Coming home from a 2 day business trip, I find all the services, Apache, Email, SSH, Nodeworx, etc. on my Redhat 9 server non responding. The server pinged fine.

After having Sago reboot my server everything worked fine, however now I would like to find out what the heck happened, and Sago told me to look in the /var/log folder for clues.

Being a Windows geek more than a Linux geek, I hope that someone can give me a hint as exactly where to look and for what. I mean which file or subfolder.

I did ask this to Sago but they coughed back their standard "Server not a managed server, so give us $50 bucks and we'll tell you!".

RWF,

Probably the first thing I would do is try to determine what time the services went down. That way, you have a general starting point when looking through all the various logs. Look for huge jumps in timestamps. Your best bet would be to look through the httpd logs first (/var/log/httpd/transfer.log), since an active web server will probably have log data every couple seconds.

Good luck!
Socheat

Just looked in that folder and there are no files with the name transfer.log, only access_log, error_log, ssl_error, suexec.log, ssl_request_log, ssl_scache.dir, and ssl_scache.pag

Sorry, I meant access_log.

The access_log files contains little information, at least not useful information.

Out of the 5 files there where, the one that contained the mentioned date range looked like this (entire file):

199.203.56.234 - - [13/Feb/2006:06:05:27 -0500] "GET / HTTP/1.1" 404 -
199.203.56.234 - - [13/Feb/2006:06:05:28 -0500] "GET / HTTP/1.1" 404 -
194.72.238.62 - - [15/Feb/2006:05:31:06 -0500] "HEAD / HTTP/1.0" 404 -
194.72.238.62 - - [15/Feb/2006:09:09:45 -0500] "HEAD / HTTP/1.0" 404 -
194.72.238.62 - - [15/Feb/2006:12:09:40 -0500] "HEAD / HTTP/1.0" 404 -
194.72.238.62 - - [18/Feb/2006:03:01:41 -0500] "GET / HTTP/1.0" 404 -
194.72.238.62 - - [18/Feb/2006:03:14:39 -0500] "GET / HTTP/1.0" 404 -
194.72.238.62 - - [18/Feb/2006:05:55:41 -0500] "GET / HTTP/1.0" 404 -
194.72.238.62 - - [18/Feb/2006:16:49:35 -0500] "HEAD / HTTP/1.0" 404 -
194.72.238.62 - - [18/Feb/2006:20:43:08 -0500] "HEAD / HTTP/1.0" 404 -
194.72.238.62 - - [18/Feb/2006:23:49:35 -0500] "HEAD / HTTP/1.0" 404 -
194.72.238.62 - - [19/Feb/2006:02:55:10 -0500] "HEAD / HTTP/1.0" 404 -

How in the world can this sparesome information be used for ANYTHING?!? Not the least to tell me what went wrong on Wednesday around noon est!

I would look in /var/log/messages or whatever your kernel log is for your system