4

Is there a view to log and list down the processes executed in last 10 seconds ?

I especially want to trace the command line.

Madhur Ahuja
  • 1,499
  • 3
  • 12
  • 14
  • 1
    I don't know about timing, I don't think it is logged. But, this answer may help you to achieve what you want http://unix.stackexchange.com/a/67/14084 – Bernhard Jan 16 '13 at 07:39
  • Try ps kstart_time -ef. I think it'll help you to understand how to get what you want. – Eddy_Em Jan 16 '13 at 07:46
  • Note that you spawn/fork a process and you execute a command. A command may spawn several processes, some of which may execute another command, some of which would not. – Stéphane Chazelas Jan 16 '13 at 11:06

2 Answers2

2

If process is not finished, you could find them by:

ps axho etime,cmd| sed ':a;s/^\(0*\) /\10/g;ta' | sort | less

But if process is already finished, it's less sure:

You have to know where to search...

Warning! following work only if the binary is not in cache memory: if they was not accessed from a while.

Maybe a simple ls -ltru could be enough:

/bin/ls -ltru /etc/init.d | tail

If else, more sophisticated command could be:

find /usr/bin -type f -amin -1

find ${PATH//:/ } -type f -amin -1

find ${PATH//:/ } /home/*/bin -type f -amin -1

will show up all files accessed from less than one minute.

For 10 secs, it's more difficult:

while read time;do
    read name
    [ $time -lt 10 ] && echo $name
  done < <(find ${PATH//:/ } /home/*/bin -type f -amin -1 -print0 |
    xargs -0 --no-run-if-empty stat -c $(date +%s)$'-%X ;"%n\n"' |
    bc)
F. Hauri - Give Up GitHub
  • 4,602
0

Try this:

ps k-etime h -eo etimes,command | while read etime comm; do [ $etime -lt 10 ] && echo -e "$etime\t$comm"; done

This will show all processes that was started in last 10 seconds and are still running.

Eddy_Em
  • 1,323