‘last’ command to check for previous shutdown status?

It’s been a while.. again. It’s not gonna be trend from now (that for each new post, I’m shifting to new company again) hopefully :)   Previously became a Sys admin, and learned lots in revisioning, code audit, peer programing and coding/scripting style. Yes, its a sys admin cum sys developer.

So for this post, it’s about determining the status of previous shutdown of the Linux/BSD server, whether it’s clean, force, etc. I’ve googled lots in finding the solution, but seems there are no concrete answer for this. ‘last’ command in  linux/unix flavor is to show last logged in user in the system. In theory and practical, a physical server shouldn’t be rebooted a lot, unless it is a testing server. Power outage, force shutdown, etc wouldn’t be appear in any logs in the system. ‘last’ command tells specific time, and the important indicator, is the ‘reboot; and ‘shutdown’ signal. A proper shutdown, will always have ‘reboot’ and ‘shutdown’ altogether. Means, if the system shutdown properly, the number of ‘reboot’ and ‘shutdown’ should be equal. Well, this is actually just my theory.

To test this, below is the bash script to demonstrate the behavior:

#!/usr/bin/env bash
 
log_dir="/var/log"
logs_ver=( "wtmp" "wtmp.1" "wtmp.2" "wtmp.3" )
sh="shutdown"
re="reboot"
 
for i in ${logs_ver[@]}; do
        wtmp_logs=$log_dir/$i
        if [ -f "$wtmp_logs" ]; then
                echo "Log for $wtmp_logs"
                        if uname -a | grep -i bsd > /dev/null 2>&1;
                                then echo "System is *Bsd variant"
                                        absd=`last -f $wtmp_logs| grep -i -E "$re"|wc -l`
                                        bbsd=`last -f $wtmp_logs| grep -i -E "$sh"|wc -l`
                                        if [ $absd -gt $bbsd ]; then
                                                echo "reboot $absd times > shutdown $bbsd times"
                                                echo "sumething not right"
                                        else
                                                echo "reboot $absd times = shutdown $bbsd times OK"
                                        fi
                        elif uname -a | grep -i linux > /dev/null 2>&1;
                                then echo "System is *Linux variant"
                                        a=`last -a -x -f $wtmp_logs| grep -i -E "$re"|wc -l`
                                        b=`last -a -x -f $wtmp_logs| grep -i -E "$sh"|wc -l`
                                        if [ $a -gt $b ]; then
                                                echo "reboot $a times > shutdown $b times"
                                                echo "sumething not right"
                                        else
                                                echo "reboot $a times = shutdown $b times OK"
                                        fi
                        else
                                echo "not found"
                        fi
        else
                echo "wtmp log not existed for $wtmp_logs"
        fi
done
February 22nd, 2012 in Uncategorized | tags: , , , , , ,

Leave a comment

Your comment