Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 4 Mar 2006 11:42:49 -0600
From:      "Kelly D. Grills" <kdgrills@the-grills.com>
To:        freebsd-questions@freebsd.org
Subject:   Re: How to figure out who shutdown box
Message-ID:  <20060304174236.GA752@the-grills.com>
In-Reply-To: <Pine.BSO.4.58.0603041011130.14807@naughty.monkey.org>
References:  <Pine.BSO.4.58.0603041011130.14807@naughty.monkey.org>

next in thread | previous in thread | raw e-mail | index | archive | help

--u3/rZRmxL6MmkK24
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sat, Mar 04, 2006 at 10:24:17AM -0500, Jon Poland wrote:
>=20
> Hi,
>   I operate a colo box running FreeBSD 6.0-SECURITY.  Yesterday the box
> shutdown and powered off.  I didn't execute shutdown or halt, and I'm the
> only user who can.  Here's what the logs tell me:
>=20
> /var/log/console.log:
> Mar  3 11:24:29 kmart kernel: Shutting down daemon processes:
>=20
> /var/log/messages:
> Mar  3 11:24:38 kmart syslogd: exiting on signal 15
>=20
> last: (the important lines)
> reboot           ~                         Fri Mar  3 13:10
> shutdown         ~                         Fri Mar  3 11:24
>=20
> I don't see anything in any of the logs like "rebooted by X", etc.
>=20
> I'm not exactly sure how this can happen and looking for ideas.
>=20

Where are you logging security messages? I believe the default is to
/var/log/security

Have a look at /etc/syslog.conf and syslog.conf(5)

You should see messages such as this in your security log:
Mar  1 15:21:38 srv1 shutdown: reboot by kdgrills:

--=20
Kelly D. Grills
kdgrills@the-grills.com




--u3/rZRmxL6MmkK24
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)
Comment: PGP key: mailto:kdgrills-pgpkey@the-grills.com

iD8DBQFECdGL7inS5LzF7HMRAp+zAJ9rY7hERk+0hMq0DzMWF7l80aBVYQCbBgyu
aahgD3gJnINDqeJLphsg4Vg=
=SA4k
-----END PGP SIGNATURE-----

--u3/rZRmxL6MmkK24--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060304174236.GA752>