Date: Sat, 4 Mar 2006 11:42:49 -0600 From: "Kelly D. Grills" <kdgrills@the-grills.com> To: freebsd-questions@freebsd.org Subject: Re: How to figure out who shutdown box Message-ID: <20060304174236.GA752@the-grills.com> In-Reply-To: <Pine.BSO.4.58.0603041011130.14807@naughty.monkey.org> References: <Pine.BSO.4.58.0603041011130.14807@naughty.monkey.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Sat, Mar 04, 2006 at 10:24:17AM -0500, Jon Poland wrote: > > Hi, > I operate a colo box running FreeBSD 6.0-SECURITY. Yesterday the box > shutdown and powered off. I didn't execute shutdown or halt, and I'm the > only user who can. Here's what the logs tell me: > > /var/log/console.log: > Mar 3 11:24:29 kmart kernel: Shutting down daemon processes: > > /var/log/messages: > Mar 3 11:24:38 kmart syslogd: exiting on signal 15 > > last: (the important lines) > reboot ~ Fri Mar 3 13:10 > shutdown ~ Fri Mar 3 11:24 > > I don't see anything in any of the logs like "rebooted by X", etc. > > I'm not exactly sure how this can happen and looking for ideas. > Where are you logging security messages? I believe the default is to /var/log/security Have a look at /etc/syslog.conf and syslog.conf(5) You should see messages such as this in your security log: Mar 1 15:21:38 srv1 shutdown: reboot by kdgrills: -- Kelly D. Grills kdgrills@the-grills.com [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) Comment: PGP key: mailto:kdgrills-pgpkey@the-grills.com iD8DBQFECdGL7inS5LzF7HMRAp+zAJ9rY7hERk+0hMq0DzMWF7l80aBVYQCbBgyu aahgD3gJnINDqeJLphsg4Vg= =SA4k -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060304174236.GA752>