Linux Survival Basics
Read-only, can be slowFind OOM Killer Lines in the Kernel Journal
You need recent kernel OOM or killed-process lines.
Command
journalctl -k --since '24 hours ago' --no-pager | grep -iE 'out of memory|oom-killer|killed process'
Before you run this
System impact: Read-only. Can create load on large logs, directories, filesystems, or process tables.
When not to use it: Do not assume the killed process caused the pressure; it may only be the victim.
Expected output
Kernel lines naming OOM activity and killed processes, or no output.
System impact
Read-only, can be slow. Nothing changes. The command reads current state and prints diagnostic evidence.
Scope this to the smallest useful path or service on busy systems.
Recovery / rollback: no state is changed.
When to use it
Use when a service disappeared, exited 137, or memory pressure is suspected.
When not to use it
Do not assume the killed process caused the pressure; it may only be the victim.
Example run
Commands shown
These are the commands shown for inspection. Treat them as an example, not proof that your system will behave identically.
journalctl -k --since '24 hours ago' --no-pagerjournalctl -k --since '24 hours ago' --no-pager | grep -iE 'out of memory|oom-killer|killed process'
next steps
Related commands
Spot OOM Kills in the Kernel Journal
Exit code 137 often means the kernel has something to say.
journalctl -k --since "2 hours ago" --no-pager -o short-iso | grep -Ei 'out of memory|oom|killed process'
Read Mount and fstab Warnings
The boot journal often names the mount or dependency that failed.
journalctl -b -p warning --no-pager | grep -iE 'mount|fstab|dependency'
Group Journal Errors by Unit
A noisy incident usually has a noisy source.
journalctl -p err..alert --since "2 hours ago" --no-pager -o short-iso | awk '{split($3,a,"["); unit=a[1]; count[unit]++} END {for (u in count) print count[u], u}' | sort -nr
Read Current-Boot Logs for One Service
Ignore stale logs and inspect only what happened since this boot.
journalctl -u nginx -b --no-pager -n 80
Find Errors Before Reading Every Log Line
The error was in the log. The problem was finding it without reading noise.
grep -iE 'error|failed|denied|timeout' /var/log/nginx/error.log | tail -40
next diagnostic step
Where to go from this command
- OOM killer logs hub Use for memory-kill triage.
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.