2

Is there a chance to get the processes that RAN before my system crash?

EDIT

What I really want is to see the past processes. My system crashed & I want to know if a specific process was the main reason.

I search into all /var/log logs, but nothing, the only suspect in this were some apache logs, where I found some kind of scans... So now I want to check out for all processes running at that time.

Improve this question
2
  • Your question is not clear: Are you asking for a way to get a list of all running processes, at the time of a system crash? And what do you mean by crash, it is one of these words that can mean a different thing to each person. Commented Jul 16, 2014 at 16:37
  • 1
    @richard Why are you trying to make the question more complicated than it is? He wants to get ps from an earlier point in time. The part about the crash is only the reason why he wants to get the ps, and has nothing else to do with the question. Commented Jul 16, 2014 at 16:47

2 Answers 2

Reset to default
3

Using a simple script it is possible to keep a running log of processes. With the log, you can go back and view what was running and what wasn't.

#!/bin/bash mkdir -p "$HOME/ps_logs" while true; do ps aux > "$HOME/ps_logs/ps_$(date +%Y-%m-%d_%H:%M:%S).log" sleep 60 # Logging interval in seconds. done

Unfortunately, without a log, you cannot go back in time and retrieve a list of running processes.

Improve this answer
3

Use the crash command.

# crash /usr/lib/debug/lib/module/vmlinux /var/crash/vmcore crash> ps

Note that you'll need to set up your system to save crash dumps.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.