From owner-freebsd-questions Tue Oct 20 10:01:31 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA08435 for freebsd-questions-outgoing; Tue, 20 Oct 1998 10:01:31 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mh2.cts.com (mh2.cts.com [209.68.192.68]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA08430 for ; Tue, 20 Oct 1998 10:01:29 -0700 (PDT) (envelope-from preeper@cts.com) Received: from sgt361.cts.com (gt361.cts.com [204.212.158.91]) by mh2.cts.com (8.8.7/8.8.5) with SMTP id KAA20704 for ; Tue, 20 Oct 1998 10:00:59 -0700 (PDT) Message-Id: <3.0.5.32.19981020100028.008c08b0@crash.cts.com> X-Sender: preeper@crash.cts.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Tue, 20 Oct 1998 10:00:28 -0700 To: freebsd-questions@FreeBSD.ORG From: Jerry Preeper Subject: post crash help needed Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello My colocated web server (running FreeBSD 2-2-6Release and Apache 1.30 (I believe) just crashed and I have not been able to get in touch with my system administrator. I have been able to get the server back up and running again by having my service provider log in at the console and issuing the shutdown command and rebooting. I have changed the root password almost immediately after I have seen the system come back up. Now my question is, since I can't find my sysadmin, where should I look for the cause of the crash and to see if it was just a hiccup or a security break or some sort of DoS attack? I have checked last -50 and don't see any logins for about 45 minutes before it crashed. I have a cron job that runs a system check and emails me the results hourly, it looks like I got one right before it crashed with the following message in it: ping: sendto: No buffer space available I found out it crashed when my colocate company called and said it dropped ping. I was on the machine less than 15 minutes before they called so it wasn't down for too long. I also checked /var/log/messages and all I see are some standard ftp messages (session closed, no transfer time out, etc..) right before the reboot message. The dmesg.today file is dated Oct 15 and doesn't have any helpful info. ipfw.today is also dated Oct 15 I checked maillog and don't see anything unusual there either. The xferlog file shows only normal ftp activity that I can see. Can anyone be of assistance in identifying what might have happened? Jerry Preeper preeper@cts.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message