Back to commands

Linux Survival Basics

Read-only, can be slow

Find OOM Killer Lines in the Kernel Journal

You need recent kernel OOM or killed-process lines.

Command

journalctl -k --since '24 hours ago' --no-pager | grep -iE 'out of memory|oom-killer|killed process'

Before you run this

System impact: Read-only. Can create load on large logs, directories, filesystems, or process tables.

When not to use it: Do not assume the killed process caused the pressure; it may only be the victim.

Expected output

Kernel lines naming OOM activity and killed processes, or no output.

System impact

Read-only, can be slow. Nothing changes. The command reads current state and prints diagnostic evidence.

Scope this to the smallest useful path or service on busy systems.

Recovery / rollback: no state is changed.

When to use it

Use when a service disappeared, exited 137, or memory pressure is suspected.

When not to use it

Do not assume the killed process caused the pressure; it may only be the victim.

Example run

Commands shown

These are the commands shown for inspection. Treat them as an example, not proof that your system will behave identically.

  1. journalctl -k --since '24 hours ago' --no-pager
  2. journalctl -k --since '24 hours ago' --no-pager | grep -iE 'out of memory|oom-killer|killed process'

next steps

Related commands

Linux Survival Basics Can be slow

Spot OOM Kills in the Kernel Journal

Exit code 137 often means the kernel has something to say.

journalctl -k --since "2 hours ago" --no-pager -o short-iso | grep -Ei 'out of memory|oom|killed process'
Linux Survival Basics Can be slow

Read Mount and fstab Warnings

The boot journal often names the mount or dependency that failed.

journalctl -b -p warning --no-pager | grep -iE 'mount|fstab|dependency'
Hosting Operations Can be slow

Group Journal Errors by Unit

A noisy incident usually has a noisy source.

journalctl -p err..alert --since "2 hours ago" --no-pager -o short-iso | awk '{split($3,a,"["); unit=a[1]; count[unit]++} END {for (u in count) print count[u], u}' | sort -nr
Linux Survival Basics Can be slow

Find Errors Before Reading Every Log Line

The error was in the log. The problem was finding it without reading noise.

grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -40

next diagnostic step

Where to go from this command

Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • LPIC-1 style command-line practice
  • LFCS style performance-task practice
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.