linux系统判断是否重启、关机、查询登录诊断分析简介

最近有linux系统服务器总是出现意外关机,客户想让我们对着进行查询,小鱼非硬件和系统工程师出身,但是作为日常维护还是需要了解下系统关机、重启、登录等信息

Last reboot这个命令是查看每次系统重启的信息
[root@dg01 log]# last reboot
reboot   system boot  2.6.32-300.10.1. Thu May 29 22:48          (00:23)    
reboot   system boot  2.6.32-300.10.1. Thu May 29 22:08          (00:38)  
。。。

其中最近的一次重启时间是May 29 22:48,距离当前时间已经运行了23分钟了,而倒数第二次重启时间是May 29 22:08,运行了38分钟

Uptime
[root@dg01 ~]# uptime
23:44:20 up 56 min,  2 users,  load average: 0.04, 0.01, 0.00

Uptime显示了系统当前时间23:44:20,运行时间56 min,当前用户连接数为2,系统的负载。

[root@dg01 ~]# w
 23:46:21 up 58 min,  2 users,  load average: 0.00, 0.00, 0.00
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     pts/1    192.168.56.101   22:54   12:25   0.04s  0.04s -bash
root     pts/2    192.168.56.101   23:33    0.00s  0.13s  0.00s w

w比uptime显示的信息更加丰富了,除了显示了uptime的信息外,还显示了下列的信息:
user:显示登录的用户账号
TTY:用户登录所用的终端
FROM:显示用户在何处登录系统,这里显示的是IP:192.168.56.101,正是小鱼自己本地IP地址
Login@:显示何时登录系统
IDLE:表示用户空闲时间,从用户上一次任何结束后开始计时
JCPU : 终端代号来区分,表示在摸段时间内,所有与该终端相关的进程所消耗的cpu时间
PCPU:指what域的任务执行后消耗的cpu时间
What:表示当前执行的任务

Who
[root@dg01 ~]# who
root     pts/1        2014-05-29 22:54 (192.168.56.101)
root     pts/2        2014-05-29 23:33 (192.168.56.101)

who显示登录系统的用户,输出的信息没有w全

我们来看看系统重启 关闭对应系统的后台日志输出信息

正常reboot时系统日志信息如下:
[root@dg01 log]# reboot
[root@dg01 log]# less messages
。。。
May 29 22:47:08 dg01 shutdown[3829]: shutting down for system reboot
May 29 22:47:09 dg01 smartd[3370]: smartd received signal 15: Terminated
May 29 22:47:09 dg01 smartd[3370]: smartd is exiting (exit status 0)
May 29 22:47:09 dg01 avahi-daemon[3298]: Got SIGTERM, quitting.
May 29 22:47:09 dg01 avahi-daemon[3298]: Leaving mDNS multicast group on interface bond0.IPv6 with address fe80::a00:27ff:fea5:4e59.
May 29 22:47:09 dg01 avahi-daemon[3298]: Leaving mDNS multicast group on interface bond0.IPv4 with address 192.168.56.110.
May 29 22:47:11 dg01 xinetd[2957]: Exiting...
May 29 22:47:15 dg01 hcid[2721]: Got disconnected from the system message bus
May 29 22:47:15 dg01 multipathd: mpath1: stop event checker thread (1086806336)
May 29 22:47:15 dg01 multipathd: --------shut down-------
May 29 22:47:16 dg01 auditd[2538]: The audit daemon is exiting.
May 29 22:47:16 dg01 kernel: type=1305 audit(1401418036.445:75): audit_pid=0 old=2538 auid=4294967295 ses=4294967295 res=1
May 29 22:47:16 dg01 pcscd: pcscdaemon.c:572:signal_trap() Preparing for suicide
May 29 22:47:17 dg01 pcscd: hotplug_libusb.c:376:HPRescanUsbBus() Hotplug stopped
May 29 22:47:17 dg01 pcscd: readerfactory.c:1379:RFCleanupReaders() entering cleaning function
May 29 22:47:17 dg01 pcscd: pcscdaemon.c:532:at_exit() cleaning /var/run
May 29 22:47:17 dg01 kernel: Kernel logging (proc) stopped.
May 29 22:47:17 dg01 kernel: Kernel log daemon terminating.
May 29 22:47:18 dg01 exiting on signal 15

--上面这部分是关于系统正常关闭的日志,看见有个很清晰的May 29 22:47:08 dg01 shutdown[3829]: shutting down for system reboot

May 29 22:48:34 dg01 syslogd 1.4.1: restart.
May 29 22:48:34 dg01 kernel: klogd 1.4.1, log source = /proc/kmsg started.
May 29 22:48:34 dg01 kernel: Initializing cgroup subsys cpuset
May 29 22:48:34 dg01 kernel: Initializing cgroup subsys cpu
May 29 22:48:34 dg01 kernel: Linux version 2.6.32-300.10.1.el5uek (mockbuild@ca-build56.us.oracle.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-50)) #1 SMP Wed Feb 22 17:37:40 EST 2012
May 29 22:48:34 dg01 kernel: Command line: ro root=LABEL=/ rhgb quiet
May 29 22:48:34 dg01 kernel: KERNEL supported cpus:
May 29 22:48:34 dg01 kernel:   Intel GenuineIntel
May 29 22:48:34 dg01 kernel:   AMD AuthenticAMD
May 29 22:48:34 dg01 kernel:   Centaur CentaurHauls
May 29 22:48:34 dg01 kernel: BIOS-provided physical RAM map:
。。。
--上面这部分是启动正常重启的日志

shutdown –h now时输入信息如下:
[root@dg01 log]shutdown –h now
[root@dg01 log]# less messages
May 29 23:53:45 dg01 syslogd 1.4.1: restart.
May 30 04:02:29 dg01 shutdown[7138]: shutting down for system halt
May 30 04:02:31 dg01 smartd[3338]: smartd received signal 15: Terminated
May 30 04:02:31 dg01 smartd[3338]: smartd is exiting (exit status 0)
May 30 04:02:31 dg01 avahi-daemon[3266]: Got SIGTERM, quitting.
May 30 04:02:31 dg01 avahi-daemon[3266]: Leaving mDNS multicast group on interface bond0.IPv6 with address fe80::a00:27ff:fea5:4e59.
May 30 04:02:31 dg01 avahi-daemon[3266]: Leaving mDNS multicast group on interface bond0.IPv4 with address 192.168.56.110.
May 30 04:02:33 dg01 xinetd[2925]: Exiting...
May 30 04:02:37 dg01 hcid[2689]: Got disconnected from the system message bus
May 30 04:02:37 dg01 multipathd: mpath1: stop event checker thread (1075239232)
May 30 04:02:37 dg01 multipathd: --------shut down-------
May 30 04:02:38 dg01 auditd[2506]: The audit daemon is exiting.
May 30 04:02:38 dg01 kernel: type=1305 audit(1401436958.027:326): audit_pid=0 old=2506 auid=4294967295 ses=4294967295 res=1
May 30 04:02:38 dg01 pcscd: pcscdaemon.c:572:signal_trap() Preparing for suicide
May 30 04:02:38 dg01 pcscd: hotplug_libusb.c:376:HPRescanUsbBus() Hotplug stopped
May 30 04:02:39 dg01 pcscd: readerfactory.c:1379:RFCleanupReaders() entering cleaning function
May 30 04:02:39 dg01 pcscd: pcscdaemon.c:532:at_exit() cleaning /var/run
May 30 04:02:39 dg01 kernel: Kernel logging (proc) stopped.
May 30 04:02:39 dg01 kernel: Kernel log daemon terminating.
May 30 04:02:40 dg01 exiting on signal 15

--这里也看见有May 30 04:02:29 dg01 shutdown[7138]: shutting down for system halt
表示是正常关机

而如果意外关机,输入日志中看不到正常关闭系统的信息,比如如下的日志信息:
May 25 04:03:02 APPServer4 syslogd 1.4.1: restart.
May 26 13:26:04 APPServer4 auditd[2985]: Audit daemon rotating log files
May 29 01:50:34 APPServer4 auditd[2985]: Audit daemon rotating log files
May 29 23:07:01 APPServer4 syslogd 1.4.1: restart.
May 29 23:07:01 APPServer4 kernel: klogd 1.4.1, log source = /proc/kmsg started.
May 29 23:07:01 APPServer4 kernel: Linux version 2.6.18-194.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Fri Apr 2 14:58:14 EDT 2010
May 29 23:07:01 APPServer4 kernel: Command line: ro root=LABEL=/ rhgb quiet
May 29 23:07:01 APPServer4 kernel: BIOS-provided physical RAM map:
May 29 23:07:01 APPServer4 kernel:  BIOS-e820: 0000000000010000 - 000000000009bc00 (usable)
May 29 23:07:01 APPServer4 kernel:  BIOS-e820: 000000000009bc00 - 00000000000a0000 (reserved)
May 29 23:07:01 APPServer4 kernel:  BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
May 29 23:07:01 APPServer4 kernel:  BIOS-e820: 0000000000100000 - 00000000cff4b480 (usable)
May 29 23:07:01 APPServer4 kernel:  BIOS-e820: 00000000cff4b480 - 00000000cff57b40 (ACPI data)
May 29 23:07:01 APPServer4 kernel:  BIOS-e820: 00000000cff57b40 - 00000000e0000000 (reserved)
May 29 23:07:01 APPServer4 kernel:  BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)
May 29 23:07:01 APPServer4 kernel:  BIOS-e820: 0000000100000000 - 00000003b0000000 (usable)
May 29 23:07:01 APPServer4 kernel: DMI 2.4 present.

Os只是May 29 23:07:01 APPServer4 kernel: klogd 1.4.1, log source = /proc/kmsg started.
进行了重启,但是之前并没有输出任何正常关机的命令,这个就需要我们配合硬件日志来进行捕捉系统宕机原因了。

About xiaoyu

xiaoyu,享受数据库带给xiaoyu的乐趣! 13439818916@163.com 欢迎邮件联系讨论
This entry was posted in linux、unix、windows. Bookmark the permalink.