We've looked in /var/log/messages, and in the /var/log/security file
No smoking gun, only thing we have so far is this:
In the postgres log we see this:
2014-03-07 15:58:09 MST [27223]: [18-1] db=,user=,host= LOG: received smart shutdown request
Indicating the db received a shutdown request, this can be only run 2 ways:
1) via pg_ctl as the postgres user
2) as a service as root
we looked at the .bash_history file for postgres and see no entries for pg_ctl
however we do see the service stop command in the root .bash_history file, but we have no
timestamps in the bash_history file
Are there other log files we can leverage for this search?
On Tue, Mar 11, 2014 at 11:30 AM, Dustin Kempter <dustink@xxxxxxxxxxxxxxxxxxx> wrote:
Hi,
we have a server (CentOS 6.4) running PostgreSQL, recently someone shut the db down and we want to find out who did this...
I see the db shutdown request in the postgresql log, and I suspect it was run as root (as a service) because we do not see any relevant shutdown commands in the postgres user's bash history file
Can someone point me in the right direction per figuring this out, who ran the command (I suspect it was root)? If so, where did the offending login come from (I.P.)? etc...
Thanks
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
