Thank you for reading this post, don't forget to subscribe!
Как узнать время перезагрузки
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
$ <span class="token function">who</span> -b system boot 2021-02-13 20:51 $ last -x <span class="token operator">|</span> <span class="token function">head</span> <span class="token operator">|</span> tac abhishek pts/0 192.168.1.16 Sat Feb 13 19:53 - 19:55 <span class="token punctuation">(</span>00:02<span class="token punctuation">)</span> <span class="token function">reboot</span> system boot 3.10.0-1160.11.1 Sat Feb 13 19:55 - 20:54 <span class="token punctuation">(</span>00:58<span class="token punctuation">)</span> runlevel <span class="token punctuation">(</span>to lvl 3<span class="token punctuation">)</span> 3.10.0-1160.11.1 Sat Feb 13 19:55 - 20:04 <span class="token punctuation">(</span>00:08<span class="token punctuation">)</span> abhishek pts/0 192.168.1.16 Sat Feb 13 19:56 - 20:04 <span class="token punctuation">(</span>00:07<span class="token punctuation">)</span> <span class="token function">reboot</span> system boot 3.10.0-1160.11.1 Sat Feb 13 20:04 - 20:54 <span class="token punctuation">(</span>00:49<span class="token punctuation">)</span> runlevel <span class="token punctuation">(</span>to lvl 3<span class="token punctuation">)</span> 3.10.0-1160.11.1 Sat Feb 13 20:04 - 20:51 <span class="token punctuation">(</span>00:46<span class="token punctuation">)</span> abhishek pts/0 192.168.1.16 Sat Feb 13 20:04 - 20:50 <span class="token punctuation">(</span>00:46<span class="token punctuation">)</span> <span class="token function">reboot</span> system boot 3.10.0-1160.11.1 Sat Feb 13 20:51 - 20:54 <span class="token punctuation">(</span>00:03<span class="token punctuation">)</span> runlevel <span class="token punctuation">(</span>to lvl 3<span class="token punctuation">)</span> 3.10.0-1160.11.1 Sat Feb 13 20:51 - 20:54 <span class="token punctuation">(</span>00:02<span class="token punctuation">)</span> abhishek pts/0 192.168.1.16 Sat Feb 13 20:51 still logged <span class="token keyword">in</span> $ |
Как проверить системные сообщения
Кроме того, вы можете соотнести перезагрузку, которую хотите диагностировать, с системными сообщениями.
В системех CentOS / RHEL вы найдете логи в /var/log/messages, а в системах Ubuntu / Debian – в /var/log/syslog.
Вы можете просто использовать команду tail или свой любимый текстовый редактор, чтобы отфильтровать или найти определенные данные
Как видно из приведенных ниже журналов, такие логи предполагают завершение работы / перезагрузку, инициированную администратором или пользователем root.
Эти сообщения могут различаться в зависимости от типа ОС и способа перезагрузки / выключения, но вы всегда найдете полезную информацию, просматривая системные журналы, хотя она может быть недостаточно явной, чтобы каждый раз точно определять причину.
1 2 3 4 5 6 7 |
Feb 13 19:56:20 centos7vm chronyd<span class="token punctuation">[</span>637<span class="token punctuation">]</span>: Source 72.30.35.89 replaced with 142.147.92.5 Feb 13 20:00:40 centos7vm chronyd<span class="token punctuation">[</span>637<span class="token punctuation">]</span>: Selected <span class="token function">source</span> 162.159.200.123 Feb 13 20:01:01 centos7vm systemd: Created slice User Slice of root. Feb 13 20:01:01 centos7vm systemd: Started Session 2 of user root. Feb 13 20:04:09 centos7vm systemd-logind: System is powering down. Feb 13 20:04:09 centos7vm systemd: Closed LVM2 poll daemon socket. Feb 13 20:04:09 centos7vm systemd: Stopped target Multi-User System. |
1 2 3 |
<span class="token function">sudo</span> <span class="token function">grep</span> -iv <span class="token string">': starting\|kernel: .*: Power Button\|watching system buttons\|Stopped Cleaning Up\|Started Crash recovery kernel'</span> \ /var/log/messages /var/log/syslog /var/log/apcupsd* \ <span class="token operator">|</span> <span class="token function">grep</span> -iw <span class="token string">'recover[a-z]*\|power[a-z]*\|shut[a-z ]*down\|rsyslogd\|ups'</span> |
Захваченные события не всегда могут быть конкретными.
Всегда отслеживайте события, которые дают признаки предупреждений или ошибок, которые могут привести к отключению питания / сбою системы.
Как проверить логи auditd
1 2 |
$ <span class="token function">sudo</span> ausearch -i -m system_boot,system_shutdown <span class="token operator">|</span> <span class="token function">tail</span> -4 |
1 2 3 4 5 6 |
$ <span class="token function">sudo</span> ausearch -i -m system_boot,system_shutdown <span class="token operator">|</span> <span class="token function">tail</span> -4 ---- type<span class="token operator">=</span>SYSTEM_SHUTDOWN msg<span class="token operator">=</span>audit<span class="token punctuation">(</span>Saturday 13 February 2021 A.852:8<span class="token punctuation">)</span> <span class="token keyword">:</span> pid<span class="token operator">=</span>621 uid<span class="token operator">=</span>root auid<span class="token operator">=</span>unset ses<span class="token operator">=</span>unset subj<span class="token operator">=</span>system_u:system_r:init_t:s0 msg<span class="token operator">=</span><span class="token string">' comm=systemd-update-utmp exe=/usr/lib/systemd/systemd-update-utmp hostname=? addr=? terminal=? res=success'</span> ---- type<span class="token operator">=</span>SYSTEM_BOOT msg<span class="token operator">=</span>audit<span class="token punctuation">(</span>Saturday 13 February 2021 A.368:8<span class="token punctuation">)</span> <span class="token keyword">:</span> pid<span class="token operator">=</span>622 uid<span class="token operator">=</span>root auid<span class="token operator">=</span>unset ses<span class="token operator">=</span>unset subj<span class="token operator">=</span>system_u:system_r:init_t:s0 msg<span class="token operator">=</span><span class="token string">' comm=systemd-update-utmp exe=/usr/lib/systemd/systemd-update-utmp hostname=? addr=? terminal=? res=success'</span> $ |
1 2 3 4 5 6 |
$ <span class="token function">sudo</span> ausearch -i -m system_boot,system_shutdown <span class="token operator">|</span> <span class="token function">tail</span> -4 ---- type<span class="token operator">=</span>SYSTEM_BOOT msg<span class="token operator">=</span>audit<span class="token punctuation">(</span>Saturday 13 February 2021 A.852:8<span class="token punctuation">)</span> <span class="token keyword">:</span> pid<span class="token operator">=</span>621 uid<span class="token operator">=</span>root auid<span class="token operator">=</span>unset ses<span class="token operator">=</span>unset subj<span class="token operator">=</span>system_u:system_r:init_t:s0 msg<span class="token operator">=</span><span class="token string">' comm=systemd-update-utmp exe=/usr/lib/systemd/systemd-update-utmp hostname=? addr=? terminal=? res=success'</span> ---- type<span class="token operator">=</span>SYSTEM_BOOT msg<span class="token operator">=</span>audit<span class="token punctuation">(</span>Saturday 13 February 2021 A.368:8<span class="token punctuation">)</span> <span class="token keyword">:</span> pid<span class="token operator">=</span>622 uid<span class="token operator">=</span>root auid<span class="token operator">=</span>unset ses<span class="token operator">=</span>unset subj<span class="token operator">=</span>system_u:system_r:init_t:s0 msg<span class="token operator">=</span><span class="token string">' comm=systemd-update-utmp exe=/usr/lib/systemd/systemd-update-utmp hostname=? addr=? terminal=? res=success'</span> $ |
Как проанализировать логи systemd
Для этого вы можете внести изменения в /etc/systemd/journald.conf или создать каталог самостоятельно с помощью следующих команд:
1 2 3 |
$ <span class="token function">sudo</span> <span class="token function">mkdir</span> /var/log/journal $ <span class="token function">sudo</span> systemd-tmpfiles --create --prefix /var/log/journal 2<span class="token operator">></span>/dev/null $ <span class="token function">sudo</span> systemctl -s SIGUSR1 <span class="token function">kill</span> systemd-journald |
1 |
$ journalctl --list-boots |
1 2 |
journalctl --list-boots 0 0cd236878cdf4827a800b2c8b1ac78d7 Mon 2021-02-08 16:05:27 MSK—Mon 2021-02-15 09:13:19 MSK |
Для дальнейшего анализа конкретной перезагрузки используйте:
1 |
$ journalctl -b <span class="token punctuation">{</span>num<span class="token punctuation">}</span> -n |
1 2 3 4 5 6 7 8 9 10 11 12 13 |
$ journalctl -b -1 -n -- Logs begin at Wed 2020-11-18 23:09:05 IST, end at Sat 2021-02-13 21:13:39 IST. -- Feb 13 20:23:18 ubuntumate20vm systemd<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: lvm2-monitor.service: Succeeded. Feb 13 20:23:18 ubuntumate20vm systemd<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: Stopped Monitoring of LVM2 mirrors, snapshots etc. using dmeventd or progress polling. Feb 13 20:23:18 ubuntumate20vm systemd<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: Reached target Shutdown. Feb 13 20:23:18 ubuntumate20vm systemd<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: Reached target Final Step. Feb 13 20:23:18 ubuntumate20vm systemd<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: systemd-poweroff.service: Succeeded. Feb 13 20:23:18 ubuntumate20vm systemd<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: Finished Power-Off. Feb 13 20:23:18 ubuntumate20vm systemd<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: Reached target Power-Off. Feb 13 20:23:18 ubuntumate20vm systemd<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: Shutting down. Feb 13 20:23:18 ubuntumate20vm systemd-shutdown<span class="token punctuation">[</span>1<span class="token punctuation">]</span>: Syncing filesystems and block devices. Feb 13 20:23:18 ubuntumate20vm systemd-journald<span class="token punctuation">[</span>304<span class="token punctuation">]</span>: Journal stopped $ |