- 论坛徽章:
- 0
|
思路:查看以下文件
1、cat /var/log/messages
2、cat /var/log/secure
3、history
4、cat /var/log/acpid
系统是在今天早上04:01:47重启的;
/var/log/messages临近记录:- Mar 18 16:38:08 slkj_khxt -- slkj[16557]: LOGIN ON pts/1 BY slkj FROM 168.34.5.252
- Mar 18 16:38:09 slkj_khxt kernel: mtrr: type mismatch for e8000000,4000000 old: uncachable new: write-combining
- Mar 18 16:38:20 slkj_khxt su(pam_unix)[17424]: session opened for user informix by slkj(uid=501)
- Mar 18 16:39:38 slkj_khxt su(pam_unix)[17424]: session closed for user informix
- Mar 18 16:42:31 slkj_khxt remote(pam_unix)[16557]: session closed for user slkj
- Mar 18 16:42:35 slkj_khxt remote(pam_unix)[17463]: session opened for user slkj by (uid=0)
- Mar 18 16:42:35 slkj_khxt -- slkj[17463]: LOGIN ON pts/1 BY slkj FROM 168.34.5.252
- Mar 18 17:13:08 slkj_khxt remote(pam_unix)[17501]: session opened for user informix by (uid=0)
- Mar 18 17:13:08 slkj_khxt -- informix[17501]: LOGIN ON pts/2 BY informix FROM 168.34.5.252
- Mar 18 17:13:34 slkj_khxt su(pam_unix)[17531]: session opened for user root by informix(uid=500)
- Mar 18 18:54:26 slkj_khxt remote(pam_unix)[17463]: session closed for user slkj
- Mar 18 19:30:30 slkj_khxt remote(pam_unix)[17501]: session closed for user informix
- Mar 18 19:30:30 slkj_khxt su(pam_unix)[17531]: session closed for user root
- Mar 19 04:01:47 slkj_khxt syslogd 1.4.1: restart.
- Mar 19 04:01:47 slkj_khxt syslog: syslogd 启动 succeeded
- Mar 19 04:01:47 slkj_khxt kernel: klogd 1.4.1, log source = /proc/kmsg started.
- Mar 19 04:01:47 slkj_khxt kernel: Bootdata ok (command line is ro root=LABEL=/ rhgb quiet)
- Mar 19 04:01:47 slkj_khxt kernel: Linux version 2.6.9-78.ELlargesmp (brewbuilder@ls20-bc2-14.build.redhat.com) (gc
- c version 3.4.6 20060404 (Red Hat 3.4.6-10)) #1 SMP Wed Jul 9 16:03:59 EDT 2008
- Mar 19 04:01:47 slkj_khxt kernel: BIOS-provided physical RAM map:
复制代码 /var/log/secure临近日志:
- Mar 18 16:38:03 slkj_khxt xinetd[16197]: START: telnet pid=16556 from=168.34.5.252
- Mar 18 16:42:32 slkj_khxt xinetd[16197]: START: telnet pid=17462 from=168.34.5.252
- Mar 18 17:13:03 slkj_khxt xinetd[16197]: START: telnet pid=17500 from=168.34.5.252
- Mar 19 04:01:49 slkj_khxt sshd[13799]: Server listening on :: port 22.
- Mar 19 04:01:49 slkj_khxt sshd[13799]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
复制代码 history没有临近可以命令;
cat /var/log/acpid ---- 这个日志就有点可疑了:- [Tue Mar 16 13:08:36 2010] starting up
- [Tue Mar 16 13:08:36 2010] 1 rule loaded
- [Tue Mar 16 14:19:08 2010] exiting
- [Tue Mar 16 14:22:47 2010] starting up
- [Tue Mar 16 14:22:47 2010] 1 rule loaded
- [Tue Mar 16 15:22:43 2010] exiting
- [Tue Mar 16 15:26:23 2010] starting up
- [Tue Mar 16 15:26:23 2010] 1 rule loaded
- [Wed Mar 17 20:22:37 2010] starting up
- [Wed Mar 17 20:22:37 2010] 1 rule loaded
- [Thu Mar 18 16:01:32 2010] exiting
- [Thu Mar 18 16:05:12 2010] starting up
- [Thu Mar 18 16:05:12 2010] 1 rule loaded
- [Thu Mar 18 16:31:11 2010] exiting
- [Thu Mar 18 16:34:52 2010] starting up
- [Thu Mar 18 16:34:52 2010] 1 rule loaded
- [Fri Mar 19 04:01:48 2010] starting up
- [Fri Mar 19 04:01:48 2010] 1 rule loaded
复制代码 注意看/var/log/acpid 这个文件尾部:Thu Mar 18 16:34:52 启动之后没有正常的exiting日志就接到今天早上4点的starting up;
昨天下午我设了一个服务,功能是在计算机重启或关机之前关闭数据库,以下是我的操作:
1:脚本文件
/etc/init.d/OS_halt_onmodeDB:
很简单,就是设置下环境然后执行关闭数据库命令;
2:创建链接
ln -s /etc/init.d/OS_halt_onmodeDB /etc/rc.d/rc0.d/K00OS_halt_onmodeDB
ln -s /etc/init.d/OS_halt_onmodeDB /etc/rc.d/rc5.d/K00OS_halt_onmodeDB
3:在/etc/rc.local添加:
touch /var/lock/subsys/OS_halt_onmodeDB
;;;
按/var/log/acpid这个文件来看是系统在上一次关机时没有正常结束导致重启,上一次的重启花了8分多钟,平时只要4分钟就起来的;
/etc/init.d/OS_halt_onmodeDB这个脚本我用root执行时是很顺利的,目前这机器还没开始用,数据库是空的,排除关闭数据库失败,所以我怀疑是我做服务的步骤有问题; |
|