Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

System shutdown

Status
Not open for further replies.
nitinkgoud

nitinkgoud

IS-IT--Management
Jun 28, 2006
87
0
0
US
Hi Guys,
I was setting up a system for a new project.
But last weekend someone/something rebooted the system and on tuesday we found that the system was at OK prompt.
I want to find who or what did it?
Any suggestions on what to look at ?
I used dmesg,last and looked at /var/adm/messages?
Can you please tell me what to look at in these files/commands or any other command!

Please help.
 
Sort by date Sort by votes
nitinkgoud;

double check and make sure that power management is not set up to shut the system down.

Thanks

CA
 
Upvote 0 Downvote
first of all, I hope you do not have it so you can log in directly as root. If you do, and someone did do this, good luck finding out who did it. As a rule a user should be forced to 'su' to root, you can find a record of users or accounts that 'su' to root in the /var/adm/sulog. The only other instance that I notice it is hard to manage is if you have an account on a box that has root priviledges, usually a generic account that many people know the passwd to. This is annoying and a risk, but sometimes out of your hands.

maybe you can find an entry in the sulog and compare it to when the system rebooted...The 'last' command should tell you when the system was rebooted last.


hope this helps
 
Upvote 0 Downvote
nitinkgoud;

Couple more things to check. Is auto-boot set to true or false?

When it was at the ok prompt did you type boot or poweroff then on the system. If it was a crash (if you just typed boot) check your /var/crash/(hostname) and look for unix.# and vmcore.#.

also do more /var/adm/messages | grep -i warning and make sure you were not getting any warnings.


CA

 
Upvote 0 Downvote
To go along with Nitinkgoud's post, I believe if it was a crash and your system is at the 'ok' prompt. it is a good process to type 'sync' prior to typing boot. I believe this writes what is in memory to disk as far as errors/core.

I believe.


check prtdiag -v , see if you see anything out of the ordinary there, maybe something failed, usually though if something fails there it is recorded in the messages file, but who knows sometimes these systems have a mind of their own.
 
Upvote 0 Downvote
Hi Guys,
I raised a call with sun gave them the explorer output, they could not find the reason.
I did not see a core dump.......because i did not use sync at ok prompt.
And yes people can log in as root directly to this box!!

Thanks for the time and effort guys.
 
Upvote 0 Downvote
You can check the last command see who logged on before it shutdown. Odds are though they logged in as root, I hate when people change stuff and what not. I work with a guy now who constantly makes changes to systems and scripts that I wrote that have been working forever. He still never admits he did it, when I have the proof right in his face.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MauroCMSVR
  • Locked
  • Question
Print as PDF file in Solaris System
Replies
0
Views
86
MauroCMSVR
MauroCMSVR
CChambleeJr
  • Locked
  • Question
How to create file system on USB Drive
Replies
1
Views
78
SamBones
SamBones
smishra
  • Locked
  • Question
system hang issue
Replies
0
Views
28
smishra
smishra
jagandadi
  • Locked
  • Question
System files ownership got changed
Replies
1
Views
48
goBoating
goBoating
samkal
  • Locked
  • Question
Image Packaging Systems
Replies
1
Views
28
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top