In Linux, instances of currently running programs are referred to as processes. When you start Apache for example, it is assigned a process ID. This ID is then used to monitor and control the program. Monitoring and controlling processes is a core responsibility of any Linux system administrator. An admin can stop ("kill") a process, restart it, or even assign it a different priority. The standard Linux commands ps and top are commonly used to look at the current process table. I'm going to show you how to use these and other commands to manage processes on a Linux system. Monitoring processes with ps
One of the standard tools for monitoring Linux processes is ps, which is short for process status. This command returns information on running programs. The information can include the username a program is running under, the amount of CPU it is using, and the length of time it has been running. This data can be valuable when you need to manually stop a program or if you just need to determine what program is slowing down the system. If you issue the ps command alone, it will list only processes that are running on the current terminal. Here is an example output of ps run from a remote shell: $ ps
PID TTY         TIME CMD
4684 pts/14   00:00:00 bash
27107 pts/14   00:00:00 ps
Currently, the only processes assigned to this user/terminal are the Bash shell and the ps command itself. You can see the PID (Process ID) listed for each one as well as the TTY, TIME, and CMD. TTY denotes which terminal the process is running on, TIME shows how much CPU time the process has used, and CMD is the name of the command that started the process. As you can see, a standard ps command really just lists the basics. To get more details about the processes running on your Linux system, you will need to pass some command line arguments. Passing ps the commonly used aux arguments will display processes started by other users (a), processes with no terminal or one different from yours (x), and the user who started the process and when it began (u). Listing A shows an example of what the output of ps aux might look like. There is a lot more information now. The fields USER, %CPU, %MEM, VSZ, RSS, STAT, and START have been added. Let's take a quick look at what this tells you. First, you now see all processes, not just the ones running on your terminal. The USER field shows you which user initiated the command. Many processes begin at system start time and often list root or some system account as the USER. Other processes are, of course, run by individuals. That information alone could help narrow down a problem. Say a user begins a script that eats up a lot of I/O on a production server. Being able to immediately tell who ran the program can speed up the time to resolution. The %CPU, %MEM, VSZ, and RSS fields all deal with system resources. First, you can see what percentage of the CPU the process is currently utilising. This information is shown in real time, so spikes can be harder to detect with ps. You may find yourself running ps commands rather frequently trying to catch a culprit process. Along with CPU utilisation, you can see current memory utilisation and its VSZ (virtual memory size) and RSS (resident set size). VSZ is the amount of memory the program would take up if it were all in memory; RSS is the actual amount currently in memory. Knowing how much a process is currently eating will help determine if it is acting normally or has spun out of control. Programs have a tendency to consume more memory and CPU than they should. While programmers work hard to make sure their code handles resources well, sometimes it is up to an administrator to decide if it needs to be stopped or restarted. You will notice a "?" in most of the TTY fields in the ps aux output. This is because most of these programs were started at boot time and/or by init scripts. The controlling terminal does not exist for these processes; thus, the question mark. On the other hand, the command linux-sanity-check has a TTY value of pts/14. This is a command being run from a remote connection and has a terminal associated with it. This information is helpful for when you have more than one connection open to a machine and want to determine which window a command is running in. STAT shows the current status of a process. In our example, many are sleeping, indicated by an S in the STAT field. This simply means that they are waiting on something. It could be user input or the availability of system resources. The linux-sanity-check, however, has a status of R, meaning it is currently running. Sometimes, you can glance through this list and focus on the R processes. If most processes are sleeping and there is some sort of problem, it can be best to focus on those currently running. That status isn't necessarily a bad sign, but sometimes a process that has been running overly long is an indication of some deeper issue.