Does this log indicate the server reboooted?
I have a webserver I think rebooted at some point .. mostly because apache wasn't serving sites and it usually does that when someone starts it and doesn't enter the SSL cert's password ... and a reboot/start fixed the problem. Looking around in /var/log/messages
, the very first log entries today are:
Jun 30 05:17:40 localhost kernel: imklog 4.2.0, log source = /proc/kmsg started.
Jun 30 05:17:40 localhost rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="393" x-info="http://www.rsyslog.com"] (re)start
Jun 30 05:17:40 localhost rsyslogd: rsyslogd's groupid changed to 103
Jun 30 05:17:40 localhost rsyslogd: rsyslogd's userid changed to 101
I'm assuming that means it was a reboot, but I know so little about real server administration, I wanted to verify this. I can post the rest of messages
if it would be helpful. The entry prior to these, was the following once per day:
Jun 29 06:34:11 localhost rsyslogd: [origin software="rsyslogd" swVersion="4.2.0" x-pid="350" x-info="http://www.rsyslog.com"] rsyslogd was HUPed, type 'lightweight'.
So do these indicate a server reboot as I am guessing? Is there any way to determine what caused the reboot? Or if a person did it?
Easiest way to see if it recently rebooted is just to type,
uptime
If you want to check over intentional reboots, then type,
lastlog
If there is no record of a deliberate reboot or power button press, yet it had restarted, you'll have to begin a standard diagnostic procedure to find out why it restarted. Start by looking ar server graphs for memory over allocation or overheating. There are quite a few things that can cause random reboots that won't log (kernel panic, watchdog etc.) - but remotely logging the serial console will give you this vital information.
uptime will show you how long it's been up since the last reboot.
last will show you the last logged in users, and it will also show you if it detects a regular reboot request.
who will show you who is logged on now. Make sure that you are the only one logged in or that you can account for all connections.
Of more importance are the lines before that syslog line. It might give us something, and it might not. Contact whomever is hosting your server and see if they had some kind of scheduled or unscheduled power outage or reboot. The most concerning thing is not that the server was rebooted, but that it was done without your knowledge. Also note that flaky or failing hardware can sometimes reboot on its own, so contacting your hosting provider to find out if they did it or detected anything should be your first step.