Nieuws:

Welkom, Gast. Alsjeblieft inloggen of registreren.
Heb je de activerings-mail niet ontvangen?

Auteur Topic: /var/log loopt vol tot mijn computer niet meer opstart  (gelezen 918 keer)

Offline Thomas de Graaff

  • Lid
  • Steunpunt: Nee
/var/log loopt vol tot mijn computer niet meer opstart
« Gepost op: 2008/03/09, 13:03:59 »
Ik had een probleem met mijn computer dat het proces dd 100% van mijn cpu in beslag nam. Toen de computer "hard" uitgezet. Daarna wou deze niet meer inloggen omdat de harde schijf vol was. Als oplossing met gparted de harde schijf vergroot. Daarna kon ik wel weer inloggen. Na enige tijd weer 100% cpu gebruik door dd proces, en weer de harde schijf vol. Inmiddels heb ik op een andere partitie een schone installatie gedaan.
Het blijkt dat de /var/log van de partitie die vol liep 1.1 gigabyte groot is.. Dit lijkt me niet de bedoeling. Er staan de volgende files:

Citaat
/var/log$ ls
acpid            cron.log.1.gz    dpkg.log.5.gz   messages.1.gz            syslog.4.gz
acpid.1.gz       cron.log.2.gz    dpkg.log.6.gz   messages.2.gz            syslog.5.gz
acpid.2.gz       cron.log.3.gz    dpkg.log.7.gz   messages.3.gz            syslog.6.gz
acpid.3.gz       cups             dpkg.log.8.gz   messages.4.gz            sysstat
acpid.4.gz       daemon.log       dpkg.log.9.gz   messages.5.gz            tinyproxy.log
apport.log       daemon.log.0     faillog         messages.6.gz            tinyproxy.log.1
apport.log.1     daemon.log.1.gz  fontconfig.log  news                     tinyproxy.log.15.gz
apport.log.2.gz  daemon.log.2.gz  fsck            ntpstats                 udev
apport.log.3.gz  daemon.log.3.gz  gdm             popularity-contest       unattended-upgrades
apport.log.4.gz  debug            installer       popularity-contest.0     user.log
apport.log.5.gz  debug.0          kern.log        popularity-contest.1.gz  user.log.0
apport.log.6.gz  debug.1.gz       kern.log.0      popularity-contest.2.gz  user.log.1.gz
apport.log.7.gz  debug.2.gz       kern.log.1.gz   popularity-contest.3.gz  user.log.2.gz
aptitude         debug.3.gz       kern.log.2.gz   popularity-contest.4.gz  user.log.3.gz
aptitude.1.gz    dist-upgrade     kern.log.3.gz   popularity-contest.5.gz  user.log.4.gz
auth.log         dmesg            kern.log.4.gz   popularity-contest.6.gz  user.log.5.gz
auth.log.0       dmesg.0          kern.log.5.gz   pycentral.log            user.log.6.gz
auth.log.1.gz    dmesg.1.gz       kern.log.6.gz   samba                    uucp.log
auth.log.2.gz    dmesg.2.gz       lastlog         scrollkeeper.log         vbox-install.log
auth.log.3.gz    dmesg.3.gz       lpr.log         scrollkeeper.log.1       wtmp
boot             dmesg.4.gz       mail.err        scrollkeeper.log.2       wtmp.1
btmp             dpkg.log         mail.info       syslog                   wvdialconf.log
btmp.1           dpkg.log.1       mail.log        syslog.0                 Xorg.0.log
clamav           dpkg.log.2.gz    mail.warn       syslog.1.gz              Xorg.0.log.old
cron.log         dpkg.log.3.gz    messages        syslog.2.gz
cron.log.0       dpkg.log.4.gz    messages.0      syslog.3.gz
Deze nemen dus veel ruimte in:
/var/log$ sudo du -hxs
1.1G    .
Als ik kijk welke files dan de meeste ruimte in nemen vind ik:

syslog (217 Mb), messages (217 Mb), kern.log (218 Mb), kern.log.0 (205 Mb) en messages.0 (205 Mb):

var/log$ sudo du -ah
12K     ./dpkg.log.3.gz
4.0K    ./samba/log.smbd.3.gz
4.0K    ./samba/log.nmbd.7.gz
16K     ./samba/log.swat
40K     ./samba/log.nmbd
16K     ./samba/log.gerrie
4.0K    ./samba/log.127.0.0.1
8.0K    ./samba/log.nmbd.1.gz
0       ./samba/log.192.168.1.68
4.0K    ./samba/log.nmbd.2.gz
4.0K    ./samba/log.smbd
4.0K    ./samba/log.thomas
8.0K    ./samba/log.gerrie-laptop
4.0K    ./samba/log.smbd.4.gz
0       ./samba/log.0.0.0.0
4.0K    ./samba/log.smbd.1.gz
4.0K    ./samba/log.smbd.7.gz
0       ./samba/log.192.168.1.65
0       ./samba/log.192.168.1.71
0       ./samba/log.127.0.1.1
4.0K    ./samba/log.192.168.1.67
4.0K    ./samba/log.nmbd.4.gz
4.0K    ./samba/log.nmbd.5.gz
0       ./samba/log.192.168.1.74
12K     ./samba/log.smbmount
4.0K    ./samba/cores/nmbd
4.0K    ./samba/cores/smbd
12K     ./samba/cores
4.0K    ./samba/log.tommie
4.0K    ./samba/log.smbd.2.gz
4.0K    ./samba/log.smbd.5.gz
0       ./samba/log.192.168.1.76
0       ./samba/log.192.168.1.75
0       ./samba/log.192.168.1.70
0       ./samba/log.192.168.1.64
4.0K    ./samba/log.nmbd.6.gz
4.0K    ./samba/log.nmbd.3.gz
4.0K    ./samba/log.smbd.6.gz
16K     ./samba/log.pc_van_joep
204K    ./samba
4.0K    ./unattended-upgrades
16K     ./acpid.1.gz
24K     ./dmesg
76K     ./cron.log
4.0K    ./dist-upgrade
217M    ./syslog
152K    ./messages.3.gz
4.0K    ./dpkg.log.2.gz
576K    ./wtmp.1
40K     ./tinyproxy.log.15.gz
4.0K    ./dpkg.log.8.gz
12K     ./user.log
8.0K    ./dmesg.2.gz
140K    ./kern.log.1.gz
217M    ./messages
128K    ./dpkg.log.1
40K     ./syslog.5.gz
92K     ./auth.log
16K     ./daemon.log.2.gz
5.8M    ./syslog.2.gz
12K     ./dpkg.log.4.gz
976K    ./debug.0
472K    ./debug
40K     ./popularity-contest
12K     ./debug.2.gz
0       ./mail.err
8.0K    ./dmesg.1.gz
168K    ./kern.log.3.gz
4.0K    ./cups/error_log.7.gz
0       ./cups/page_log
4.0K    ./cups/error_log.6.gz
4.0K    ./cups/error_log.4.gz
4.0K    ./cups/access_log.3.gz
4.0K    ./cups/access_log.4.gz
4.0K    ./cups/access_log.5.gz
4.0K    ./cups/access_log.7.gz
4.0K    ./cups/access_log.2.gz
4.0K    ./cups/error_log.1.gz
4.0K    ./cups/error_log.2.gz
4.0K    ./cups/error_log.3.gz
4.0K    ./cups/access_log.6.gz
4.0K    ./cups/error_log
4.0K    ./cups/error_log.5.gz
4.0K    ./cups/page_log.1.gz
4.0K    ./cups/access_log.1.gz
4.0K    ./cups/access_log
72K     ./cups
12K     ./popularity-contest.2.gz
4.0K    ./user.log.2.gz
712K    ./daemon.log
0       ./mail.log
408K    ./installer/syslog
4.0K    ./installer/lsb-release
24K     ./installer/hardware-summary
220K    ./installer/partman
0       ./installer/initial-status.gz
56K     ./installer/status
96K     ./installer/cdebconf/questions.dat
8.3M    ./installer/cdebconf/templates.dat
8.4M    ./installer/cdebconf
9.1M    ./installer
632K    ./daemon.log.0
128K    ./kern.log.5.gz
32K     ./user.log.6.gz
4.0K    ./clamav
44K     ./Xorg.0.log.old
0       ./apport.log
4.0K    ./auth.log.3.gz
116K    ./messages.5.gz
144K    ./messages.6.gz
4.0K    ./apport.log.2.gz
152K    ./kern.log.6.gz
16K     ./debug.1.gz
44K     ./Xorg.0.log
12K     ./popularity-contest.4.gz
4.0K    ./auth.log.2.gz
0       ./mail.info
8.0K    ./dpkg.log.5.gz
16K     ./lastlog
4.0K    ./acpid.2.gz
4.0K    ./scrollkeeper.log
268K    ./syslog.0
20K     ./vbox-install.log
4.0K    ./apport.log.7.gz
4.0K    ./dpkg.log.6.gz
44K     ./dpkg.log.9.gz
218M    ./kern.log
0       ./scrollkeeper.log.2
0       ./lpr.log
205M    ./kern.log.0
0       ./tinyproxy.log.1
4.0K    ./user.log.1.gz
0       ./tinyproxy.log
0       ./pycentral.log
4.0K    ./apport.log.6.gz
4.0K    ./acpid.3.gz
244K    ./kern.log.2.gz
8.0K    ./scrollkeeper.log.1
4.0K    ./apport.log.5.gz
4.0K    ./fsck/checkfs
4.0K    ./fsck/checkroot
12K     ./fsck
296K    ./udev
4.0K    ./cron.log.3.gz
104K    ./messages.1.gz
12K     ./popularity-contest.1.gz
0       ./mail.warn
0       ./aptitude
4.0K    ./cron.log.2.gz
4.0K    ./btmp
4.0K    ./user.log.3.gz
4.0K    ./auth.log.1.gz
8.0K    ./daemon.log.3.gz
8.0K    ./dmesg.4.gz
205M    ./messages.0
40K     ./syslog.1.gz
4.0K    ./apport.log.4.gz
4.0K    ./apport.log.1
4.0K    ./acpid.4.gz
0       ./news/news.crit
0       ./news/news.notice
0       ./news/news.err
4.0K    ./news
12K     ./popularity-contest.3.gz
4.0K    ./apport.log.3.gz
4.0K    ./wvdialconf.log
64K     ./user.log.0
44K     ./kern.log.4.gz
0       ./uucp.log
12K     ./user.log.5.gz
1.2M    ./acpid
84K     ./cron.log.0
8.0K    ./dmesg.3.gz
24K     ./syslog.4.gz
4.0K    ./fontconfig.log
8.0K    ./faillog
4.0K    ./sysstat
4.0K    ./boot
28K     ./ntpstats/peerstats.20080228.gz
88K     ./ntpstats/peerstats
4.0K    ./ntpstats/loopstats.20080228.gz
4.0K    ./ntpstats/loopstats.20080227.gz
16K     ./ntpstats/peerstats.20080229.gz
20K     ./ntpstats/peerstats.20080303.gz
4.0K    ./ntpstats/loopstats.20080305.gz
8.0K    ./ntpstats/loopstats
12K     ./ntpstats/peerstats.20080302.gz
4.0K    ./ntpstats/loopstats.20080229.gz
4.0K    ./ntpstats/loopstats.20080303.gz
32K     ./ntpstats/peerstats.20080305.gz
4.0K    ./ntpstats/loopstats.20080302.gz
12K     ./ntpstats/peerstats.20080301.gz
24K     ./ntpstats/peerstats.20080227.gz
4.0K    ./ntpstats/loopstats.20080301.gz
272K    ./ntpstats
12K     ./debug.3.gz
16K     ./daemon.log.1.gz
4.0K    ./cron.log.1.gz
40K     ./popularity-contest.0
24K     ./dmesg.0
152K    ./auth.log.0
40K     ./messages.4.gz
8.0K    ./gdm/:0.log.3
8.0K    ./gdm/:0.log.1
8.0K    ./gdm/:0.log.2
8.0K    ./gdm/:0.log.4
8.0K    ./gdm/:0.log
44K     ./gdm
84K     ./wtmp
12K     ./popularity-contest.5.gz
136K    ./syslog.6.gz
192K    ./messages.2.gz
28K     ./syslog.3.gz
12K     ./popularity-contest.6.gz
40K     ./dpkg.log
36K     ./user.log.4.gz
8.0K    ./dpkg.log.7.gz
4.0K    ./btmp.1
4.0K    ./aptitude.1.gz
1.1G    .
Als ik nu kijk wat er in deze files staat, dat continue herhaald wordt (commando cat, en dan afbreken omdat de lijst enorm lang is...):

syslog:
Citaat
Mar  6 13:29:08 localhost kernel: [16861.412000] ACPI Warning (utdelete-0397): Large Reference Count (97F6) in object debe9c54 [20060707]
Mar  6 13:29:08 localhost kernel: [16861.412000] ACPI Warning (utdelete-0397): Large Reference Count (97F8) in object debe99fc [20060707]
Mar  6 13:29:08 localhost kernel: [16861.412000] ACPI Warning (utdelete-0397): Large Reference Count (97F7) in object debe9c54 [20060707]
Mar  6 13:29:08 localhost kernel: [16861.412000] ACPI Warning (utdelete-0397): Large Reference Count (97F9) in object debe99fc [20060707]
Mar  6 13:29:08 localhost kernel: [16861.412000] ACPI Warning (utdelete-0397): Large Reference Count (97F8) in object debe9c54 [20060707] enz. enz.
messages:
Citaat
Mar  6 13:29:13 localhost kernel: [16865.632000] ACPI Warning (utdelete-0397): Large Reference Count (B1CD) in object debe99fc [20060707]
Mar  6 13:29:13 localhost kernel: [16865.632000] ACPI Warning (utdelete-0397): Large Reference Count (B1CC) in object debe9c54 [20060707]
Mar  6 13:29:13 localhost kernel: [16865.632000] ACPI Warning (utdelete-0397): Large Reference Count (B1CE) in object debe99fc [20060707]
Mar  6 13:29:13 localhost kernel: [16865.632000] ACPI Warning (utdelete-0397): Large Reference Count (B1CD) in object debe9c54 [20060707]
Mar  6 13:29:13 localhost kernel: [16865.632000] ACPI Warning (utdelete-0397): Large Reference Count (B1CF) in object debe99fc [20060707] enz. enz.
kern.log:
Citaat
Mar  6 13:29:10 localhost kernel: [16863.124000] ACPI Warning (utdelete-0397): Large Reference Count (A2D6) in object debe9c54 [20060707]
Mar  6 13:29:10 localhost kernel: [16863.124000] ACPI Warning (utdelete-0397): Large Reference Count (A2D8) in object debe99fc [20060707]
Mar  6 13:29:10 localhost kernel: [16863.124000] ACPI Warning (utdelete-0397): Large Reference Count (A2D7) in object debe9c54 [20060707]
Mar  6 13:29:10 localhost kernel: [16863.124000] ACPI Warning (utdelete-0397): Large Reference Count (A2D9) in object debe99fc [20060707]
Mar  6 13:29:10 localhost kernel: [16863.124000] ACPI Warning (utdelete-0397): Large Reference Count (A2D8) in object debe9c54 [20060707]
Mar  6 13:29:10 localhost kernel: [16863.124000] ACPI Warning (utdelete-0397): Large Reference Count (A2DA) in object debe99fc [20060707]
Iemand enig idee wat hier de oorzaak van kan zijn?

Offline ivo

  • Lid
  • Steunpunt: Nee
/var/log loopt vol tot mijn computer niet meer opstart
« Reactie #1 Gepost op: 2008/03/09, 15:16:27 »
Wat had je tegen dd verteld dat ie moest gaan doen?
There are only 10 types of people in the world; those who understand binary and those who don't.

Offline Thomas de Graaff

  • Lid
  • Steunpunt: Nee
/var/log loopt vol tot mijn computer niet meer opstart
« Reactie #2 Gepost op: 2008/03/09, 16:22:48 »
Citaat van: ivo
Wat had je tegen dd verteld dat ie moest gaan doen?
niets, het proces was van de root.

Offline ivo

  • Lid
  • Steunpunt: Nee
/var/log loopt vol tot mijn computer niet meer opstart
« Reactie #3 Gepost op: 2008/03/09, 16:29:32 »
dd start niet zomaar uit zichzelf lijkt me.
There are only 10 types of people in the world; those who understand binary and those who don't.

Offline Thomas de Graaff

  • Lid
  • Steunpunt: Nee
/var/log loopt vol tot mijn computer niet meer opstart
« Reactie #4 Gepost op: 2008/03/09, 16:37:22 »
Citaat van: ivo
dd start niet zomaar uit zichzelf lijkt me.
In deze verse installatie van Xubuntu zie ik in de process manager ook een proces dd staan. Alleen doet die niet veel. Eigenaar: root.

Offline Soul-Sing

  • Lid
  • Steunpunt: Nee
/var/log loopt vol tot mijn computer niet meer opstart
« Reactie #5 Gepost op: 2008/03/09, 16:55:36 »
" Sudo adds a log entry of the command(s) run (In /var/log/auth.log). If you mess up, you can always go back and see what commands were run. It is also nice for auditing."
: : https://help.ubuntu.com/community/RootSudo

Offline Thomas de Graaff

  • Lid
  • Steunpunt: Nee
/var/log loopt vol tot mijn computer niet meer opstart
« Reactie #6 Gepost op: 2008/03/09, 19:16:20 »
Citaat van: leoquant
" Sudo adds a log entry of the command(s) run (In /var/log/auth.log). If you mess up, you can always go back and see what commands were run. It is also nice for auditing."
: : https://help.ubuntu.com/community/RootSudo
Ik heb in die log-file gekeken, maar ik zie niets vreemds. Ik herinner me nog dat ik op het internet aan het kijken was toen ineens mijn computer heel traag werd en mijn processor 100% belast werd. Toen heb ik een terminal geopend en het commando top gegeven om te kijken wat dat was. Bleek dus dd te zijn.  Heb nog even geprobeerd wat meer te kijken e.d. maar computer was zo traag dat ik op een gegeven moment hem maar gewoon uit heb gezet om opnieuw op te starten. Toen kon ik dus niet meer inloggen (13:43, te zien in deze log).

/var/log/auth.log op het moment dat het probleem optrad (6 mrt 13:29):

Mar  6 11:35:01 localhost CRON[8430]: (pam_unix) session closed for user root
Mar  6 11:45:01 localhost CRON[8490]: (pam_unix) session opened for user root by (uid=0)
Mar  6 11:45:01 localhost CRON[8490]: (pam_unix) session closed for user root
Mar  6 11:55:01 localhost CRON[8558]: (pam_unix) session opened for user root by (uid=0)
Mar  6 11:55:01 localhost CRON[8558]: (pam_unix) session closed for user root
Mar  6 12:05:01 localhost CRON[8630]: (pam_unix) session opened for user root by (uid=0)
Mar  6 12:05:01 localhost CRON[8630]: (pam_unix) session closed for user root
Mar  6 12:15:01 localhost CRON[8698]: (pam_unix) session opened for user root by (uid=0)
Mar  6 12:15:01 localhost CRON[8698]: (pam_unix) session closed for user root
Mar  6 12:17:01 localhost CRON[8714]: (pam_unix) session opened for user root by (uid=0)
Mar  6 12:17:01 localhost CRON[8714]: (pam_unix) session closed for user root
Mar  6 12:25:01 localhost CRON[8746]: (pam_unix) session opened for user root by (uid=0)
Mar  6 12:25:01 localhost CRON[8746]: (pam_unix) session closed for user root
Mar  6 12:35:01 localhost CRON[8788]: (pam_unix) session opened for user root by (uid=0)
Mar  6 12:35:01 localhost CRON[8788]: (pam_unix) session closed for user root
Mar  6 12:45:01 localhost CRON[8811]: (pam_unix) session opened for user root by (uid=0)
Mar  6 12:45:02 localhost CRON[8811]: (pam_unix) session closed for user root
Mar  6 12:55:01 localhost CRON[8861]: (pam_unix) session opened for user root by (uid=0)
Mar  6 12:55:02 localhost CRON[8861]: (pam_unix) session closed for user root
Mar  6 13:05:01 localhost CRON[8923]: (pam_unix) session opened for user root by (uid=0)
Mar  6 13:05:01 localhost CRON[8923]: (pam_unix) session closed for user root
Mar  6 13:15:01 localhost CRON[8979]: (pam_unix) session opened for user root by (uid=0)
Mar  6 13:15:01 localhost CRON[8979]: (pam_unix) session closed for user root
Mar  6 13:17:01 localhost CRON[8995]: (pam_unix) session opened for user root by (uid=0)
Mar  6 13:17:01 localhost CRON[8995]: (pam_unix) session closed for user root
Mar  6 13:25:01 localhost CRON[9064]: (pam_unix) session opened for user root by (uid=0)
Mar  6 13:25:01 localhost CRON[9064]: (pam_unix) session closed for user root
Mar  6 13:35:02 localhost CRON[9108]: (pam_unix) session opened for user root by (uid=0)
Mar  6 13:35:02 localhost CRON[9108]: (pam_unix) session closed for user root
Mar  6 13:43:35 localhost sudo: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=tommie
Mar  6 13:45:06 localhost gdm[4725]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 13:55:01 localhost CRON[5644]: (pam_unix) session opened for user root by (uid=0)
Mar  6 13:55:01 localhost CRON[5644]: (pam_unix) session closed for user root
Mar  6 13:55:44 localhost su[5685]: Successful su for tommie by root
Mar  6 13:55:44 localhost su[5685]: + ??? root:tommie
Mar  6 13:55:44 localhost su[5685]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 13:55:44 localhost su[5685]: (pam_unix) session closed for user tommie
Mar  6 13:55:44 localhost su[5688]: Successful su for tommie by root
Mar  6 13:55:44 localhost su[5688]: + ??? root:tommie
Mar  6 13:55:44 localhost su[5688]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 13:55:44 localhost su[5688]: (pam_unix) session closed for user tommie
Mar  6 14:00:21 localhost su[6226]: Successful su for tommie by root
Mar  6 14:00:21 localhost su[6226]: + ??? root:tommie
Mar  6 14:00:21 localhost su[6226]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 14:00:21 localhost su[6226]: (pam_unix) session closed for user tommie
Mar  6 14:04:38 localhost su[6327]: Successful su for tommie by root
Mar  6 14:04:38 localhost su[6327]: + ??? root:tommie
Mar  6 14:04:38 localhost su[6327]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 14:04:38 localhost su[6327]: (pam_unix) session closed for user tommie
Mar  6 14:04:38 localhost su[6330]: Successful su for tommie by root
Mar  6 14:04:38 localhost su[6330]: + ??? root:tommie
Mar  6 14:04:38 localhost su[6330]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 14:04:38 localhost su[6330]: (pam_unix) session closed for user tommie
Mar  6 14:57:52 localhost su[6879]: Successful su for tommie by root
Mar  6 14:57:52 localhost su[6879]: + ??? root:tommie
Mar  6 14:57:52 localhost su[6879]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 14:57:52 localhost su[6879]: (pam_unix) session closed for user tommie
Mar  6 15:01:59 localhost su[6976]: Successful su for tommie by root
Mar  6 15:01:59 localhost su[6976]: + ??? root:tommie
Mar  6 15:01:59 localhost su[6976]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 15:01:59 localhost su[6976]: (pam_unix) session closed for user tommie
Mar  6 15:01:59 localhost su[6979]: Successful su for tommie by root
Mar  6 15:01:59 localhost su[6979]: + ??? root:tommie
Mar  6 15:01:59 localhost su[6979]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 15:01:59 localhost su[6979]: (pam_unix) session closed for user tommie
Mar  6 15:39:29 localhost su[7514]: Successful su for tommie by root
Mar  6 15:39:30 localhost su[7514]: + ??? root:tommie
Mar  6 15:39:30 localhost su[7514]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 15:39:30 localhost su[7514]: (pam_unix) session closed for user tommie
Mar  6 15:45:01 localhost CRON[7635]: (pam_unix) session opened for user root by (uid=0)
Mar  6 15:45:02 localhost CRON[7635]: (pam_unix) session closed for user root
Mar  6 15:49:50 localhost sudo:   tommie : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/cron -l
Mar  6 15:50:49 localhost su[7684]: Successful su for root by tommie
Mar  6 15:50:49 localhost su[7684]: + pts/0 tommie:root
Mar  6 15:50:49 localhost su[7684]: (pam_unix) session opened for user root by (uid=1000)
Mar  6 15:50:57 localhost su[7684]: (pam_unix) session closed for user root
Mar  6 15:55:01 localhost CRON[7702]: (pam_unix) session opened for user root by (uid=0)
Mar  6 15:55:01 localhost CRON[7702]: (pam_unix) session closed for user root
Mar  6 16:01:51 localhost sudo:   tommie : TTY=pts/0 ; PWD=/home/tommie ; USER=root ; COMMAND=/bin/ps -e
Mar  6 16:05:01 localhost CRON[7758]: (pam_unix) session opened for user root by (uid=0)
Mar  6 16:05:01 localhost CRON[7758]: (pam_unix) session closed for user root
Mar  6 16:11:08 localhost sudo:   tommie : TTY=pts/0 ; PWD=/home/tommie ; USER=root ; COMMAND=/usr/bin/lshw
Mar  6 16:15:01 localhost CRON[7774]: (pam_unix) session opened for user root by (uid=0)
Mar  6 16:15:01 localhost CRON[7774]: (pam_unix) session closed for user root
Mar  6 16:15:14 localhost su[7815]: Successful su for tommie by root
Mar  6 16:15:14 localhost su[7815]: + ??? root:tommie
Mar  6 16:15:14 localhost su[7815]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 16:15:14 localhost su[7815]: (pam_unix) session closed for user tommie
Mar  6 16:15:14 localhost su[7818]: Successful su for tommie by root
Mar  6 16:15:14 localhost su[7818]: + ??? root:tommie
Mar  6 16:15:14 localhost su[7818]: (pam_unix) session opened for user tommie by (uid=0)
Mar  6 16:15:14 localhost su[7818]: (pam_unix) session closed for user tommie
Mar  6 16:17:06 localhost su[8351]: Successful su for tommie by root
Je ziet daar dus inderdaad dat ik nadat ik de computer hard heb uitgezet ik niet meer kan inloggen. Daarna via herstelopstart optie wel in text mode ingelogd. Een beetje raar vind ik wel dat om de tien minuten er een sessie geopend wordt door de root, en weer gesloten. Maar dat is toch normaal denk ik, want dat is ook bij mijn huidige nieuwe installatie het geval. In principe staat er dus niets afwijkends in de auth.log op het moment dat het probleem met dd optrad.