How can you tell if a computer was shutdown or if it crashed
#1
20K+ Super Poster.
Thread Starter
How can you tell if a computer was shutdown or if it crashed
I know i do this for a living... but...
I had a server ina cluster go down at 11:50 on friday and i THINK it was rebooted (it killed all the terminal services printers seconds before it lost contact, so it looks like a controlled shutdown) i need to try and work out if it was shutdown on purpose by someone por if it crashed due to a power failure or something. now the event viewer doesnt give me the info i need really, or at least i dont know what to look for. Is there anywhere i can be looking to try and figure out if the shutdown was clean or not?
basically i think someone has tried to break one of our servers (shared comms room) to get us into the shit and need to work out if thats the case or not.
Jim
I had a server ina cluster go down at 11:50 on friday and i THINK it was rebooted (it killed all the terminal services printers seconds before it lost contact, so it looks like a controlled shutdown) i need to try and work out if it was shutdown on purpose by someone por if it crashed due to a power failure or something. now the event viewer doesnt give me the info i need really, or at least i dont know what to look for. Is there anywhere i can be looking to try and figure out if the shutdown was clean or not?
basically i think someone has tried to break one of our servers (shared comms room) to get us into the shit and need to work out if thats the case or not.
Jim
#7
Originally Posted by Jim Galbally
lee, in the event log?
ps get yaself some monitoring tools ie whatsup syslog etc you dont have to spend big bucks to monitor basics
If any link network switch router and certain servers i care about go down I know
we just got net vantage and server vantage and thats very powerful but not cheap
Trending Topics
#8
20K+ Super Poster.
Thread Starter
we run a system called big brother but since its monitoring about 20,000 devices its kinda hard to spot one specific point of failure . We also use a simple pinger based monitor just on on-sote servers... lets out a "whoop whoop" noise when it loses comms to one... VERY handy, saved our bacion a few times. Anyway none of that tells me if someone hit the shutdown button or if the thing BSOD'd
#9
Originally Posted by Jim Galbally
we run a system called big brother but since its monitoring about 20,000 devices its kinda hard to spot one specific point of failure . We also use a simple pinger based monitor just on on-sote servers... lets out a "whoop whoop" noise when it loses comms to one... VERY handy, saved our bacion a few times. Anyway none of that tells me if someone hit the shutdown button or if the thing BSOD'd
#10
20K+ Super Poster.
Thread Starter
its swipe card access so i assume its monitored by security (its in the council offices, we're contractors) im checking with them tomorrow.
#11
PassionFord Post Whore!!
Join Date: May 2003
Location: Peterborough
Posts: 3,936
Likes: 0
Received 0 Likes
on
0 Posts
check the internet history folder lol maybe someone popped on one of your servers to search for porn and they couldnt close it down
lol... ok so im not computer technical but hey its an idea!!
or dust the CTRL-ALT-DEL keys for fingerprints
the truth is out there
lol... ok so im not computer technical but hey its an idea!!
or dust the CTRL-ALT-DEL keys for fingerprints
the truth is out there
#12
PassionFord Post Troll
Join Date: Apr 2004
Location: Melbourne, Australia
Posts: 3,216
Likes: 0
Received 0 Likes
on
0 Posts
Originally Posted by M Brian
check the internet history folder lol maybe someone popped on one of your servers to search for porn and they couldnt close it down
lol... ok so im not computer technical but hey its an idea!!
or dust the CTRL-ALT-DEL keys for fingerprints
the truth is out there
lol... ok so im not computer technical but hey its an idea!!
or dust the CTRL-ALT-DEL keys for fingerprints
the truth is out there
Would be interested to know the answer to this as well
#15
10K+ Poster!!
Originally Posted by Jim Galbally
we run a system called big brother but since its monitoring about 20,000 devices its kinda hard to spot one specific point of failure
one piece of software/hardware to monitor that many devices?
imho the network specialist shud be shot
#16
20K+ Super Poster.
Thread Starter
actually its a chain of servers all linked together to form a bit of a "web" as it were, it protects against a single point of failure.
I mainly use it to get nice pretty graphs off the WAN routers as its easier than trying to do the math by telnetting into them. apart from that i rely on the "someone will phone you if it breaks" diagnosis method
ps cant check security log to see if it was logged onto as it stays logged on (just locked) and a lot of people know the password to unlock it
I mainly use it to get nice pretty graphs off the WAN routers as its easier than trying to do the math by telnetting into them. apart from that i rely on the "someone will phone you if it breaks" diagnosis method
ps cant check security log to see if it was logged onto as it stays logged on (just locked) and a lot of people know the password to unlock it
#17
15K+ Super Poster!!
Join Date: May 2003
Location: Bucks
Posts: 17,976
Likes: 0
Received 0 Likes
on
0 Posts
A shutdown will be shown in the event log's jim, or you'll have an event log saying "the system was shutdown @ such and such a time" usually due to an unknown error. (I can't be arsed to VPN in to the office and find out the exact message or log for you atm
#18
I've found that life I needed.. It's HERE!!
Join Date: Aug 2004
Location: UK
Posts: 1,096
Likes: 0
Received 0 Likes
on
0 Posts
look for bugcheck entrys in the logs, should give you a stop code if it was bsod. User initiated shutdowns usually report the services stopping in the system log. If it was a pull the power plug job there wont be any entries only service startups.
#19
PassionFord Post Whore!!
Join Date: May 2003
Location: SE London
Posts: 4,621
Likes: 0
Received 0 Likes
on
0 Posts
big brother is poop jim.. we have it here too and i refuse to use it.. get some proper management software!
restart should defintiely 100% be in the event log.. won't show as a "restart" as such, but if the services are all shutting down in a controlled manner you can pretty much rule out a power failure imo, and if a third party has access to the machine they shouldn't be able to shut it down properly because your console should be locked at all times it's not in use, and if it's not then you're just asking for it!
restart should defintiely 100% be in the event log.. won't show as a "restart" as such, but if the services are all shutting down in a controlled manner you can pretty much rule out a power failure imo, and if a third party has access to the machine they shouldn't be able to shut it down properly because your console should be locked at all times it's not in use, and if it's not then you're just asking for it!
Thread
Thread Starter
Forum
Replies
Last Post
nipper.1
Ford KUGA
12
30-05-2022 07:39 PM
disco-stu
Pictures, video & Photoshop Forum
9
03-10-2015 08:26 PM