Missing entries in log files just before/after reboot
Hello world,
One of the servers, a Fedora one,rebooted today (Luckily, a testbox).
I tried to get the reason the server rebooted. After going through the messages, I think that the log entries just before and after reboot are missing.
Please below: (****** is the server name, for privacy reason)
Code:
Mar 12 15:28:35 ****** snmpd[9415]: Connection from UDP: [10.235.49.62]:65118
Mar 12 15:28:35 ****** snmpd[9415]: warning: /etc/hosts.allow, line 11: missing ":" separator
Mar 12 15:28:35 ****** snmpd[9415]: Connection from UDP: [10.235.49.62]:65118
Mar 12 15:28:35 ****** snmpd[9415]: warning: /etc/hosts.allow, line 11: missing ":" separator
Mar 12 15:28:35 ****** snmpd[9415]: Connection from UDP: [10.235.49.62]:65118
Mar 12 16:06:39 ****** rsyslogd: [origin software="rsyslogd" swVersion="2.0.2" x-pid="1592" x-info="http://www.rsyslog.com"][x-configInfo udpReception="No" udpPort
="514" tcpReception="No" tcpPort="0"] restart
Mar 12 16:06:39 ****** kernel: rklogd 2.0.2, log source = /proc/kmsg started.
I understand there will be no logs during the reboot but, why exactly did the server reboot? I have two doubts:
1.Was the SNPD process with the error "missing ":" separator" the cause for reboot?
2. Why did rsyslogd run immediately aftyer the reboot? Can it help me trace the reboot cause?
Thanks in Advance.
Last edited by satish51392111; 03-12-2012 at 01:35 PM..
Reason: forgot codetags
a few of some live payroll files have been deleted / missing ... i've restored last nites backup ... what could be the possibilities of this strange occurance ... users have menus to work on and use these live files ... we run an aix box with a ksh shell. Where do I start ??
Thanks (4 Replies)
Hello Everyone ,
I am a new member to this forum and came to know about this from so many of my friends . I face one issue last day when suddenly the system got rebooted ( But don,t know why ) . Can someone please help me in investigating this issue as to why the system got rebooted and who... (4 Replies)
hi guys,
i know some commands to check last boot information in solaris and redhat.
#last -10 | grep boot
#who -b
#cat /var/adm/messages | grep signal
but how do i check for boot info in hp-ux other than
from the "shutdownlog"
#last -10| reboot has rebooted my hp-ux server !
... (2 Replies)
Hi,
I need a shell program that will prompt the user to input a dept name to the script.
The script should then check a specific directory called ‘report' in the home directory of each member of that dept.
If the report directory does not exist, or there are no contents in the directory,... (2 Replies)
Hi, all:
I've got two folders, say, "folder1" and "folder2".
Under each, there are thousands of files.
It's quite obvious that there are some files missing in each. I just would like to find them. I believe this can be done by "diff" command.
However, if I change the above question a... (1 Reply)
Hi, Here is the issue: There are 4 disks on this Sun x4150 system under Solaris 10, but only 1 disk can be seen by the OS. I've tried commands disks and devfsadm but not working. It's an important production server, so 'reboot -r' is not a choice.
# format < /dev/null
Searching for... (6 Replies)
Dear all ,
i ve configured raid 0 in redhat machine(VM ware), by following steps:
#mdadm -C /dev/md0 -l 0 -n 2 /dev/sdb1 /dev/sdc1
#mkfs.ext3 /dev/md0
#mdadm --detail --scan --config=mdadm.conf >/etc/mdadm.conf
then
mounted the/dev/md0 device and also added a entry in fstab.
how... (2 Replies)
i Have a mount point from NAS and i mount it My AIX manually the system get rebooted by its self and it did not get mounted , how can i make it mounted with the system up in automated way ? (1 Reply)
Hi all ,
am using unix ksh
I have a lots of files in /prb directory in the format as ..
..
..
..
MMRR0607.DAT_2012
MMRR0707.DAT_2012
MMRR0907.DAT_2012
MMRR1107.DAT_2012
...
..
MMRR3107.DAT_2012
MMRR0208.DAT_2012
..
I need the output as
Missing files are:-
MMRR0807.DAT_2012 (note... (4 Replies)
is there a way to efficiently monitor logfiles that do not have a date or time format? i have several logs on several different servers that need to be monitored. but i realized writing a script for this would be very complex and time consuming giving the variety of things i need to check for i.e.... (2 Replies)
Discussion started by: SkySmart
2 Replies
LEARN ABOUT PLAN9
last
LAST, LASTB(1) User Commands LAST, LASTB(1)NAME
last, lastb - show a listing of last logged in users
SYNOPSIS
last [options] [username...] [tty...]
lastb [options] [username...] [tty...]
DESCRIPTION
last searches back through the /var/log/wtmp file (or the file designated by the -f option) and displays a list of all users logged in (and
out) since that file was created. One or more usernames and/or ttys can be given, in which case last will show only the entries matching
those arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0.
When catching a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal, last will show how far it has
searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all the reboots since the log file
was created.
lastb is the same as last, except that by default it shows a log of the /var/log/btmp file, which contains all the bad login attempts.
OPTIONS -a, --hostlast
Display the hostname in the last column. Useful in combination with the --dns option.
-d, --dns
For non-local logins, Linux stores not only the host name of the remote host, but its IP number as well. This option translates the
IP number back into a hostname.
-f, --file file
Tell last to use a specific file instead of /var/log/wtmp. The --file option can be given multiple times, and all of the specified
files will be processed.
-F, --fulltimes
Print full login and logout times and dates.
-i, --ip
Like --dns , but displays the host's IP number instead of the name.
-number
-n, --limit number
Tell last how many lines to show.
-p, --present time
Display the users who were present at the specified time. This is like using the options --since and --until together with the same
time.
-R, --nohostname
Suppresses the display of the hostname field.
-s, --since time
Display the state of logins since the specified time. This is useful, e.g., to easily determine who was logged in at a particular
time. The option is often combined with --until.
-t, --until time
Display the state of logins until the specified time.
--time-format format
Define the output timestamp format to be one of notime, short, full, or iso. The notime variant will not print any timestamps at
all, short is the default, and full is the same as the --fulltimes option. The iso variant will display the timestamp in ISO-8601
format. The ISO format contains timezone information, making it preferable when printouts are investigated outside of the system.
-w, --fullnames
Display full user names and domain names in the output.
-x, --system
Display the system shutdown entries and run level changes.
TIME FORMATS
The options that take the time argument understand the following formats:
YYYYMMDDhhmmss
YYYY-MM-DD hh:mm:ss
YYYY-MM-DD hh:mm (seconds will be set to 00)
YYYY-MM-DD (time will be set to 00:00:00)
hh:mm:ss (date will be set to today)
hh:mm (date will be set to today, seconds to 00)
now
yesterday (time is set to 00:00:00)
today (time is set to 00:00:00)
tomorrow (time is set to 00:00:00)
+5min
-5days
NOTES
The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configu-
ration issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp).
FILES
/var/log/wtmp
/var/log/btmp
AUTHOR
Miquel van Smoorenburg <miquels@cistron.nl>
AVAILABILITY
The last command is part of the util-linux package and is available from Linux Kernel Archive <https://www.kernel.org/pub/linux/utils/util-
linux/>.
SEE ALSO login(1), wtmp(5), init(8), shutdown(8)util-linux October 2013 LAST, LASTB(1)
03-12-2012
