<div>
Refer to /var/log/* for details.<br />
<br />
Likely log files to review are syslog + kern.log or whatever equivalent files you have on your system.<br />
<br />
You can also use the following to narrow down problems...<br />
<br />

<pre><code id="code-20-42662177-1">journalctl --since=today</code></pre>
<br />
You can also go deeper by doing something like <a href="https://serverfault.com/questions/789442/how-can-you-distinguish-between-a-crash-and-a-reboot-on-rhel7" rel="ugc"><u>https://serverfault.com/qu<wbr />estions/78<wbr />9442/how-c<wbr />an-you-dis<wbr />tinguish-b<wbr />etween-a-c<wbr />rash-and-a<wbr />-reboot-on<wbr />-rhel7</u></a> describes.<br />
<br />
Likely simple review of /var/log/* will be sufficient.
</div>


Refer to /var/log/* for details.

Likely log files to review are syslog + kern.log or whatever equivalent files you have on your system.

You can also use the following to narrow down problems...



journalctl --since=today


You can also go deeper by doing something like https://serverfault.com/questions/789442/how-can-you-distinguish-between-a-crash-and-a-reboot-on-rhel7 [https://serverfault.com/questions/789442/how-can-you-distinguish-between-a-crash-and-a-reboot-on-rhel7] describes.

Likely simple review of /var/log/* will be sufficient.

<div>
I am very acquainted with /var/log* and I have searched using grep through the files. &nbsp;As you know audit.log provides some of those answers but they are very difficult to follow. &nbsp;That is why I specified in the question the answer needs to use sar or atop.
</div>


I am very acquainted with /var/log* and I have searched using grep through the files.  As you know audit.log provides some of those answers but they are very difficult to follow.  That is why I specified in the question the answer needs to use sar or atop.

<div>
<div class="content wysiwyg-content">
My system crashed and I need to find out what caused the crash. &nbsp;I have atop installed and I can see what process caused the problem by using the log files with atop. &nbsp;However, I want to know what programs and files were involved in the process.<br />
<br />
Is there a way to do this with atop and/or sar?<br />
<br />
I am on a Linux 2 AWS instance.
</div>
</div>


My system crashed and I need to find out what caused the crash.  I have atop installed and I can see what process caused the problem by using the log files with atop.  However, I want to know what programs and files were involved in the process.

Is there a way to do this with atop and/or sar?

I am on a Linux 2 AWS instance.

Need PID Details Historically

The Apache HTTP Server is a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. Typically Apache is run on a Unix-like operating system, but it is available for a wide variety of operating systems, including Linux, Novell NetWare, Mac OS-X and Windows. Released under the Apache License, Apache is open-source software.

Apache Web Server

A Linux distribution is an operating system made as a software collection based on the Linux kernel and, often, on a package management system and are available for a variety of systems. A typical Linux distribution comprises a Linux kernel, GNU tools and libraries, additional software, documentation, a window system (the most common being the X Window System), a window manager, and a desktop environment. Most Linux systems are open-source software made available both as compiled binaries and in source code form, allowing modifications to the original software. Over three hundred distributions are in active development, including commercially backed distributions (such as Fedora, openSUSE and Ubuntu) and community-driven distributions (such as Debian, Slackware, Gentoo and Arch Linux).