We've looked in /var/log/messages, and in the /var/log/security file No smoking gun, only thing we have so far is this:
In the postgres log we see this: 2014-03-07 15:58:09 MST [27223]: [18-1] db=,user=,host= LOG: received smart shutdown request Indicating the db received a shutdown request, this can be only run 2 ways: 1) via pg_ctl as the postgres user 2) as a service as root we looked at the .bash_history file for postgres and see no entries for pg_ctl however we do see the service stop command in the root .bash_history file, but we have no timestamps in the bash_history file Are there other log files we can leverage for this search? On Tue, Mar 11, 2014 at 11:30 AM, Dustin Kempter < dust...@consistentstate.com> wrote: > Hi, > > we have a server (CentOS 6.4) running PostgreSQL, recently someone shut > the db down and we want to find out who did this... > > I see the db shutdown request in the postgresql log, and I suspect it was > run as root (as a service) because we do not see any relevant shutdown > commands in the postgres user's bash history file > > Can someone point me in the right direction per figuring this out, who ran > the command (I suspect it was root)? If so, where did the offending login > come from (I.P.)? etc... > > Thanks >
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org