Scribd
Upload
8 views18 pages

4.3 Lesson 2 - Where Data Is Stored

This document covers process management and system logging in the Linux operating system. It explains how processes are generated, identified, and managed, as well as the importance of logging system events for troubleshooting. Key commands such as top, ps, and journalctl are introduced for monitoring processes and accessing logs.

Uploaded by

mukopipowell
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
8 views18 pages

4.3 Lesson 2 - Where Data Is Stored

This document covers process management and system logging in the Linux operating system. It explains how processes are generated, identified, and managed, as well as the importance of logging system events for troubleshooting. Key commands such as top, ps, and journalctl are introduced for monitoring processes and accessing logs.

Uploaded by

mukopipowell
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 18

Topic 4: The Linux Operating System

4.3 Lesson 2

Linux Essentials www.linuxlearningcentre.co.ke 1


1. Processes

Every time a user issues a command, a program is run and one or more processes
are generated.

Processes exist in a hierarchy. After the kernel is loaded in memory on boot, the first
process is initiated which — in turn — starts other processes, which, again, can start
other processes.

Every process has a unique identifier (PID) and parent process identifier (PPID).
These are positive

integers that are assigned in sequential order.

Linux Essentials www.linuxlearningcentre.co.ke 2


Exploring Processes Dynamically: top


You can get a dynamic listing of all running processes with the top command:

Linux Essentials www.linuxlearningcentre.co.ke 3


Exploring Processes Dynamically: top

As we saw above, top can also give us information about memory and CPU consumption of the

overall system as well as for each process.

top allows the user some interaction.

By default, the output is sorted by the percentage of CPU time used by each process in descending

order. This behavior can be modified by pressing the following keys from within top:

M

Sort by memory usage.

N

Sort by process ID number.

T

Sort by running time.

P

Sort by percentage of CPU usage.

Linux Essentials www.linuxlearningcentre.co.ke 4


A Snapshot of Processes: ps

Another very useful command to get information about processes is ps. Whereas top provides dynamic information, that of ps is
static.

If invoked without options, the output of ps is quite discrete and relates only to the processes attached to the current shell:


The displayed information has to do with the process identifier (PID), the terminal in which the

process is run (TTY), the CPU time taken by the process (TIME) and the command which started the

process (CMD).

Linux Essentials www.linuxlearningcentre.co.ke 5


A Snapshot of Processes: ps

A useful switch for ps is -f which shows the full-format listing:


In combination with other switches, -f shows the relationship between parent and child processes:

Linux Essentials www.linuxlearningcentre.co.ke 6


2. Process Information in the /proc Directory


We have already seen the /proc filesystem. /proc includes a numbered subdirectory for everyrunning process
in the system (the number is the PID of the process):


Thus, all the information about a particular process is included within its directory.

Linux Essentials www.linuxlearningcentre.co.ke 7


3. The System Load


Each process on a system can potentially consume system resources. The so-called system load tries to aggregate
the overall load of the system into a single numeric indicator. You can see the current load with the command uptime:


The three last digits indicate the system’s load average for the last minute (2.91), the last five

minutes (1.59) and the last fifteen minutes (0.39), respectively.

Each of these numbers indicates how many processes were waiting either for CPU resources or

for input/output operations to complete. This means that these processes were ready to run if they

had received the respective resources.

Linux Essentials www.linuxlearningcentre.co.ke 8


4. System Logging and System Messaging


As soon as the kernel and the processes start executing and communicating with each other,
a lot

of information is produced. Most of it is sent to files — the so-called log files or, simply, logs.

Without logging, searching for an event that happened on a server would give sysadmins
many a

headache, hence the importance of having a standardized and centralized way of keeping
track of

any system events. Besides, logs are determinant and telling when it comes to
troubleshooting and

security as well as reliable data sources for understanding system statistics and making trend

predictions.

Linux Essentials www.linuxlearningcentre.co.ke 9


4. System Logging and System Messaging


Logging with the syslog Daemon

Traditionally, system messages have been managed by the standard logging facility — syslog — or any of its
derivatives — syslog-ng or rsyslog. The logging daemon collects messages from other services and programs and
stores them in log files, typically under /var/log. However, somservices take care of their own logs (take — for example
— the Apache HTTPD web server).

Likewise, the Linux kernel uses an in-memory ring buffer for storing its log messages.

Log Files in /var/log

Because logs are data that varies over time, they are normally found in /var/log.If you explore /var/log, you
will realize that the names of logs are — to a certain degree — quite self-explanatory. Some examples
include:

/var/log/auth.log

It stores information about authentication.

Linux Essentials www.linuxlearningcentre.co.ke 10


4. System Logging and System Messaging


/var/log/kern.log

It stores kernel information.

/var/log/syslog

It stores system information.

/var/log/messages

It stores system and application data.


NOTE

The exact name and contents of log files may vary across Linux distributions.

Linux Essentials www.linuxlearningcentre.co.ke 11


4. System Logging and System Messaging


Accessing Log Files

When exploring log files, remember to be root (if you do not have reading permissions) and use a pager such
as less;

Linux Essentials www.linuxlearningcentre.co.ke 12


4. System Logging and System Messaging


Log Rotation

Log files can grow a lot over a few weeks or months and take up all free disk space. To tackle this, the utility
logrotate is used. It implements log rotation or cycling which implies actions such as moving log files to a new
name, archiving and/or compressing them, sometimes emailing them to the sysadmin and eventually deleting
them as they grow old.

The conventions used for naming these rotated log files are diverse (adding a suffix with the date, for
example); however, simply adding a suffix with an integer is commonplace:

Linux Essentials www.linuxlearningcentre.co.ke 13


5. The Kernel Ring Buffer


The kernel ring buffer is a fixed-size data structure that records kernel boot messages as well as any live
kernel messages. The function of this buffer — a very important one — is that of logging all the kernel
messages produced on boot — when syslog is not yet available.

The dmesg command prints the kernel ring buffer (which used to be also stored in /var/log/dmesg). Because
of the extension of the ring buffer, this command is normally used in combination with the text filtering utility
grep or a pager such as less. For instance, to search for boot messages:

Linux Essentials www.linuxlearningcentre.co.ke 14


6. The System Journal: systemd-journald


As of 2015, systemd replaced SysV Init as a de facto system and service manager in most major Linux distributions. As a
consequence, the journal daemon — journald — has become the standard logging component, superseding syslog in most
aspects. The data is no longer stored in plain text but in binary form.


Thus, the journalctl utility is necessary to read the logs. On top of that, journald is syslog compatible and can be integrated with
syslog. journalctl is the utility that is used to read and query systemd’s journal database. If invoked without options, it prints the
entire journal:

Linux Essentials www.linuxlearningcentre.co.ke 15


Summary


In the context of data storage, the following topics have been discussed in this lesson: process

management and system logging and messaging.

Regarding process management, we have learned the following:

• Programs generate processes and processes exist in a hierarchy.

• Every process has a unique identifier (PID) and a parent process identifier (PPID).

• top is a very useful command to dynamically and interactively explore the running processes

of the system.

• ps can be used to obtain a snapshot of the current running processes in the system.

• The /proc directory includes directories for every running process in the system named after

their PIDs.

• The concept of system

utilization/overloading.

Linux Essentials www.linuxlearningcentre.co.ke 16


Summary


Concerning system logging, we must remember that:

• A log is a file where system events are recorded. Logs are invaluable when it comes to

troubleshooting.

• Logging has traditionally been handled by special services such as syslog, syslog-ng or rsyslog.

Nevertheless, some programs use their own logging daemons.

• Because logs are variable data, they are kept in /var and — sometimes — their names can give

you a clue about their content (kern.log, auth.log, etc.)

• Most logs are written in plain text and can be read with any text editor as long as you have the

right permissions. However, a few of them are binary and must be read using special

commands.

• To avoid problems with disk space, log rotation is carried out by the logrotate utility.

• As for the kernel, it uses a circular data structure — the ring buffer — where boot messages are

kept (old messages fade away over time).

• The system and service manager systemd replaced System V init in virtually all distros with

journald becoming the standard logging service.

• To read systemd’s journal, the journalctl utility is needed.

Linux Essentials www.linuxlearningcentre.co.ke 17


Summary


Commands used in this lesson:

Cat; Concatenate/print file content.

Dmesg; Print the kernel ring buffer.

Echo; Display a line of text or a newline.

File; Determine file type.

Grep; Print lines matching a pattern.

Last; Show a listing of last logged in users.

Less; Display contents of file one page at a time.

Ls; List directory contents.

Journalctl ;Query the systemd journal.

Tail; Display the last lines of a file.

Linux Essentials www.linuxlearningcentre.co.ke 18

You might also like