I have a SG250-10P switch. It recently crashed. I went in to check the log files and the crash wasn't in the logs at all. I found a few anomalies though and would like some clarification as to these things being normal.
Most of the logs were from last November then there was a gap of time until i logged in. So there was nothing for me to go on as far as what happened.
I cleared the logs and rebooted and the same thing. Logs from last November and then my login. I have read that when something has been hacked that one of the first things they do is change the log files to hide their tracks. This switch has been a champ until that crash so I'm a bit nervous and don't want to let this slide.
A couple of other things i noticed is that the log entry numbers are counting down instead of up. And that there are gaps in the numbers.
I don't have a log server yet but I am setting one up now. Because of that I only have that one page that the switch memory affords you for logs to go on.
I just want to know if all this is normal or if I should error on the side of caution and somehow reset this switch and start from scratch.