I'm writing a bash script that will print on the screen all the latest logs from a service that has already died (or still lives, both situations must work). I know its name and don't have to guess.
I'm having difficulty getting the latest PID for a process that has already died from journalctl. I'm not talking about this:
journalctl | grep "<processname>"
This will give me all the logs that include processname in their text.
I've also tried:
journalctl | pgrep -f "<processname>"
This command gave me a list of numbers which supposedly should include the pid of my process. It was not there.
These ideas came from searching for previous questions. I haven't found a question that answers specifically what I asked.
How can I extract the latest PID from journalctl for a specific process?
I figured this out.
First, you must be printing your PID in your logs. It doesn't appear there automatically. Then, you can use grep -E and awk to grab exactly the expression you want from your log:
Var=$(journalctl --since "24 hours ago" | grep -E "\[([0-9]+)\]" | tail -n 1 | awk '{print $5}' | awk -F"[][{}]" '{print $2}'
This one-liner script takes the logs from the last 24 hours, grep with -E to use an expression, tail -n 1 to grab the last most updated line from those results and then, using awk to delimit the line and grab the exact expression you need from it.
Related
I want to obtain all the process that are running in the system, but only from yesterday.
I am using this, ps -eo etime,pid
but i need only list the process from yesterday, any idea?
INFO: active from yesterday, process actually running from yesterday
Thanks in advance
If you want all the pids that have been running for more than 1 day but less than 2:
ps -e -o pid= -o etime= | sed 's/^ *//' | awk -F '[ -]+' 'NF>2 && $2==1 {print $1}'
if you want just more than 1 day, change it to $2>=1
It is not clear what exactly you need
But if you needed it from a specific time, just add it to crontab.
For example:
0 2 * * * ps -eo etime,pid>/tmp/processes.txt
This way you will have a snapshot from the processes running on 2:00
If you didnt mean that please be more specific of what exactly do you need
I'm trying to get the process id of multiple processes run from a multiple tmux windows. Each processes started have their unique command line. I think only the command line is unique as there can be multiple processes with same name. what i did currently is
process_pid=$(ps --no-headers aux | grep "${process_cmd_line}" | grep -v grep | awk '{print $2}' | tr '\n' '')
This works for me. But i want to know if this is the correct approach to do this. I know there are output format specifiers. Any example to do the same with the format specifier or an improvement over the code above?
I need to write a script for:
select all the PIDs
check which PIDs are not generating any logs for last 24 hours
filter those PIDs and kill them
So please suggest how to write the script
I don't want to give everything away, but only to get you started.
ps aux | tail -n +2 | awk '{print $2}'
will give you all the PIDs (step 1).
Good luck
Why read -t doesn't time out when reading from pipe on RHEL5 or RHEL6?
Here is my example which doesn't timeout on my RHEL boxes wile reading from the pipe:
tail -f logfile.log | grep 'something' | read -t 3 variable
If I'm correct read -t 3 should timeout after 3 seconds?
Many thanks in advance.
Chris
GNU bash, version 4.1.2(1)-release (x86_64-redhat-linux-gnu)
The solution given by chepner should work.
An explanation why your version doesn't is simple: When you construct a pipe like yours, the data flows through the pipe from the left to the right. When your read times out however, the programs on the left side will keep running until they notice that the pipe is broken, and that happens only when they try to write to the pipe.
A simple example is this:
cat | sleep 5
After five seconds the pipe will be broken because sleep will exit, but cat will nevertheless keep running until you press return.
In your case that means, until grep produces a result, your command will keep running despite the timeout.
While not a direct answer to your specific question, you will need to run something like
read -t 3 variable < <( tail -f logfile.log | grep "something" )
in order for the newly set value of variable to be visible after the pipeline completes. See if this times out as expected.
Since you are simply using read as a way of exiting the pipeline after a fixed amount of time, you don't have to worry about the scope of variable. However, grep may find a match without printing it within your timeout due to its own internal buffering. You can disable that (with GNU grep, at least), using the --line-buffered option:
tail -f logfile.log | grep --line-buffered "something" | read -t 3
Another option, if available, is the timeout command as a replacement for the read:
timeout 3 tail -f logfile.log | grep -q --line-buffered "something"
Here, we kill tail after 3 seconds, and use the exit status of grep in the usual way.
I dont have a RHEL server to test your script right now but I could bet than read is exiting on timeout and working as it should. Try run:
grep 'something' | strace bash -c "read -t 3 variable"
and you can confirm that.
I have several instances of a certain process running and I want to determine the process id of the one that has been started last.
So far I came to this code:
ps -aef | grep myProcess | grep -v grep | awk -F" " '{print $2}' |
while read line; do
echo $line
done
This gets me all process ids of myProcess. Somehow I need to compare now the running times of this pids and find out the one with the smallest running time. But I don't know how to do that...
An easier way would be to use pgrep with its -n, --newest switch.
Select only the newest (most recently started) of the matching
processes.
Alternatively, if you don't want to use pgrep, you can use ps and sort by start time:
ps -ef kbsdstart
Use pgrep. It has a -n (newest) option for that. So just try
pgrep -n myProcess