Keep Linux processes under control

ANALYSIS In Linux, instances of currently running programs are referred to as processes. When you start Apache for example, it is assigned a process ID. This ID is then used to monitor and control the program. Monitoring and controlling processes is a core responsibility of any Linux system administrator. An admin can stop ("kill") a process, restart it, or even assign it a different priority. The standard Linux commands ps and top are commonly used to look at the current process table. I'm going to show you how to use these and other commands to manage processes on a Linux system. Monitoring processes with ps
One of the standard tools for monitoring Linux processes is ps, which is short for process status. This command returns information on running programs. The information can include the username a program is running under, the amount of CPU it is using, and the length of time it has been running. This data can be valuable when you need to manually stop a program or if you just need to determine what program is slowing down the system. If you issue the ps command alone, it will list only processes that are running on the current terminal. Here is an example output of ps run from a remote shell: $ ps
PID TTY         TIME CMD
4684 pts/14   00:00:00 bash
27107 pts/14   00:00:00 ps
Currently, the only processes assigned to this user/terminal are the Bash shell and the ps command itself. You can see the PID (Process ID) listed for each one as well as the TTY, TIME, and CMD. TTY denotes which terminal the process is running on, TIME shows how much CPU time the process has used, and CMD is the name of the command that started the process. As you can see, a standard ps command really just lists the basics. To get more details about the processes running on your Linux system, you will need to pass some command line arguments. Passing ps the commonly used aux arguments will display processes started by other users (a), processes with no terminal or one different from yours (x), and the user who started the process and when it began (u). Listing A shows an example of what the output of ps aux might look like. There is a lot more information now. The fields USER, %CPU, %MEM, VSZ, RSS, STAT, and START have been added. Let's take a quick look at what this tells you. First, you now see all processes, not just the ones running on your terminal. The USER field shows you which user initiated the command. Many processes begin at system start time and often list root or some system account as the USER. Other processes are, of course, run by individuals. That information alone could help narrow down a problem. Say a user begins a script that eats up a lot of I/O on a production server. Being able to immediately tell who ran the program can speed up the time to resolution. The %CPU, %MEM, VSZ, and RSS fields all deal with system resources. First, you can see what percentage of the CPU the process is currently utilising. This information is shown in real time, so spikes can be harder to detect with ps. You may find yourself running ps commands rather frequently trying to catch a culprit process. Along with CPU utilisation, you can see current memory utilisation and its VSZ (virtual memory size) and RSS (resident set size). VSZ is the amount of memory the program would take up if it were all in memory; RSS is the actual amount currently in memory. Knowing how much a process is currently eating will help determine if it is acting normally or has spun out of control. Programs have a tendency to consume more memory and CPU than they should. While programmers work hard to make sure their code handles resources well, sometimes it is up to an administrator to decide if it needs to be stopped or restarted. You will notice a "?" in most of the TTY fields in the ps aux output. This is because most of these programs were started at boot time and/or by init scripts. The controlling terminal does not exist for these processes; thus, the question mark. On the other hand, the command linux-sanity-check has a TTY value of pts/14. This is a command being run from a remote connection and has a terminal associated with it. This information is helpful for when you have more than one connection open to a machine and want to determine which window a command is running in. STAT shows the current status of a process. In our example, many are sleeping, indicated by an S in the STAT field. This simply means that they are waiting on something. It could be user input or the availability of system resources. The linux-sanity-check, however, has a status of R, meaning it is currently running. Sometimes, you can glance through this list and focus on the R processes. If most processes are sleeping and there is some sort of problem, it can be best to focus on those currently running. That status isn't necessarily a bad sign, but sometimes a process that has been running overly long is an indication of some deeper issue.

« Previous
1
2
Next »

Post your comment

In order to post a comment you need to be registered and logged in

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy. Questions about membership? Find the answers in the Membership FAQ

ZDNet UK Live

You are quite right. HDS has not been marketing their products well. USPV is miles ahead in terms of ease of use and technology on enterprise...

43 minutes ago by sgardia on Will the SUN set on Hitachi Data Systems OEM relationship?

Fedora is the same way as well. The yum update system uses "presto" which shrinks the amount of data needed for download. It's a great system....

12 hours ago by apexwm on Can you believe it - 2765 kB will be freed?

Updated ID cards considered for 2012: [zdnet.co.uk] The government is considering introducing a new generation of ID... http://dlvr.it/KpBZ

12 hours ago on Twitter by cybfor

Google, Viacom trade blows in YouTube copyright spat: [zdnet.co.uk] Google and the US media giant Viacom have issued... http://dlvr.it/Knht

13 hours ago on Twitter by cybfor

Be sure to include an audio option - eg. a beep tone - to intensify and reiterate the action. This will greatly benefit some consumers and give...

13 hours ago by CIMITL

Data disposal is really important to get right. There are standards set by UK and US federal governments to ensure that data is kept secure. If...

14 hours ago by DataSecurityUK

Online Fiber Optic Certification Join a talented group of professionals, who are dedicated to Fiber Optic Networking technology. The online course...

16 hours ago by chaycon1 on BT launches 40Mbps fibre-based broadband

Online Fiber Optic Certification Join a talented group of professionals, who are dedicated to Fiber Optic Networking technology. The online course...

16 hours ago by chaycon1 on Google to build gigabit broadband to the home

Hi Dava, I'm glad to hear from you, and glad that you see things from the other side. I think that is the most important point of the whole...

16 hours ago by J.A. Watson on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest

please please please please please please kill that spam bot.

17 hours ago by dava4444 on ZDNet UK: faster, smarter, still IT all the way

17 hours ago by 253chelisa253 on How security will look in 10 years

it is only greedy[microsoft]?

18 hours ago by lezlow on Researchers break into BitLocker

it didn't post the link it's 'Ubuntu 10.04 Lucid Lynx Beta-1 First Look' on youtube :) Dava

20 hours ago by dava4444 on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest

Hi James I disagree, Ubuntu needs a GUI update and this one IMO is quite good. your pics show a low res. here's a high res. on YouTube* The...

20 hours ago by dava4444 on Ubuntu 10.04 (Lucid Lynx) and the Latest Tempest

Hi any news on the comment bot? knocking me back from my own blog is a bit cheeky lol *Mulder to Scully* "I think it has an agenda.." I know, I...

21 hours ago by dava4444 on ZDNet UK: faster, smarter, still IT all the way

if you look at the Brentwood exchange on samknows it servers 21,000 residential propertiesm, Lowestoft serves 31,000! Come on BT sort yourselves...

21 hours ago by benny boy on BT fibre broadband coming to 69 more towns

[programming] H.264 - a sting in the tail http://reddit.com/bfu4q [zdnet.co.uk]

22 hours ago on Twitter by pbreddit

H.264 - a sting in the tail [programming] 13 points, submitted by zigzag [zdnet.co.uk] http://reddit.com/bfu4q

23 hours ago on Twitter by reddit

Malware infects second Vodafone HTC phone: [zdnet.co.uk] A second Android-based HTC Magic from Vodafone has been... http://dlvr.it/KhKx

1 day ago on Twitter by cybfor

Chatter preview http://www.zdnet.co.uk/news/application-development/2010/03/17/salesforce-opens-up-chatter-developer-preview-40088348/

1 day ago on Twitter by miyabi81

Featured white papers

Achieving PCI Compliance for:Privileged Password Management & Remote Vendor Access

e-DMZ Security

For multi-store outlets, including retail, banking, grocery, gas, hospitality, convenience stores and others, reducing (or avoiding) the cost of in-store system support and maintenance while maintaining compliance with PCI and other requirements has become a strategic challenge.

Download now

Web 2.0 Security Threats: How to Protect Your Enterprise Network

Qualys

Speaker: Dr. Chenxi Wang, Principal Analyst, Security and Risk Management, Forrester Research, Inc. As Enterprises are increasingly connected to the Internet and as hard organizational boundaries are fast disappearing, security professionals are facing fresh challenges in Enterprise computing.

Download now