[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Wierd Network Shutdown



	Mikkel,
Disabled apmd and everything stayed last night.  How wierd is this?  Oh
well, perhaps by some fluke apmd was turned on.  Will keep everyone
updated.

	Peter


On Mon, 2003-02-03 at 16:43, Mikkel L. Ellertson wrote:
> On 2 Feb 2003, Peter Maag wrote:
> 
> >  Mikkel,
> > Ok this is even stranger.  I did exactly what you suggested, updated my
> > RPM's, installed and root kit checker(didn't find anything), and changed
> > the root password.  I wakeup this morning to find my machine still
> > alive, but this in the /var/log/messages:
> > 
> > Feb  2 04:02:03 maag syslogd 1.4.1: restart.
> > Feb  2 05:23:56 maag network: Shutting down interface eth0:  succeeded
> > Feb  2 05:23:56 maag network: Shutting down loopback interface:  succeeded
> > Feb  2 05:23:57 maag /etc/hotplug/net.agent: NET unregister event not supported
> > Feb  2 05:23:57 maag apmd[716]: System Standby
> > Feb  2 00:24:08 maag kernel: ide_dmaproc: chipset supported ide_dma_lostirq func only: 13
> > Feb  2 00:24:08 maag kernel: hda: lost interrupt
> > Feb  2 05:24:10 maag kernel: sis900.c: v1.08.03 2/1/2002
> > Feb  2 05:24:10 maag kernel: PCI: Found IRQ 10 for device 00:01.1
> > Feb  2 05:24:10 maag kernel: eth0: SiS 900 Internal MII PHY transceiver found at address 1.
> > Feb  2 05:24:10 maag kernel: eth0: Using transceiver found at address 1 as default
> > Feb  2 05:24:13 maag kernel: eth0: SiS 900 PCI Fast Ethernet at 0xde00, IRQ 10, (MAC was here)
> > Feb  2 05:24:15 maag kernel: eth0: Media Link On 100mbps full-duplex 
> > Feb  2 05:24:16 maag netfs: Mounting other filesystems:  succeeded
> > Feb  2 05:24:17 maag netfs: Mounting other filesystems:  succeeded
> > Feb  2 05:24:17 maag apmd[716]: Normal Resume after 00:00:20 (-1% unknown) AC power
> > 
> > Wierd that apmd is putting the system into standby.  At this point I
> > would uninstall and then reinstall, however the system is located at a
> > dedicated hosting facility, and I really don't want to spend the money
> > for them to uninstall, then reinstall.  I think I will disable the apmd
> > dameon, and check the machine tonight....It also seems the syslogd was
> > restarted, did the hacker delete the log files showing his access to the
> > machine?  Thanks.
> > 
> >  Peter
> > 
> Peter,
> 	This is definitly a strange one.  The only time I have heard of 
> apmd shutting down a network is with laptops set up to disable PCMCIA 
> cards when going into suspend.  (Some cards need to be re-initialized 
> when coming out of suspend, from what I have read...)  I am not real 
> sure why you are running apmd on a server.  I can see it in a 
> workstation.  About the only time I could see it on a server is if it is 
> for a local network only, and there wasn't normaly any demand on the 
> server after the normal work day...
> 
> 	As far as syslog being restarted, the time and date are right 
> for logrotate to have rotated the logs.  For anything before Feb. 2, at 
> 4:02 local time, you would have to look at the <name>.1 or <name>.1.gz 
> file, depending on how logratate is set up.
> 
> 	I wish I had some good ideas for you.  About the only thing I 
> can think of is to run "service apmd stop" and "chkconfig apmd off", and 
> see if that helps...
> 
> Mikkel
-- 
Peter Maag <pmaag gladstone uoregon edu>





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]