Linux – Unix / Linux command to see finished or killed processes

linuxpsunix

Is there a way to see processed that finished running or were killed a given amount of time ago?

For instance, ps -ef will show all running processes, but if a process finishes, it is no longer returned by this command. So for instance if I wanted to see what processes (with their commands) were running an hour ago, is there any command to do that? Or a log of processes no longer in use?

Trying to investigate a blip an hour ago and would like as much information as possible!

Cheers

Best Answer

You can find that information in the system log /var/log/syslog and /var/log/messages

Depending on what process they were you may be able to find some info about their start time etc.

ex:

Feb  1 12:31:21 centos7 NetworkManager[809]: <info> dhclient started with pid 1319

If you are investigating some resource usage you can log it using pidstat and write it to a log file.

Also some applications write a PID file so for future you can log that as well.

Best Answer

Related Solutions

Linux/Unix – SSL Certificate Location Guide

Linux – Process Killed Despite Sufficient Memory

Related Topic