Hi Uli,
i let my system on overnight to download a huge package. This morning something strange happened and ended in a reboot. Has this been an attack? No suspicios root logins detected (all from me) ...
There's not enough evidence to indicate an attack.
/var/log/messages Nov 4 07:18:46 panama isdnlog: Nov 04 07:18:46 tei 71 calling +49 xxxxxx, Berlin with +49 xxxxx, Nürnberg 423.CI 25.380 DM (after 7:02:00)
This is your last sucessful log entry Many of these deleted....
@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
Check with a binary editor or "od -x" but this looks like null bytes displayed as ctrl-@
Nov 4 07:35:50 panama syslogd 1.3-3: restart.
And that's the restart. I wouldn't trust the timestamps unless you are sure your hardware clock is kept in sync with the OS. 07:18 is the time known by the OS before the crash. 07:35 is the OS time after it has been reset by the hardware clock. What you appear to have here is : a known time the computer was operating; a hole in the log maybe caused by the block being in the process of being written at the time of the crash; a known time it was working again. You now need to check the other logs for entries between the two and look for debris on the file system with timestamps in that range. From these you may be able to piece together events leading to the crash. I doubt this is really a security issue but you do need to find the cause & fix it. Good luck. John