2

Is there a chance to get the processes that RAN before my system crash?

EDIT

What I really want is to see the past processes. My system crashed & I want to know if a specific process was the main reason.

I search into all /var/log logs, but nothing, the only suspect in this were some apache logs, where I found some kind of scans... So now I want to check out for all processes running at that time.

tachomi
  • 7,372
  • 4
  • 25
  • 45
  • Your question is not clear: Are you asking for a way to get a list of all running processes, at the time of a system crash? And what do you mean by crash, it is one of these words that can mean a different thing to each person. – ctrl-alt-delor Jul 16 '14 at 16:37
  • 1
    @richard Why are you trying to make the question more complicated than it is? He wants to get `ps` from an earlier point in time. The part about the crash is only the reason why he wants to get the `ps`, and has nothing else to do with the question. – Sepero Jul 16 '14 at 16:47

2 Answers2

3

Using a simple script it is possible to keep a running log of processes. With the log, you can go back and view what was running and what wasn't.

#!/bin/bash

mkdir -p "$HOME/ps_logs"

while true; do
    ps aux > "$HOME/ps_logs/ps_$(date +%Y-%m-%d_%H:%M:%S).log"
    sleep 60 # Logging interval in seconds.
done

Unfortunately, without a log, you cannot go back in time and retrieve a list of running processes.

Sepero
  • 1,569
  • 3
  • 20
  • 29
3

Use the crash command.

# crash /usr/lib/debug/lib/module/vmlinux /var/crash/vmcore
crash> ps

Note that you'll need to set up your system to save crash dumps.

doneal24
  • 4,910
  • 2
  • 16
  • 33