linux系统判断是否重启、关机、查询登录诊断分析简介

浏览数：31 / 时间：2015年06月20日

Last reboot这个命令是查看每次系统重启的信息

[root@dg01 log]# last reboot
reboot system boot 2.6.32-300.10.1. Thu May 29 22:48 (00:23)
reboot system boot 2.6.32-300.10.1. Thu May 29 22:08 (00:38)
。。。

其中最近的一次重启时间是May 29 22:48，距离当前时间已经运行了23分钟了，而倒数第二次重启时间是May 29 22:08，运行了38分钟

Uptime
[root@dg01 ~]# uptime
23:44:20 up 56 min, 2 users, load average: 0.04, 0.01, 0.00

Uptime显示了系统当前时间23:44:20，运行时间56 min，当前用户连接数为2，系统的负载。

[root@dg01 ~]# w
23:46:21 up 58 min, 2 users, load average: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root pts/1 192.168.56.101 22:54 12:25 0.04s 0.04s -bash
root pts/2 192.168.56.101 23:33 0.00s 0.13s 0.00s w

w比uptime显示的信息更加丰富了，除了显示了uptime的信息外，还显示了下列的信息：
user：显示登录的用户账号
TTY：用户登录所用的终端
FROM：显示用户在何处登录系统，这里显示的是IP：192.168.56.101，正是小鱼自己本地IP地址
Login@：显示何时登录系统
IDLE：表示用户空闲时间，从用户上一次任何结束后开始计时
JCPU : 终端代号来区分，表示在摸段时间内，所有与该终端相关的进程所消耗的cpu时间
PCPU：指what域的任务执行后消耗的cpu时间
What：表示当前执行的任务

Who
[root@dg01 ~]# who
root pts/1 2014-05-29 22:54 (192.168.56.101)
root pts/2 2014-05-29 23:33 (192.168.56.101)

who显示登录系统的用户，输出的信息没有w全

我们来看看系统重启关闭对应系统的后台日志输出信息

正常reboot时系统日志信息如下：
[root@dg01 log]# reboot
[root@dg01 log]# less messages
。。。
May 29 22:47:08 dg01 shutdown[3829]: shutting down for system reboot
May 29 22:47:09 dg01 smartd[3370]: smartd received signal 15: Terminated
May 29 22:47:09 dg01 smartd[3370]: smartd is exiting (exit status 0)
May 29 22:47:09 dg01 avahi-daemon[3298]: Got SIGTERM, quitting.
May 29 22:47:09 dg01 avahi-daemon[3298]: Leaving mDNS multicast group on interface bond0.IPv6 with address fe80::a00:27ff:fea5:4e59.
May 29 22:47:09 dg01 avahi-daemon[3298]: Leaving mDNS multicast group on interface bond0.IPv4 with address 192.168.56.110.
May 29 22:47:11 dg01 xinetd[2957]: Exiting...
May 29 22:47:15 dg01 hcid[2721]: Got disconnected from the system message bus
May 29 22:47:15 dg01 multipathd: mpath1: stop event checker thread (1086806336)
May 29 22:47:15 dg01 multipathd: --------shut down-------
May 29 22:47:16 dg01 auditd[2538]: The audit daemon is exiting.
May 29 22:47:16 dg01 kernel: type=1305 audit(1401418036.445:75): audit_pid=0 old=2538 auid=4294967295 ses=4294967295 res=1
May 29 22:47:16 dg01 pcscd: pcscdaemon.c:572:signal_trap() Preparing for suicide
May 29 22:47:17 dg01 pcscd: hotplug_libusb.c:376:HPRescanUsbBus() Hotplug stopped
May 29 22:47:17 dg01 pcscd: readerfactory.c:1379:RFCleanupReaders() entering cleaning function
May 29 22:47:17 dg01 pcscd: pcscdaemon.c:532:at_exit() cleaning /var/run
May 29 22:47:17 dg01 kernel: Kernel logging (proc) stopped.
May 29 22:47:17 dg01 kernel: Kernel log daemon terminating.
May 29 22:47:18 dg01 exiting on signal 15

--上面这部分是关于系统正常关闭的日志，看见有个很清晰的May 29 22:47:08 dg01 shutdown[3829]: shutting down for system reboot

May 29 22:48:34 dg01 syslogd 1.4.1: restart.
May 29 22:48:34 dg01 kernel: klogd 1.4.1, log source = /proc/kmsg started.
May 29 22:48:34 dg01 kernel: Initializing cgroup subsys cpuset
May 29 22:48:34 dg01 kernel: Initializing cgroup subsys cpu
May 29 22:48:34 dg01 kernel: Linux version 2.6.32-300.10.1.el5uek (mockbuild@ca-build56.us.oracle.com) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-50)) #1 SMP Wed Feb 22 17:37:40 EST 2012
May 29 22:48:34 dg01 kernel: Command line: ro root=LABEL=/ rhgb quiet
May 29 22:48:34 dg01 kernel: KERNEL supported cpus:
May 29 22:48:34 dg01 kernel: Intel GenuineIntel
May 29 22:48:34 dg01 kernel: AMD AuthenticAMD
May 29 22:48:34 dg01 kernel: Centaur CentaurHauls
May 29 22:48:34 dg01 kernel: BIOS-provided physical RAM map:
。。。
--上面这部分是启动正常重启的日志

shutdown –h now时输入信息如下：
[root@dg01 log]shutdown –h now
[root@dg01 log]# less messages
May 29 23:53:45 dg01 syslogd 1.4.1: restart.
May 30 04:02:29 dg01 shutdown[7138]: shutting down for system halt
May 30 04:02:31 dg01 smartd[3338]: smartd received signal 15: Terminated
May 30 04:02:31 dg01 smartd[3338]: smartd is exiting (exit status 0)
May 30 04:02:31 dg01 avahi-daemon[3266]: Got SIGTERM, quitting.
May 30 04:02:31 dg01 avahi-daemon[3266]: Leaving mDNS multicast group on interface bond0.IPv6 with address fe80::a00:27ff:fea5:4e59.
May 30 04:02:31 dg01 avahi-daemon[3266]: Leaving mDNS multicast group on interface bond0.IPv4 with address 192.168.56.110.
May 30 04:02:33 dg01 xinetd[2925]: Exiting...
May 30 04:02:37 dg01 hcid[2689]: Got disconnected from the system message bus
May 30 04:02:37 dg01 multipathd: mpath1: stop event checker thread (1075239232)
May 30 04:02:37 dg01 multipathd: --------shut down-------
May 30 04:02:38 dg01 auditd[2506]: The audit daemon is exiting.
May 30 04:02:38 dg01 kernel: type=1305 audit(1401436958.027:326): audit_pid=0 old=2506 auid=4294967295 ses=4294967295 res=1
May 30 04:02:38 dg01 pcscd: pcscdaemon.c:572:signal_trap() Preparing for suicide
May 30 04:02:38 dg01 pcscd: hotplug_libusb.c:376:HPRescanUsbBus() Hotplug stopped
May 30 04:02:39 dg01 pcscd: readerfactory.c:1379:RFCleanupReaders() entering cleaning function
May 30 04:02:39 dg01 pcscd: pcscdaemon.c:532:at_exit() cleaning /var/run
May 30 04:02:39 dg01 kernel: Kernel logging (proc) stopped.
May 30 04:02:39 dg01 kernel: Kernel log daemon terminating.
May 30 04:02:40 dg01 exiting on signal 15

--这里也看见有May 30 04:02:29 dg01 shutdown[7138]: shutting down for system halt
表示是正常关机

而如果意外关机，输入日志中看不到正常关闭系统的信息，比如如下的日志信息：
May 25 04:03:02 APPServer4 syslogd 1.4.1: restart.
May 26 13:26:04 APPServer4 auditd[2985]: Audit daemon rotating log files
May 29 01:50:34 APPServer4 auditd[2985]: Audit daemon rotating log files
May 29 23:07:01 APPServer4 syslogd 1.4.1: restart.
May 29 23:07:01 APPServer4 kernel: klogd 1.4.1, log source = /proc/kmsg started.
May 29 23:07:01 APPServer4 kernel: Linux version 2.6.18-194.el5 (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-48)) #1 SMP Fri Apr 2 14:58:14 EDT 2010
May 29 23:07:01 APPServer4 kernel: Command line: ro root=LABEL=/ rhgb quiet
May 29 23:07:01 APPServer4 kernel: BIOS-provided physical RAM map:
May 29 23:07:01 APPServer4 kernel: BIOS-e820: 0000000000010000 - 000000000009bc00 (usable)
May 29 23:07:01 APPServer4 kernel: BIOS-e820: 000000000009bc00 - 00000000000a0000 (reserved)
May 29 23:07:01 APPServer4 kernel: BIOS-e820: 00000000000e0000 - 0000000000100000 (reserved)
May 29 23:07:01 APPServer4 kernel: BIOS-e820: 0000000000100000 - 00000000cff4b480 (usable)
May 29 23:07:01 APPServer4 kernel: BIOS-e820: 00000000cff4b480 - 00000000cff57b40 (ACPI data)
May 29 23:07:01 APPServer4 kernel: BIOS-e820: 00000000cff57b40 - 00000000e0000000 (reserved)
May 29 23:07:01 APPServer4 kernel: BIOS-e820: 00000000fec00000 - 0000000100000000 (reserved)
May 29 23:07:01 APPServer4 kernel: BIOS-e820: 0000000100000000 - 00000003b0000000 (usable)
May 29 23:07:01 APPServer4 kernel: DMI 2.4 present.