{{tag>Brouillon}}
= Notes uptime reboot shutdown stime
Voir les fichiers :
* /var/log/auth.log
* /var/log/secure
* /var/log/audit/audit.log
# uptime
15:00:24 up 3:15, 5 users, load average: 0.39, 0.45, 0.50
# ps -p 1 -o stime
STIME
11:44
# who -b
démarrage système 2018-11-30 11:44
# lastb
tty1 Fri Nov 30 11:51 - 11:51 (00:00)
btmp begins Fri Nov 30 11:51:28 2018
# last reboot
# last -aiF
# last -a --dns
# last -x
# last -x shutdown reboot root
# last -5 shutdown reboot root
$ uptime -s
2018-11-30 08:01:03
== Auditd aureport
Voir : [[Notes auditd]]
# aureport -ts 30/11/2018 11:30:00 -te 30/11/2018 11:45:00 -e -i
Event Report
===================================
# date time event type auid success
===================================
1. 30/11/2018 11:35:39 1272 CRYPTO_SESSION user1 yes
2. 30/11/2018 11:35:39 1273 CRYPTO_SESSION user1 yes
3. 30/11/2018 11:35:40 1274 CRYPTO_KEY_USER user1 yes
4. 30/11/2018 11:35:40 1275 CRYPTO_KEY_USER user1 yes
5. 30/11/2018 11:44:03 1276 SYSTEM_RUNLEVEL unset yes
6. 30/11/2018 11:44:03 1277 SYSTEM_SHUTDOWN unset yes
7. 30/11/2018 11:44:06 1281 CRYPTO_KEY_USER unset yes
8. 30/11/2018 11:44:06 1282 CRYPTO_KEY_USER unset yes
9. 30/11/2018 11:44:06 1283 USER_END user1 yes
# aureport -ts 30/11/2018 11:42:00 -te 30/11/2018 11:45:00 -tm
Terminal Report
====================================
# date time term host exe auid event
====================================
1. 30/11/2018 11:44:03 ? ? /sbin/shutdown -1 1276
2. 30/11/2018 11:44:03 ? ? /sbin/shutdown -1 1277
3. 30/11/2018 11:44:06 ? ? /usr/sbin/sshd -1 1281
4. 30/11/2018 11:44:06 ? ? /usr/sbin/sshd -1 1282
5. 30/11/2018 11:44:06 ssh 192.168.2.21 /usr/sbin/sshd 5005 1283
6. 30/11/2018 11:44:06 ssh 192.168.2.21 /usr/sbin/sshd 5005 1284
7. 30/11/2018 11:44:06 ssh 192.168.2.21 /usr/sbin/sshd 5005 1285
8. 30/11/2018 11:44:06 ssh 192.168.2.21 /usr/sbin/sshd 5005 1286
# aureport -ts 30/11/2018 11:00:00 -te 30/11/2018 11:45:00 -u -i
User ID Report
====================================
# date time auid term host exe event
====================================
1. 30/11/2018 11:01:01 unset cron ? /usr/sbin/crond 1266
2. 30/11/2018 11:01:01 unset cron ? /usr/sbin/crond 1267
3. 30/11/2018 11:01:01 root ? ? ? 1268
4. 30/11/2018 11:01:01 root cron ? /usr/sbin/crond 1269
5. 30/11/2018 11:01:01 root cron ? /usr/sbin/crond 1270
6. 30/11/2018 11:01:01 root cron ? /usr/sbin/crond 1271
7. 30/11/2018 11:35:39 user1 ? 192.168.2.21 /usr/sbin/sshd 1272
8. 30/11/2018 11:35:39 user1 ? 192.168.2.21 /usr/sbin/sshd 1273
9. 30/11/2018 11:35:40 user1 ? 192.168.2.21 /usr/sbin/sshd 1274
10. 30/11/2018 11:35:40 user1 ? 192.168.2.21 /usr/sbin/sshd 1275
11. 30/11/2018 11:44:03 unset ? ? /sbin/shutdown 1276
12. 30/11/2018 11:44:03 unset ? ? /sbin/shutdown 1277
13. 30/11/2018 11:44:06 unset ? ? /usr/sbin/sshd 1281
14. 30/11/2018 11:44:06 unset ? ? /usr/sbin/sshd 1282
15. 30/11/2018 11:44:06 user1 ssh 192.168.2.21 /usr/sbin/sshd 1283
16. 30/11/2018 11:44:06 user1 ssh 192.168.2.21 /usr/sbin/sshd 1284
17. 30/11/2018 11:44:06 user1 ssh 192.168.2.21 /usr/sbin/sshd 1285
18. 30/11/2018 11:44:06 user1 ssh 192.168.2.21 /usr/sbin/sshd 1286
19. 30/11/2018 11:44:06 user1 ? 192.168.2.21 /usr/sbin/sshd 1287
20. 30/11/2018 11:44:06 user1 ? 192.168.2.21 /usr/sbin/sshd 1288
21. 30/11/2018 11:44:06 user1 ssh 192.168.2.21 /usr/sbin/sshd 1289
22. 30/11/2018 11:44:06 user1 ssh 192.168.2.21 /usr/sbin/sshd 1290
23. 30/11/2018 11:44:06 user1 /dev/pts/0 ? /usr/sbin/sshd 1291
24. 30/11/2018 11:44:06 user1 /dev/pts/0 ? /usr/sbin/sshd 1292
25. 30/11/2018 11:44:06 user1 ? 192.168.2.21 /usr/sbin/sshd 1293
26. 30/11/2018 11:44:06 user1 ? 192.168.2.21 /usr/sbin/sshd 1294
27. 30/11/2018 11:44:05 unset (none) ? /sbin/iptables-multi-1.4.7 1278
28. 30/11/2018 11:44:05 unset (none) ? /sbin/iptables-multi-1.4.7 1279
29. 30/11/2018 11:44:05 unset (none) ? /sbin/iptables-multi-1.4.7 1280
30. 30/11/2018 11:44:10 unset ? ? /sbin/shutdown 1295
31. 30/11/2018 11:44:10 unset ? ? /sbin/shutdown 1296
32. 30/11/2018 11:44:10 unset ? ? /sbin/shutdown 1297
33. 30/11/2018 11:44:10 unset ? ? /sbin/shutdown 1298
34. 30/11/2018 11:44:58 unset console ? /bin/su 4
35. 30/11/2018 11:44:58 unset console ? /bin/su 5
36. 30/11/2018 11:44:58 unset console ? /bin/su 6
37. 30/11/2018 11:44:58 unset console ? /bin/su 7
38. 30/11/2018 11:44:59 unset console ? /bin/su 8
39. 30/11/2018 11:44:59 unset console ? /bin/su 9
40. 30/11/2018 11:44:59 unset console ? /bin/su 10
41. 30/11/2018 11:44:59 unset console ? /bin/su 11
42. 30/11/2018 11:44:59 unset console ? /bin/su 12
43. 30/11/2018 11:44:59 unset console ? /bin/su 13
44. 30/11/2018 11:44:59 unset console ? /bin/su 14
45. 30/11/2018 11:44:59 unset console ? /bin/su 15
Exemple de crash. J'ai ajouté '**> **' devant les lignes concernées
# last -xF reboot shutdown
reboot system boot 4.9.0-8-amd64 Tue Dec 1 10:59:41 2020 still running
shutdown system down 4.9.0-8-amd64 Tue Dec 1 10:59:04 2020 - Tue Dec 1 10:59:41 2020 (00:00)
reboot system boot 4.9.0-8-amd64 Tue Dec 1 09:24:25 2020 - Tue Dec 1 10:59:04 2020 (01:34)
shutdown system down 4.9.0-8-amd64 Tue Dec 1 09:23:47 2020 - Tue Dec 1 09:24:25 2020 (00:00)
reboot system boot 4.9.0-8-amd64 Tue Dec 1 09:01:15 2020 - Tue Dec 1 09:23:47 2020 (00:22)
shutdown system down 4.9.0-8-amd64 Sat Nov 28 09:02:37 2020 - Tue Dec 1 09:01:15 2020 (2+23:58)
> reboot system boot 4.9.0-8-amd64 Fri Nov 27 04:57:54 2020 - Sat Nov 28 09:02:37 2020 (1+04:04)
reboot system boot 4.9.0-8-amd64 Thu Nov 26 15:56:26 2020 - Sat Nov 28 09:02:37 2020 (1+17:06)
shutdown system down 4.9.0-8-amd64 Thu Nov 26 15:49:09 2020 - Thu Nov 26 15:56:26 2020 (00:07)
> reboot system boot 4.9.0-8-amd64 Thu Nov 26 15:47:48 2020 - Thu Nov 26 15:49:09 2020 (00:01)
reboot system boot 4.9.0-8-amd64 Thu Nov 26 15:11:50 2020 - Thu Nov 26 15:49:09 2020 (00:37)
shutdown system down 4.9.0-8-amd64 Thu Nov 26 15:11:07 2020 - Thu Nov 26 15:11:50 2020 (00:00)
reboot system boot 4.9.0-8-amd64 Thu Nov 26 15:03:32 2020 - Thu Nov 26 15:11:07 2020 (00:07)
shutdown system down 4.9.0-8-amd64 Thu Nov 26 15:00:07 2020 - Thu Nov 26 15:03:32 2020 (00:03)
reboot system boot 4.9.0-8-amd64 Thu Nov 26 14:58:50 2020 - Thu Nov 26 15:00:07 2020 (00:01)
shutdown system down 4.9.0-8-amd64 Thu Nov 26 12:48:56 2020 - Thu Nov 26 14:58:50 2020 (02:09)
> reboot system boot 4.9.0-8-amd64 Thu Nov 26 08:05:37 2020 - Thu Nov 26 12:48:56 2020 (04:43)
reboot system boot 4.9.0-8-amd64 Wed Nov 25 14:59:50 2020 - Thu Nov 26 12:48:56 2020 (21:49)
shutdown system down 4.9.0-8-amd64 Wed Nov 25 14:57:52 2020 - Wed Nov 25 14:59:50 2020 (00:01)
reboot system boot 4.9.0-8-amd64 Wed Nov 25 14:57:00 2020 - Wed Nov 25 14:57:52 2020 (00:00)
shutdown system down 4.9.0-8-amd64 Wed Nov 25 14:44:33 2020 - Wed Nov 25 14:57:00 2020 (00:12)
reboot system boot 4.9.0-8-amd64 Wed Nov 25 14:43:11 2020 - Wed Nov 25 14:44:33 2020 (00:01)
shutdown system down 4.9.0-8-amd64 Wed Nov 25 14:42:33 2020 - Wed Nov 25 14:43:11 2020 (00:00)
reboot system boot 4.9.0-8-amd64 Wed Nov 25 14:40:44 2020 - Wed Nov 25 14:42:33 2020 (00:01)
shutdown system down 4.9.0-8-amd64 Wed Nov 25 14:40:07 2020 - Wed Nov 25 14:40:44 2020 (00:00)
> reboot system boot 4.9.0-8-amd64 Wed Nov 25 14:21:43 2020 - Wed Nov 25 14:40:07 2020 (00:18)
> reboot system boot 4.9.0-8-amd64 Wed Nov 25 13:45:45 2020 - Wed Nov 25 14:40:07 2020 (00:54)
> reboot system boot 4.9.0-8-amd64 Wed Nov 25 06:14:31 2020 - Wed Nov 25 14:40:07 2020 (08:25)
> reboot system boot 4.9.0-8-amd64 Wed Nov 25 04:59:05 2020 - Wed Nov 25 14:40:07 2020 (09:41)
> reboot system boot 4.9.0-8-amd64 Wed Nov 25 04:27:03 2020 - Wed Nov 25 14:40:07 2020 (10:13)
> reboot system boot 4.9.0-8-amd64 Wed Nov 25 04:03:13 2020 - Wed Nov 25 14:40:07 2020 (10:36)
> reboot system boot 4.9.0-8-amd64 Wed Nov 25 03:29:28 2020 - Wed Nov 25 14:40:07 2020 (11:10)
> reboot system boot 4.9.0-8-amd64 Tue Nov 24 18:01:42 2020 - Wed Nov 25 14:40:07 2020 (20:38)
> reboot system boot 4.9.0-8-amd64 Tue Nov 24 11:35:04 2020 - Wed Nov 25 14:40:07 2020 (1+03:05)
> reboot system boot 4.9.0-8-amd64 Tue Nov 24 03:15:07 2020 - Wed Nov 25 14:40:07 2020 (1+11:25)
> reboot system boot 4.9.0-8-amd64 Tue Nov 24 02:14:00 2020 - Wed Nov 25 14:40:07 2020 (1+12:26)
> reboot system boot 4.9.0-8-amd64 Mon Nov 23 15:54:34 2020 - Wed Nov 25 14:40:07 2020 (1+22:45)
> reboot system boot 4.9.0-8-amd64 Mon Nov 23 15:45:29 2020 - Wed Nov 25 14:40:07 2020 (1+22:54)
> reboot system boot 4.9.0-8-amd64 Mon Nov 23 07:37:38 2020 - Wed Nov 25 14:40:07 2020 (2+07:02)
> reboot system boot 4.9.0-8-amd64 Mon Nov 23 04:31:22 2020 - Wed Nov 25 14:40:07 2020 (2+10:08)
> reboot system boot 4.9.0-8-amd64 Sat Nov 21 18:10:22 2020 - Wed Nov 25 14:40:07 2020 (3+20:29)
reboot system boot 4.9.0-8-amd64 Thu Nov 19 18:45:32 2020 - Wed Nov 25 14:40:07 2020 (5+19:54)
shutdown system down 4.9.0-8-amd64 Thu Nov 19 18:37:38 2020 - Thu Nov 19 18:45:32 2020 (00:07)
reboot system boot 4.9.0-8-amd64 Thu Nov 19 18:33:25 2020 - Thu Nov 19 18:37:38 2020 (00:04)
shutdown system down 4.9.0-8-amd64 Thu Nov 19 18:32:02 2020 - Thu Nov 19 18:33:25 2020 (00:01)
> reboot system boot 4.9.0-8-amd64 Thu Nov 19 09:21:56 2020 - Thu Nov 19 18:32:02 2020 (09:10)
> reboot system boot 4.9.0-8-amd64 Thu Nov 19 02:49:49 2020 - Thu Nov 19 18:32:02 2020 (15:42)
reboot system boot 4.9.0-8-amd64 Tue Nov 17 09:20:40 2020 - Thu Nov 19 18:32:02 2020 (2+09:11)
shutdown system down 4.9.0-8-amd64 Tue Nov 17 09:19:57 2020 - Tue Nov 17 09:20:40 2020 (00:00)
reboot system boot 4.9.0-8-amd64 Tue Nov 17 10:33:39 2020 - Tue Nov 17 09:19:57 2020 (-1:-13)
shutdown system down 4.9.0-8-amd64 Tue Nov 17 01:49:22 2020 - Tue Nov 17 10:33:39 2020 (08:44)
reboot system boot 4.9.0-8-amd64 Tue Nov 17 01:47:26 2020 - Tue Nov 17 01:49:22 2020 (00:01)
shutdown system down 4.9.0-8-amd64 Tue Nov 17 01:40:34 2020 - Tue Nov 17 01:47:26 2020 (00:06)
reboot system boot 4.9.0-8-amd64 Tue Nov 17 01:34:07 2020 - Tue Nov 17 01:40:34 2020 (00:06)
shutdown system down 4.9.0-8-amd64 Mon Nov 16 14:15:14 2020 - Tue Nov 17 01:34:07 2020 (11:18)
reboot system boot 4.9.0-8-amd64 Mon Nov 16 13:50:51 2020 - Mon Nov 16 14:15:14 2020 (00:24)
shutdown system down 4.9.0-8-amd64 Mon Nov 16 12:04:12 2020 - Mon Nov 16 13:50:51 2020 (01:46)
reboot system boot 4.9.0-8-amd64 Mon Nov 16 12:00:40 2020 - Mon Nov 16 12:04:12 2020 (00:03)
shutdown system down 4.9.0-8-amd64 Mon Nov 16 11:59:59 2020 - Mon Nov 16 12:00:40 2020 (00:00)
reboot system boot 4.9.0-8-amd64 Mon Nov 16 11:44:51 2020 - Mon Nov 16 11:59:59 2020 (00:15)
shutdown system down 4.9.0-8-amd64 Mon Nov 16 11:35:48 2020 - Mon Nov 16 11:44:51 2020 (00:09)
reboot system boot 4.9.0-8-amd64 Mon Nov 16 11:33:51 2020 - Mon Nov 16 11:35:48 2020 (00:01)
shutdown system down 4.9.0-8-amd64 Mon Nov 16 11:32:11 2020 - Mon Nov 16 11:33:51 2020 (00:01)
reboot system boot 4.9.0-8-amd64 Mon Nov 16 11:29:10 2020 - Mon Nov 16 11:32:11 2020 (00:03)
wtmp begins Sun Nov 1 06:37:41 2020
List of unexpected shutdown. Normally "reboot" should come after "shutdown"