Logging of what ended a process?

centos process kill syslog rsyslog
8,088

System will end processes from time to time.

Yes, the Linux kernel can kill processes when there is a severe lack of memory (and swap!). The feature that does this is called "oomkiller" (out of memory killer) and detailed information is written to the kernel log about the process was killed. You can see that log with dmesg and the syslog server is usually configured to write it to /var/log/kern.log.

However, if your system is running so low on memory that this happens on a regular basis, that's usually considered a critical problem that should be addressed. There is no way to control which process the oomkiller will choose to kill, and it might very well kill important system processes from time to time, so you cannot really count on your system being fully stable after this has happened.

I would also like to log user that uses kill cmd

That information is not collected or logged by anything and is not available. About the best you might hope for is that someone ran sudo kill <something> in which case sudo (not kill) will log the command. But normal users probably aren't using sudo.

Share:
8,088

Related videos on Youtube

wez
Author by

wez

Updated on September 18, 2022

Comments

  • wez
    wez over 1 year

    Due to the tight resources of the server, I suspect System will end processes from time to time. I want those events to be logged in a separate file for investigation.

    How do I set that in syslog.conf? I would also like to log user that uses kill cmd to end process.

    System is CentOS release 6.4 running with rsyslogd.

  • Sreeraj
    Sreeraj over 9 years
  • Wildcard
    Wildcard almost 7 years
    "I would also like to log user that uses kill cmd to end process." Actually, there are all kinds of things wrong with that question. Users can only kill their own processes, unless they have root permissions. Without root permissions, you know who killed any given process: it was either the process's owner, or it was root. If users use sudo then you have logging. But if users are logged in as root, then what do you mean by "log users that use the kill command"? You mean log which people use the kill command? But the kernel doesn't know about people, only about users.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can't kill a sleeping process
Bash script to kill specific process running longer than 5m
File location for Syslogs in Centos machine
What is the syslog facility for auditd logs?
Bash store command PID in variable and kill process
Return code when OS kills your process
Windows CE. How to kill a process by name?
Resume a stopped process through command line
Increase precision of apache log to include milliseconds
What does kill 0 do actually?