재시작/종료의 원인/원인을 어떻게 알 수 있나요?

.를 사용하여 마지막 부팅의 시스템 로그를 확인합니다 sudo journalctl -b -1 -e.

조사하다 /var/log/auth.log.

이것이 "정전/스파이크", "CPU 과열" 중 하나가 아닌 것이 확실합니까?

내 시스템(Ubuntu 16.04,6)에서는

sudo journalctl | grep shutdown
Jan 29 12:58:07 bat sudo[14365]: walt : TTY=pts/0 ; PWD=/home/walt ; USER=root ; COMMAND=/sbin/shutdown now
Feb 12 11:23:59 bat systemd[1]: Stopped Ubuntu core (all-snaps) system shutdown helper setup service.
Feb 19 09:35:18 bat ureadahead[437]: ureadahead:lxqt-session_system-shutdown.png: Ignored relative path
Feb 19 09:35:18 bat ureadahead[437]: ureadahead:gshutdown_gshutdown.png: Ignored relative path
Feb 19 09:35:18 bat ureadahead[437]: ureadahead:mate-gnome-main-menu-applet_system-shutdown.png: Ignored relative path
Feb 27 16:45:40 bat systemd-shutdown[1]: Sending SIGTERM to remaining processes...
Mar 05 17:53:27 bat systemd-shutdown[1]: Sending SIGTERM to remaining processes...
Mar 15 09:57:45 bat systemd[1]: Stopped Ubuntu core (all-snaps) system shutdown helper setup service.
Mar 21 17:40:30 bat systemd[1]: Stopped Ubuntu core (all-snaps) system shutdown helper setup service.
Apr 15 18:16:37 bat systemd[1]: Stopped Ubuntu core (all-snaps) system shutdown helper setup service.
...

첫 번째 행에는 walt사용자가 작업을 수행한 시간이 표시됩니다 sudo shutdown now.

간단히 말해서, 단지뿌리사용자 또는루트 권한이 있는 사용자시스템을 종료/다시 시작할 수 있습니다.

1. 명령을 실행하여 last -x작업의 타임스탬프를 찾습니다.

root@personal:~# last -x
ubuntu   pts/0        116.102.181.245  Wed Dec 18 16:28   still logged in
runlevel (to lvl 5)   4.15.0-1047-aws  Wed Dec 18 16:27   still running
reboot   system boot  4.15.0-1047-aws  Wed Dec 18 16:27   still running
shutdown system down  4.15.0-1047-aws  Wed Dec 18 16:27 - 16:27  (00:00)
ubuntu   pts/0        116.102.181.245  Wed Dec 18 16:25 - 16:27  (00:02)
runlevel (to lvl 5)   4.15.0-1047-aws  Wed Dec 18 16:24 - 16:27  (00:03)

2. last -x결과를 바탕으로 최근 로그인한 사용자를 찾아 해당 사용자로 전환하여 기록을 확인합니다.

root@personal:~# su - ubuntu
ubuntu@personal:~$ history 10
  312  dig @1.1.1.1 xxx +short
  313  dig @8.8.8.8 xxx +short
  314  dig @8.8.4.4 xxx +short
  315  exit
  316  sudo su -
  317  sudo reboot
  318  sudo su -
  319  history
  320  last -x
  321  history 10

3. 아니면 로그를 확인해보세요journalctl

root@personal:~# journalctl | grep reboot
Sep 05 03:07:04 ip-172-31-36-28 cron[710]: (CRON) INFO (Running @reboot jobs)
Sep 05 13:49:11 personal python3[21347]: ansible-command Invoked with _raw_params=sleep 10 && reboot _uses_shell=True warn=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None
Sep 05 13:51:23 personal python3[22042]: ansible-command Invoked with _raw_params=sleep 10 && reboot _uses_shell=True warn=True stdin_add_newline=True strip_empty_ends=True argv=None chdir=None executable=None creates=None removes=None stdin=None
Sep 05 13:54:21 personal systemd-logind[715]: System is rebooting (Reboot initiated by Ansible).
Sep 05 13:54:36 personal cron[573]: (CRON) INFO (Running @reboot jobs)
Dec 18 16:24:30 personal cron[651]: (CRON) INFO (Running @reboot jobs)
Dec 18 16:27:36 personal sudo[915]:   ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/sbin/reboot
Dec 18 16:27:54 personal cron[641]: (CRON) INFO (Running @reboot jobs)

그런데 다음 링크를 통해 더 많은 정보를 확인할 수 있습니다.

• 시스템이 종료된 원인을 로그에서 어떻게 알 수 있나요?
• https://www.cyberciti.biz/tips/howto-log-user-activity-using-process-accounting.html
• https://www.cyberciti.biz/tips/linux-last-reboot-time-and-date-find-out.html