Lin系统异常重启分析

2024年5月5日发(作者：)

Lin系统异常重启分析

reboot 这个命令是查看每次系统重启的信息

[root@dg01 log]# last reboot

reboot system boot 2.6.32-300.10.1. Thu May 29 22:48 (00:23)

reboot system boot 2.6.32-300.10.1. Thu May 29 22:08 (00:38)

。。。

其中最近的一次重启时间是May 29 22:48，距离当前时间已经运行了23分钟了，而

倒数第二次重启时间是May 29 22:08，运行了38分钟

[root@dg01 ~]# uptime

23:44:20 up 56 min, 2 users, load average: 0.04, 0.01, 0.00

Uptime显示了系统当前时间23:44:20，运行时间56 min，当前用户连接数为2，系

统的负载。

3.[root@dg01 ~]# w

23:46:21 up 58 min, 2 users, load average: 0.00, 0.00, 0.00

USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT

root pts/1 192.168.56.101 22:54 12:25 0.04s 0.04s -bash

root pts/2 192.168.56.101 23:33 0.00s 0.13s 0.00s w

w比uptime显示的信息更加丰富了，除了显示了uptime的信息外，还显示了下列

的信息：

user：显示登录的用户账号

TTY：用户登录所用的终端

FROM：显示用户在何处登录系统，这里显示的是IP：192.168.56.101，正是小鱼自

己本地IP地址

Login@：显示何时登录系统

IDLE：表示用户空闲时间，从用户上一次任何结束后开始计时

JCPU : 终端代号来区分，表示在摸段时间内，所有与该终端相关的进程所消耗的cpu

时间

PCPU：指what域的任务执行后消耗的cpu时间

What：表示当前执行的任务

[root@dg01 ~]# who

root pts/1 2014-05-29 22:54 (192.168.56.101)

root pts/2 2014-05-29 23:33 (192.168.56.101)

who显示登录系统的用户，输出的信息没有w全

5.我们来看看系统重启、关闭对应系统的后台日志输出信息

正常reboot时系统日志信息如下：

[root@dg01 log]# reboot

[root@dg01 log]# less messages

。。。

May 29 22:47:08 dg01 shutdown[3829]: shutting down for system reboot

May 29 22:47:09 dg01 smartd[3370]: smartd received signal 15: Terminated

May 29 22:47:09 dg01 smartd[3370]: smartd is exiting (exit status 0)

May 29 22:47:09 dg01 avahi-daemon[3298]: Got SIGTERM, quitting.

May 29 22:47:09 dg01 avahi-daemon[3298]: Leaving mDNS multicast grou

p on interface 6 with address fe80::a00:27ff:fea5:4e59.

May 29 22:47:09 dg01 avahi-daemon[3298]: Leaving mDNS multicast grou

p on interface 4 with address 192.168.56.110.

May 29 22:47:11 dg01 xinetd[2957]:

May 29 22:47:15 dg01 hcid[2721]: Got disconnected from the system messa

ge bus

May 29 22:47:15 dg01 multipathd: mpath1: stop event checker thread (1086

806336)

May 29 22:47:15 dg01 multipathd: --------shut down-------

May 29 22:47:16 dg01 auditd[2538]: The audit daemon is exiting.

May 29 22:47:16 dg01 kernel: type=1305 audit(1401418036.445:75): audit_pi

d=0 old=2538 auid=4294967295 ses=4294967295 res=1

May 29 22:47:16 dg01 pcscd: pcscdaemon.c:572:signal_trap() Preparing for s

uicide

May 29 22:47:17 dg01 pcscd: hotplug_libusb.c:376:HPRescanUsbBus() Hotplu

g stopped

May 29 22:47:17 dg01 pcscd: readerfactory.c:1379:RFCleanupReaders() enteri

ng cleaning function

May 29 22:47:17 dg01 pcscd: pcscdaemon.c:532:at_exit() cleaning /var/run

May 29 22:47:17 dg01 kernel: Kernel logging (proc) stopped.

May 29 22:47:17 dg01 kernel: Kernel log daemon terminating.

May 29 22:47:18 dg01 exiting on signal 15

--上面这部分是关于系统正常关闭的日志，看见有个很清晰的May 29 22:47:08 dg0

1 shutdown[3829]: shutting down for system reboot

May 29 22:48:34 dg01 syslogd 1.4.1: restart.

May 29 22:48:34 dg01 kernel: klogd 1.4.1, log source = /proc/kmsg started.

May 29 22:48:34 dg01 kernel: Initializing cgroup subsys cpuset

May 29 22:48:34 dg01 kernel: Initializing cgroup subsys cpu

May 29 22:48:34 dg01 kernel: Linux version 5uek (mockbuil

d@) (gcc version 4.1.2 20080704(Red Hat 4.1.2-50)) #1

SMP Wed Feb 22 17:37:40 EST 2012

May 29 22:48:34 dg01 kernel: Command line: ro root=LABEL=/ rhgb quiet

May 29 22:48:34 dg01 kernel: KERNEL supported cpus:

May 29 22:48:34 dg01 kernel: Intel GenuineIntel

May 29 22:48:34 dg01 kernel: AMD AuthenticAMD

May 29 22:48:34 dg01 kernel: Centaur CentaurHauls

May 29 22:48:34 dg01 kernel: BIOS-provided physical RAM map:

。。。

--上面这部分是启动正常重启的日志

shutdown –h now时输入信息如下：

[root@dg01 log]shutdown –h now

[root@dg01 log]# less messages

May 29 23:53:45 dg01 syslogd 1.4.1: restart.

May 30 04:02:29 dg01 shutdown[7138]: shutting down for system halt

May 30 04:02:31 dg01 smartd[3338]: smartd received signal 15: Terminated

May 30 04:02:31 dg01 smartd[3338]: smartd is exiting (exit status 0)

May 30 04:02:31 dg01 avahi-daemon[3266]: Got SIGTERM, quitting.

May 30 04:02:31 dg01 avahi-daemon[3266]: Leaving mDNS multicast grou

p on interface 6 with address fe80::a00:27ff:fea5:4e59.

May 30 04:02:31 dg01 avahi-daemon[3266]: Leaving mDNS multicast grou

p on interface 4 with address 192.168.56.110.

May 30 04:02:33 dg01 xinetd[2925]:

May 30 04:02:37 dg01 hcid[2689]: Got disconnected from the system messa

ge bus

May 30 04:02:37 dg01 multipathd: mpath1: stop event checker thread (1075

239232)

May 30 04:02:37 dg01 multipathd: --------shut down-------

May 30 04:02:38 dg01 auditd[2506]: The audit daemon is exiting.

May 30 04:02:38 dg01 kernel: type=1305 audit(1401436958.027:326): audit_p

id=0 old=2506 auid=4294967295 ses=4294967295 res=1

May 30 04:02:38 dg01 pcscd: pcscdaemon.c:572:signal_trap() Preparing for s

uicide

May 30 04:02:38 dg01 pcscd: hotplug_libusb.c:376:HPRescanUsbBus() Hotplu

g stopped

May 30 04:02:39 dg01 pcscd: readerfactory.c:1379:RFCleanupReaders() enteri

ng cleaning function

May 30 04:02:39 dg01 pcscd: pcscdaemon.c:532:at_exit() cleaning /var/run

May 30 04:02:39 dg01 kernel: Kernel logging (proc) stopped.

May 30 04:02:39 dg01 kernel: Kernel log daemon terminating.

May 30 04:02:40 dg01 exiting on signal 15

--这里也看见有May 30 04:02:29 dg01 shutdown[7138]: shutting down for sys

tem halt

表示是正常关机

而如果意外关机，输入日志中看不到正常关闭系统的信息，比如如下的日志信息：

May 25 04:03:02 APPServer4 syslogd 1.4.1: restart.

May 26 13:26:04 APPServer4 auditd[2985]: Audit daemon rotating log files

May 29 01:50:34 APPServer4 auditd[2985]: Audit daemon rotating log files

May 29 23:07:01 APPServer4 syslogd 1.4.1: restart.

May 29 23:07:01 APPServer4 kernel: klogd 1.4.1, log source = /proc/kmsg st

arted.

May 29 23:07:01 APPServer4 kernel: Linux version 5 (mockbuild

@) (gcc version 4.1.2 20080704 (RedHat 4.1.2-48)) #1 SMP F

ri Apr 2 14:58:14 EDT 2010

May 29 23:07:01 APPServer4 kernel: Command line: ro root=LABEL=/ rhgb q

uiet

May 29 23:07:01 APPServer4 kernel: BIOS-provided physical RAM map:

May 29 23:07:01 APPServer4 kernel: BIOS-e820: 0000 - 000000

000009bc00 (usable)

May 29 23:07:01 APPServer4 kernel: BIOS-e820: bc00 - 000000

00000a0000 (reserved)

May 29 23:07:01 APPServer4 kernel: BIOS-e820: e0000 - 000000

(reserved)

May 29 23:07:01 APPServer4 kernel: BIOS-e820: 0000 - 000000

00cff4b480 (usable)

May 29 23:07:01 APPServer4 kernel: BIOS-e820: 00000000cff4b480 - 0000000

0cff57b40 (ACPI data)

May 29 23:07:01 APPServer4 kernel: BIOS-e820: 00000000cff57b40 - 0000000

0e0000000 (reserved)

May 29 23:07:01 APPServer4 kernel: BIOS-e820: 00000000fec00000 - 000000

(reserved)

May 29 23:07:01 APPServer4 kernel: BIOS-e820: 0000 - 000000

03b0000000 (usable)

May 29 23:07:01 APPServer4 kernel: DMI 2.4 present.

Os只是May 29 23:07:01 APPServer4 kernel: klogd 1.4.1, log source = /proc/k

msg started.

进行了重启，但是之前并没有输出任何正常关机的命令，这个就需要我们配合硬件日

志来进行捕捉系统宕机原因了。