Support
 
Support Get Quote
 
 
 
 
Syslog

Syslog analysis:
Investigating the cause of system reboot in Linux systems

2 min read
 

In a network, there may be several reasons for a system to shutdown or reboot. Some of the common reasons are:

  1. Power failure
  2. Software/hardware error
  3. Memory failure
  4. Unauthorized user action

You should regularly monitor the Syslogs to obtain information about the reboots and shutdowns as they are critical system events.

A user inside the network using a Linux system, can run a command to shutdown the system. The basic syntax to shutdown a system in Linux is shutdown [OPTIONS] [TIME] [MESSAGE].

If a user shuts down a system manually by running a command, it can be identified by checking the auth log file. An individual user can login remotely and shutdown a system.

Here's an example of how a reboot event is recorded.

Dec 24 21:03:38 ip-172-31-34-37 sshd[1172]: pam_unix(sshd:session): session opened for user joker by (uid=0)
Dec 24 21:03:38 ip-172-31-34-37 systemd: pam_unix(systemd-user:session): session opened for user joker by (uid=0)
Dec 24 21:03:41 ip-172-31-34-37 sudo: joker : TTY=pts/0 ; PWD=/home/joker ; USER=root ; COMMAND=/sbin/shutdown -r now

In the above event, the user 'joker' has logged into the network remotely and has executed the reboot command. This is an example of an unauthorized activity. To mitigate the impact of such critical events, it's necessary to obtain real-time alerts. This is difficult while managing logs manually.

Though every instance of server restart can be obtained by searching the kernal logs, manually sifting through the syslogs can be time-consuming and tiring. A log management solution can collect and parse log data into meaningful information and generate out of box reports.

EventLog Analyzer, a comprehensive log management solution can help you to monitor and secure your network. This solution can provide real-time alerts and generate exhaustive reports for critical events such as the system shutdown, reboot, etc.

how-to-investigate-a-system-reboot-linux-log-analysis

You may also like

 

Interested in a
log management
solution?

Try EventLog Analyzer

Manage logs, comply with IT regulations, and mitigate security threats.

Seamlessly collect, monitor, and analyze
logs with EventLog Analyzer

Your request for a demo has been submitted successfully

Our support technicians will get back to you at the earliest.

  •  
  •  
By clicking 'Submit', you agree to processing of personal data according to the Privacy Policy.

  Zoho Corporation Pvt. Ltd. All rights reserved.

Link copied, now you can start sharing
Copy