweroff.
>>>> > > > >
>>>> > > > > I want to know what has happened. So, I first want to know if
>>>> someone
>>>> > > has
>>>> > > > > executed shutdown/halt/poweroff or any other command that can power
>>>> > off
>>>> > > > the
>>>> > > > > machine,
>>>> > > > >
>>>> > > > > I have checked the messages file but I cant see nothing:
>>>> > > > >
>>>> > > > > Nov *4 12:24:34 www smartd[2097]: In the system's table of devices
>>>> NO
>>>> > > > > devices found to scan
>>>> > > > > Nov *4 12:24:34 www smartd[2097]: Monitoring 0 ATA and 0 SCSI
>>>> devices
>>>> > > > > Nov *4 12:24:34 www smartd[2099]: smartd has fork()ed into
>>>> background
>>>> > > > mode.
>>>> > > > > New PID=2099.
>>>> > > > > Nov *5 09:20:01 www syslogd 1.4.1: restart.
>>>> > > > > Nov *5 09:20:02 www kernel: klogd 1.4.1, log source = /proc/kmsg
>>>> > > started.
>>>> > > > >
>>>> > > > > at 09:20 I restart the machine.
>>>> > > > >
>>>> > > > > With the sar command I see this:
>>>> > > > >
>>>> > > > > 06:40:02 AM * * * all * * *0.10 * * *0.00 * * *0.08 * * *0.48
>>>> > *0.01
>>>> > > > > 99.33
>>>> > > > > 06:50:01 AM * * * all * * *0.11 * * *0.00 * * *0.07 * * *0.36
>>>> > *0.01
>>>> > > > > 99.45
>>>> > > > > 07:00:01 AM * * * all * * *0.13 * * *0.00 * * *0.07 * * *0.80
>>>> > *0.01
>>>> > > > > 98.98
>>>> > > > > Average: * * * * *all * * *0.12 * * *0.00 * * *0.07 * * *0.80
>>>> > *0.01
>>>> > > > > 98.99
>>>> > > > >
>>>> > > > > 09:19:48 AM * * * LINUX RESTART
>>>> > > > >
>>>> > > > > 09:30:01 AM * * * CPU * * %user * * %nice * %system * %iowait
>>>> > *%steal
>>>> > > > > %idle
>>>> > > > > 09:40:01 AM * * * all * * *0.60 * * *0.00 * * *0.11 * * *5.57
>>>> > *0.01
>>>> > > > > 93.71
>>>> > > > >
>>>> > > > > So between 07:00 and 07:10 the system *goes down, but WHY???
>>>> > > > >
>>>> > > > > with the ausearch command I get this:
>>>> > > > >
>>>> > > > > ----
>>>> > > > > time->Fri Nov *5 07:01:01 2010
>>>> > > > > type=CRED_ACQ msg=audit(1288936861.670:3707): user pid=9601 uid=0
>>>> > > > > auid=4294967295 msg='PAM: setcred acct="root" :
>>>> exe="/usr/sbin/crond"
>>>> > > > > (hostname=?, addr=?, terminal=cron res=success)'
>>>> > > > > ----
>>>> > > > > time->Fri Nov *5 07:01:01 2010
>>>> > > > > type=LOGIN msg=audit(1288936861.670:3708): login pid=9601 uid=0 old
>>>> > > > > auid=4294967295 new auid=0
>>>> > > > > ----
>>>> > > > > time->Fri Nov *5 07:01:01 2010
>>>> > > > > type=USER_START msg=audit(1288936861.720:3709): user pid=9601 uid=0
>>>> > > > auid=0
>>>> > > > > msg='PAM: session open acct="root" : exe="/usr/sbin/crond"
>>>> > (hostname=?,
>>>> > > > > addr=?, terminal=cron res=success)'
>>>> > > > > ----
>>>> > > > > time->Fri Nov *5 07:01:01 2010
>>>> > > > > type=CRED_DISP msg=audit(1288936861.730:3710): user pid=9601 uid=0
>>>> > > auid=0
>>>> > > > > msg='PAM: setcred acct="root" : exe="/usr/sbin/crond" (hostname=?,
>>>> > > > addr=?,
>>>> > > > > terminal=cron res=success)'
>>>> > > > > ----
>>>> > > > > time->Fri Nov *5 07:01:01 2010
>>>> > > > > type=USER_END msg=audit(1288936861.730:3711): user pid=9601 uid=0
>>>> > > auid=0
>>>> > > > > msg='PAM: session close acct="root" : exe="/usr/sbin/crond"
>>>> > > (hostname=?,
>>>> > > > > addr=?, terminal=cron res=success)'
>>>> > > > > ----
>>>> > > > > time->Fri Nov *5 09:20:00 2010
>>>> > > > > type=DAEMON_START msg=audit(1288945200.613:9651): auditd start,
>>>> > > > ver=1.7.17
>>>> > > > > format=raw kernel=2.6.18.8-xen auid=4294967295 pid=1440 res=success
>>>> > > > > ----
>>>> > > > >
>>>> > > > > If the systems goes down because of power failure or something
>>>> > strange,
>>>> > > > is
>>>> > > > > there any way to check it?
>>>> > > > >
>>>> > > > > Thanks in advance
>>>> > > > >
>>>> > > > > ESG
>>>> > > > > --
>>>> > > > > redhat-list mailing list
>>>> > > > > unsubscribe mailto:redhat-list-request@redhat.com
>>>> > ?subject=unsubscribe
>>>> > > > > https://www.redhat.com/mailman/listinfo/redhat-list
>>>> > > > >
>>>> > > >
>>>> > > >
>>>> > > >
>>>> > > > --
>>>> > > > "il n'y a pas de liberté s'il y a dépendance"
>>>> > > > * --Theobalt
>>>> > > > --
>>>> > > > redhat-list mailing list
>>>> > > > unsubscribe mailto:redhat-list-request@redhat.com
>>>> ?subject=unsubscribe
>>>> > > > https://www.redhat.com/mailman/listinfo/redhat-list
>>>> > > --
>>>> > > redhat-list mailing list
>>>> > > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>>> > > https://www.redhat.com/mailman/listinfo/redhat-list
>>>> > >
>>>> > --
>>>> > redhat-list mailing list
>>>> > unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>>> > https://www.redhat.com/mailman/listinfo/redhat-list
>>>> >
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>>
>>
>> --
>> Regards.
>> Sanjay Chakraborty
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


All times are GMT. The time now is 03:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.