From owner-freebsd-questions@FreeBSD.ORG Thu Aug 14 18:51:14 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6455437B401 for ; Thu, 14 Aug 2003 18:51:14 -0700 (PDT) Received: from kyoto.meibin.net (kyoto.meibin.net [219.166.101.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id 99C7443FA3 for ; Thu, 14 Aug 2003 18:51:12 -0700 (PDT) (envelope-from lukek@meibin.net) Received: (qmail 49788 invoked by uid 89); 15 Aug 2003 01:50:12 -0000 Received: from unknown (HELO MAGOME) (192.168.10.35) by kyoto.meibin.net with SMTP; 15 Aug 2003 01:50:12 -0000 Message-ID: <018501c362cf$29edf9c0$230aa8c0@MAGOME> From: "Luke Kearney" To: "Magnus J" , "Brent Wiese" References: <20030815014452.51984.qmail@web12906.mail.yahoo.com> Date: Fri, 15 Aug 2003 10:47:16 +0900 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 cc: freebsd-questions@freebsd.org Subject: Re: Server rebooted at 3 a.m. and 7 a.m. for the past few days X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Aug 2003 01:51:14 -0000 ----- Original Message ----- From: "Magnus J" To: "Brent Wiese" Cc: Sent: Friday, August 15, 2003 10:44 AM Subject: RE: Server rebooted at 3 a.m. and 7 a.m. for the past few days > Hello > > > dmesg shows no panic, and nothing that consumes much CPU has > been running since the first reboot. > Around 3 a.m. the daily periodic runs (which is default) and > around 7 a.m. cvsup runs. > > Thanks > Magnus > > --- Brent Wiese skrev: > > Do you have any scripts that run at those times? If you run > > something like a > > database update or something that can crank some CPU cycles, > > you could be > > overheating the box, causing a reboot. Could happen "all of a > > sudden" if a > > fan decided to quit... > > > > Dmesg show any panics? > > > > > -----Original Message----- > > > From: owner-freebsd-questions@freebsd.org > > > [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of > > Magnus J > > > Sent: Thursday, August 14, 2003 5:22 PM > > > To: Steve Hovey > > > Cc: freebsd-questions@freebsd.org > > > Subject: Re: Server rebooted at 3 a.m. and 7 a.m. for the > > > past few days > > > > > > > > > Hello > > > > > > > > > Thanks for replying. /etc/crontab looks OK. > > > > > > This is how 'last' looks like (user1 is myself) > > > > > > user1 ttyp0 zzz.12.28.40 Thu Aug 14 12:43 > > - > > > 13:30 (00:46) > > > user1 ttyp1 zzz.12.28.40 Thu Aug 14 12:20 > > - > > > 13:30 (01:09) > > > user1 ttyp0 zzz.12.28.40 Thu Aug 14 12:08 > > - > > > 12:21 (00:12) > > > user1 ttyp0 zzz.12.27.12 Thu Aug 14 10:06 > > - > > > 11:22 (01:15) > > > user1 ttyp1 zzz.12.28.52 Thu Aug 14 08:06 > > - > > > 08:07 (00:00) > > > user1 ttyp0 zzz.12.28.52 Thu Aug 14 07:10 > > - > > > 08:07 (00:56) > > > reboot ~ Thu Aug 14 07:10 > > > reboot ~ Thu Aug 14 03:09 > > > reboot ~ Wed Aug 13 07:13 > > > reboot ~ Wed Aug 13 03:09 > > > reboot ~ Tue Aug 12 07:12 > > > reboot ~ Tue Aug 12 03:09 > > > reboot ~ Mon Aug 11 07:11 > > > reboot ~ Mon Aug 11 03:09 > > > reboot ~ Sun Aug 10 07:10 > > > reboot ~ Sun Aug 10 03:08 > > > reboot ~ Sat Aug 9 07:10 > > > reboot ~ Sat Aug 9 04:22 > > > reboot ~ Sat Aug 9 03:08 > > > reboot ~ Fri Aug 8 07:10 > > > reboot ~ Thu Aug 7 22:21 > > > user1 ttyp4 zzz.12.28.14 Mon Aug 4 22:39 > > - > > > 22:40 (00:00) > > > > > > wtmp begins Mon Aug 4 22:39:55 CEST 2003 > > > bash-2.05b# date > > > Fri Aug 15 02:06:22 CEST 2003 > > > bash-2.05b# > > > > > > Should I worry about these messages? > > > > > > Jul 16 14:06:47 magnus1 sshd[22292]: scanned from > > > zzz.7.104.10 with SSH-1.0-SSH_ Version_Mapper. Don't panic. > > > > > Jul 16 14:06:47 magnus1 sshd[22291]: Did not receive > > > identification string from zzz.7.104.10 Jul 27 19:58:36 > > > magnus1 sshd[1811]: scanned from zzz.18.53.102 with > > > SSH-1.0-SSH_Ve Jul 27 19:58:36 magnus1 sshd[1811]: scanned > > > from zzz.18.53.102 with SSH-1.0-SSH_Ve rsion_Mapper. Don't > > > panic. Jul 27 19:58:36 magnus1 sshd[1810]: Did not receive > > > identification string from zzz.18.53.102 Jul 28 07:00:07 > > > magnus1 sshd[2568]: Did not receive identification string > > > from zzz.155.91.132 Jul 29 05:59:55 magnus1 sshd[3798]: Did > > > not receive identification string from zzz.235.37.77 Jul 30 > > > 10:53:55 magnus1 sshd[5285]: Did not receive identification > > > string from zzz.111.110.6 Jul 30 10:56:51 magnus1 > > sshd[5289]: > > > Did not receive identification string from zzz.111.110.6 Jul > > > > > 30 12:51:46 magnus1 sshd[5365]: Did not receive > > > identification string from zzz.212.236.18 Jul 31 02:57:59 > > > magnus1 sshd[5935]: Did not receive identification string > > > from zzz.30.187.2 Aug 4 08:15:11 magnus1 sshd[14242]: Did > > > not receive identification string from zzz.246.43.167 > > > > > > > > > Previously, I have had easily two months of uptime on this > > server. > > > > > > Regards > > > Magnus > > > > > > > > > > > > --- Steve Hovey skrev: > > > > > I would start with your cron jobs > > > > > > > > > > > > On Thu, 14 Aug 2003, [iso-8859-1] Magnus J wrote: > > > > > > > > > Hello everyone > > > > > > > > > > > > > > > I'm not sure if I should have posted this to > > > > freebsd-security, > > > > > but I start here. > > > > > > > > > > I'm out traveling, and finally got a chance to login to > > my server > > > > > back home through SSH, which is running 4.8 and is > > > protected by an > > > > > IPFILTER firewall. > > > > > > > > > > Looking at /var/log/messages , the server has been > > > > mysteriously > > > > > rebooted around 3 a.m. and 7 a.m. CET every day for the > > past > > > > few > > > > > days. I have never seen this before. > > > > > It doesn't look like hardware problem because it's not > > > > random > > > > > and there are no messages about filesystems not being > > > > unmounted > > > > > cleanly. > > > > > > > > > > Any ideas where I should start looking to see what's > > going > > > > on? > > > > > Obviously I will try to monitor what's happening next > > > time around 3 > > > > > a.m. and 7 a.m., which processes are running, etc., > > > > but > > > > > is there something special I should look out for? > > > > > > > > > > Unfortunately, I have not installed Tripwire. > > > > > > > > > > Best regards > > > > > Magnus (not a member of this list) I tend to agree with Brent's assesment. Something your machine is trying to do at those times is causing it to reboot without notice. The fact that there is no complaints about not dismounting properly is curious but the clockwork like regularity of this issue leads me to believe that your issues are there, perhaps as an experiment remove the cvsup job from the crontab over night and see if that had any noticeable difference. Alternatively run the periodic scripts and other cronjobs once by hand and see if that causes a reboot. crank up your syslog so that *everything* is getting logged to get more forensic evidence on the problems might also be an avenue of attack. HTH