2

I have seen from the logs/kernel messages that a termination signal has been sent to a process with PID say 1234. Now (few seconds after I see it), ps says that the process is no longer running, (to be exact, there is no process currently running with PID 1234).

So, one strong possibility is that the termination signal was successful. Now, is there any way to know any detail(s) of that process/service/daemon which had PID 1234 at that time (like the process name, location of the binary etc) ?

More emphasis is on late PID of the process killed a few seconds back and not on the specific termination signal.

Akshay Krishnan R
  • 144
  • 1
  • 7
  • How about using auditd to [log processes](http://superuser.com/questions/222912/how-can-i-log-all-process-launches-in-linux) as they get created ? – lemonsqueeze Oct 19 '14 at 18:44
  • my primary intention is to know if Linux already has a mechanism to do so. Like if it will be stored on any structure temporarily immediately after it is released by the PCB and umounted from /proc – Akshay Krishnan R Oct 21 '14 at 09:33
  • There are many ways to achieve what you want. You could catch the information "live" while the process is still there. Or if you want to keep a trace / be notified you have to subscribe first. As with other resources, once a process is gone, it's gone... – lemonsqueeze Oct 21 '14 at 12:18
  • if some system service is related to that PID, it is often mentioned somewhere before, examine `zgrep -i 1234 /var/log/*` –  Jul 05 '17 at 06:02

0 Answers0