 
                        今天早上起来发现网站打不开了,估计又是httpd自动关闭了,于是打开重启了一下服务。果然。
已经出现好几次了。请问怎么排查问题?(下图1)

日志:(下图2)

access_log 文件为空,我很纳闷,修改时间是昨晚三点,感觉是被清空了。(下图3)

error_log 里面只有这几行。都是今早上自己访问的记录。(下图4)

error_log-20150726的日志:(下图5)

top(下图6):

前几次也是晚上3点左右关闭的。
在其中一个网站的日志里面找到,其中有一个36.99.30.46(河南省洛阳市 电信)的ip访问过之后,没记错的话上次出问题,当时检查了一下也看到一个河南省洛阳市的ip访问过,之后的日志就没有了。不会是被人攻击了吧。:(下图7)

补充一下:
刚才看了一下/var/log/messages
里面在3:06:01秒也有状况,但是看不懂是什么意思。
 (图8)
(图8)
贴文字:
Jul 26 03:06:01 iZ622symbn1Z rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="816" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Jul 26 10:09:05 iZ622symbn1Z init: tty (/dev/tty1) main process (990) killed by TERM signal
Jul 26 10:09:05 iZ622symbn1Z init: tty (/dev/tty2) main process (992) killed by TERM signal
Jul 26 10:09:05 iZ622symbn1Z init: tty (/dev/tty3) main process (994) killed by TERM signal
Jul 26 10:09:05 iZ622symbn1Z init: tty (/dev/tty4) main process (996) killed by TERM signal
Jul 26 10:09:05 iZ622symbn1Z init: tty (/dev/tty5) main process (998) killed by TERM signal
Jul 26 10:09:05 iZ622symbn1Z init: tty (/dev/tty6) main process (1000) killed by TERM signal
Jul 26 10:09:12 iZ622symbn1Z kernel: Kernel logging (proc) stopped.
Jul 26 10:09:12 iZ622symbn1Z rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="816" x-info="http://www.rsyslog.com"] exiting on signal 15.
Jul 26 10:10:24 iZ622symbn1Z kernel: imklog 5.8.10, log source = /proc/kmsg started.
Jul 26 10:10:24 iZ622symbn1Z rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="821" x-info="http://www.rsyslog.com"] start
Jul 26 10:10:24 iZ622symbn1Z kernel: Initializing cgroup subsys cpuset
Jul 26 10:10:24 iZ622symbn1Z kernel: Initializing cgroup subsys cpu
Jul 26 10:10:24 iZ622symbn1Z kernel: Linux version 2.6.32-431.23.3.el6.x86_64 (mockbuild@c6b8.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) ) #1 SMP Thu Jul 31 17:20:51 UTC 2014
Jul 26 10:10:24 iZ622symbn1Z kernel: Command line: ro root=UUID=94e4e384-0ace-437f-bc96-057dd64f42ee rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto  KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
Jul 26 10:10:24 iZ622symbn1Z kernel: KERNEL supported cpus:
Jul 26 10:10:24 iZ622symbn1Z kernel:  Intel GenuineIntel
Jul 26 10:10:24 iZ622symbn1Z kernel:  AMD AuthenticAMD
Jul 26 10:10:24 iZ622symbn1Z kernel:  Centaur CentaurHauls
这是日志文件的开头了,也是从Jul 26 03:06:01开始的,之前的记录似乎没了。。
继续补充:
刚才在找到一个叫:cron-2015-0726的日志文件:
文件尾的内容如下:
Jul 26 01:40:01 iZ622symbn1Z CROND[4457]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 01:50:01 iZ622symbn1Z CROND[4507]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 02:00:01 iZ622symbn1Z CROND[4537]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 02:01:01 iZ622symbn1Z CROND[4539]: (root) CMD (run-parts /etc/cron.hourly)
Jul 26 02:01:01 iZ622symbn1Z run-parts(/etc/cron.hourly)[4539]: starting 0anacron
Jul 26 02:01:01 iZ622symbn1Z anacron[4550]: Anacron started on 2015-07-26
Jul 26 02:01:01 iZ622symbn1Z anacron[4550]: Jobs will be executed sequentially
Jul 26 02:01:01 iZ622symbn1Z anacron[4550]: Normal exit (0 jobs run)
Jul 26 02:01:01 iZ622symbn1Z run-parts(/etc/cron.hourly)[4552]: finished 0anacron
Jul 26 02:10:01 iZ622symbn1Z CROND[4556]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 02:20:01 iZ622symbn1Z CROND[4564]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 02:30:01 iZ622symbn1Z CROND[4569]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 02:40:01 iZ622symbn1Z CROND[4571]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 02:50:01 iZ622symbn1Z CROND[4603]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 03:00:01 iZ622symbn1Z CROND[4622]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jul 26 03:01:01 iZ622symbn1Z CROND[4624]: (root) CMD (run-parts /etc/cron.hourly)
Jul 26 03:01:01 iZ622symbn1Z run-parts(/etc/cron.hourly)[4624]: starting 0anacron
Jul 26 03:01:01 iZ622symbn1Z anacron[4635]: Anacron started on 2015-07-26
Jul 26 03:01:01 iZ622symbn1Z anacron[4635]: Will run job `cron.daily' in 5 min.
Jul 26 03:01:01 iZ622symbn1Z run-parts(/etc/cron.hourly)[4637]: finished 0anacron
Jul 26 03:01:01 iZ622symbn1Z anacron[4635]: Jobs will be executed sequentially
Jul 26 03:06:01 iZ622symbn1Z anacron[4635]: Job `cron.daily' started
Jul 26 03:06:01 iZ622symbn1Z run-parts(/etc/cron.daily)[4638]: starting logrotate
看了一下logrotate的配置文件如下:
/var/log/httpd/*log {
    missingok
    notifempty
    sharedscripts
    delaycompress
    postrotate
        /sbin/service httpd reload > /dev/null 2>/dev/null || true
    endscript
}
Copyright 2014-2025 https://www.php.cn/ All Rights Reserved | php.cn | 湘ICP备2023035733号
1.
top看负载情况2.查httpd日志