In a network, there may be several reasons for a system to shutdown or reboot. Some of the common reasons are:
You should regularly monitor the Syslogs to obtain information about the reboots and shutdowns as they are critical system events.
A user inside the network using a Linux system, can run a command to shutdown the system. The basic syntax to shutdown a system in Linux is shutdown [OPTIONS] [TIME] [MESSAGE].
If a user shuts down a system manually by running a command, it can be identified by checking the auth log file. An individual user can login remotely and shutdown a system.
Dec 24 21:03:38 ip-172-31-34-37 sshd: pam_unix(sshd:session): session opened for user joker by (uid=0)
Dec 24 21:03:38 ip-172-31-34-37 systemd: pam_unix(systemd-user:session): session opened for user joker by (uid=0)
Dec 24 21:03:41 ip-172-31-34-37 sudo: joker : TTY=pts/0 ; PWD=/home/joker ; USER=root ; COMMAND=/sbin/shutdown -r now
In the above event, the user 'joker' has logged into the network remotely and has executed the reboot command. This is an example of an unauthorized activity. To mitigate the impact of such critical events, it's necessary to obtain real-time alerts. This is difficult while managing logs manually.
Though every instance of server restart can be obtained by searching the kernal logs, manually sifting through the syslogs can be time-consuming and tiring. A log management solution can collect and parse log data into meaningful information and generate out of box reports.
EventLog Analyzer, a comprehensive log management solution can help you to monitor and secure your network. This solution can provide real-time alerts and generate exhaustive reports for critical events such as the system shutdown, reboot, etc.
Zoho Corporation Pvt. Ltd. All rights reserved.