wEEK 14
Processes and Logs
This week explores how Linux keeps track of what is happening right now (processes) and how it records what has already happened (logs). These two parts of the system work together: processes do the work, and logs explain the story afterward. Understanding both helps you diagnose problems, confirm activity, and manage long-running tasks.
P-L-O-G (Processes→ Logs → Observe→ Group & Summarizes)
P - Processes
Processes represent running programs, whether they’re user commands, system services, or background tasks you started earlier. Managing them involves identifying what’s active, placing work in the background, and stopping tasks when needed.
| Command | Use | Example Application |
|---|---|---|
ps -ef | Full system process list | Spot high-consumption tasks or runaway jobs |
ps -u "$USER" | Only your processes | Check that your script is still running |
ps -o pid,stat,time,cmd | Detailed view | Inspect process state and CPU time |
command & | Run in background | Start long-running analysis or data processing |
kill PID | Stop a process | Clean up test jobs or stalled tasks |
L - Logs
Logs record events as they happen. They allow you to reconstruct the past—what ran, what failed, what warned you, and at what time. System services and applications both depend on logs for reliability.
| Concept | What it means | Commands that connect |
|---|---|---|
| Creating logs | Capture a program’s output for later review | command > file.log, command 2> error.log |
| Keeping logs separate | Distinguish between normal messages and warnings/errors | stdout → app.log, stderr → app.err |
| Browsing logs safely | View long log files without editing them | less file.log |
| Rotating logs | Archive older logs to keep files manageable | cp app.log app-$(date +%H%M%S).log |
Logs are the system’s memory. If something happened, the log tells you when and how.
O - Observe
Observation focuses on quick checks. Instead of opening large files or scrolling endlessly, you use lightweight tools that show only what matters right now.
| Concept | What it means | Commands that connect |
|---|---|---|
| Checking the latest activity | Read the last few lines instead of entire logs | tail -n 10 file.log |
| Tracking logs as they update | Watch new events appear live | tail -f file.log |
| Searching for warnings or failures | Immediately locate trouble spots | grep WARN file.log |
| Measuring activity volumes | Count entries to check how busy logs have been | wc -l file.log |
Observation techniques help you answer: Is everything working now? and What changed recently?
Navigate the tree
G — Group & Summarize
Grouping pulls patterns out of logs so you can understand behavior over time. Instead of reading line by line, you aggregate messages to see structure—how often something happens, when peaks occur, or how different severities compare.
| Concept | What it means | Commands that connect |
|---|---|---|
| Counting severities | How many INFO vs WARN messages? | grep INFO, grep WARN, uniq -c |
| Grouping by timestamp | See which minutes or hours had the most activity | cut, sort, uniq -c |
| Reviewing recent archives | Summaries across multiple rotated logs | ls -1t, tail |
| Multi-file searches | Examine trends across the entire log set | grep -Hn pattern logs/* |
Summaries reveal trends that aren’t obvious from raw logs—ideal for spotting bursts, errors, or changes across runs.
This concludes Lecture 14: Processes and Logs. Please return to Blackboard to access the Week 10 materials.