我正在Amazon EC2实例中运行Ubuntu 10.04 LTS。
系统突然变得没有反应。 当我检查日志文件时,我在/ var / log / syslog中发现了以下错误
2月22日04:10:01 ip-10-0-1-12 CRON [16153] :(根)CMD(/ usr / sbin / cm-sysmon)^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @ ^ @二月22 04:29:47 ip-10-0-1-12 kernel:imklog 4.2.0,log source = / proc / kmsg启动。 2月22日04:29:47 ip-10-0-1-12 rsyslogd:[origin software =“rsyslogd”swVersion =“4.2.0”x-pid =“656”x-info =“http:// www。 rsyslog.com“](重新启动)2月22日04:29:47 ip-10-0-1-12 rsyslogd:rsyslogd的groupid更改为103 Feb 22 04:29:47 ip-10-0-1-12 rsyslogd: rsyslogd的userid已更改为101 2月22日04:29:47 ip-10-0-1-12 rsyslogd-2039:无法打开输出文件'/ dev / xconsole'[尝试http://www.rsyslog.com/e/ 2039 ] Feb 22 04:29:47 ip-10-0-1-12 kernel:[0.000000]初始化cgroup子系统cpuset Feb 22 04:29:47 ip-10-0-1-12 kernel:[0.000000]初始化cgroup子系统CPU
我们必须重新启动系统才能使其正常运行。
我很惊讶地看到系统日志中的垃圾值。
在/var/log/kern.log或/ var / log / messages中没有任何可疑的东西。
在那段时间我怎样才能找出问题所在?
这看起来像/ usr / sbin / cm-sysmon是重启前04:10:01的最后一个命令。
在04:29:47系统启动并再次运行,但连接到控制台时出现问题。
我想后者是突然重启导致的EC2问题。
最好的猜测是看看/ usr / sbin / cm-sysmon – 但这可能是完全无辜的。
垃圾看起来像是写入系统日志的0值 – 可能是攻击或木马可能导致这种情况。