Monitoring Tips Using the ps Command

The ps command is an extremely powerful tool for monitoring processes on a Linux or Unix server.  Processes are the individual instances of a program running on your server.  With ps, you can find out which programs have running processes, how much memory they are using, how much processor power they are consuming, and which users are running them.  Depending the options you append to the command, you can view your server’s processes in a variety of ways.

To get a basic overview of running processes, type:

ps -A

The output will look something like this:

PID TTY          TIME CMD
1 ?        00:00:01 init
2 ?        00:00:00 kthreadd
3 ?        00:00:20 ksoftirqd/0
6 ?        00:00:00 migration/0
11 ?        00:00:00 cpuset
12 ?        00:00:00 khelper
13 ?        00:00:00 netns
15 ?        00:00:00 sync_supers
16 ?        00:00:00 bdi-default
17 ?        00:00:00 kintegrityd
18 ?        00:00:00 kblockd

To see more details, use the long format:

ps -Al

output:

F S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD
4 S     0     1     0  0  80   0 –   760 poll_s ?        00:00:01 init
1 S     0     2     0  0  80   0 –     0 kthrea ?        00:00:00 kthreadd
1 S     0     3     2  0  80   0 –     0 run_ks ?        00:00:20 ksoftirqd/0
1 S     0     6     2  0 -40   – –     0 cpu_st ?        00:00:00 migration/0
1 S     0    11     2  0  60 -20 –     0 rescue ?        00:00:00 cpuset
1 S     0    12     2  0  60 -20 –     0 rescue ?        00:00:00 khelper
1 S     0    13     2  0  60 -20 –     0 rescue ?        00:00:00 netns
1 S     0    15     2  0  80   0 –     0 bdi_sy ?        00:00:00 sync_supers
1 S     0    16     2  0  80   0 –     0 bdi_fo ?        00:00:00 bdi-default
1 S     0    17     2  0  60 -20 –     0 rescue ?        00:00:00 kintegrityd
1 S     0    18     2  0  60 -20 –     0 rescue ?        00:00:00 kblockd
1 S     0    19     2  0  60 -20 –     0 rescue ?        00:00:00 kacpid
1 S     0    20     2  0  60 -20 –     0 rescue ?        00:00:00 kacpi_notify
1 S     0    21     2  0  60 -20 –     0 rescue ?        00:00:00 kacpi_hotplug

To additionally see command-line arguments passed to the processes, add the “full mode” option:

ps -AlF

output:
1 S root      1100     1  0  80   0 –   853 poll_s   660   0 Aug06 ?        00:00:06 /usr/sbin/netdaemon
5 S root      1123     1  0  80   0 –   510 poll_s   340   0 Aug06 ?        00:00:00 /usr/sbin/inetd
1 S root      1195     1  0  80   0 –  3345 poll_s   628   0 Aug06 ?        00:00:00 /usr/sbin/winbindd
1 S root      1199  1195  0  80   0 –  3345 poll_s   296   0 Aug06 ?        00:00:00 /usr/sbin/winbindd
1 S root      1203     2  0  80   0 –     0 bdi_wr     0   0 Aug06 ?        00:00:10 [flush-8:0]
4 S root      1213     1  0  80   0 –  1293 poll_s  1588   0 Aug06 ?        00:00:06 /sbin/wpa_supplicant -u
4 S root      1313     1  0  80   0 –  1767 ep_pol  1692   1 Aug06 ?        00:00:02 /usr/sbin/cupsd -F
4 S root      1402     1  0  80   0 –  1364 wait    1296   0 Aug06 tty1     00:00:00 /bin/login —
4 S root      1556     1  0  80   0 –  5907 poll_s  2932   0 Aug06 ?        00:00:23 /usr/lib/udisks/u

To see process threads, add the “H” option.  This will tell you which processes are linked as “children” to others.

ps -AlFH

To see every single process running on the server along with CPU, memory, and virtual memory information, type:

ps aux

To see the processes running under a user named bob, for example, type:

ps -U bob -u bob u

To display the process IDs associated with a particular application (Apache, for example), type:

ps -C apache -o pid=

As you can see, with one simple command, your server will reveal a great deal of useful information about itself.  Whenever you suspect a particular program or even a particular user is causing trouble for the server, ps can help you track it down and neutralize it.











Comments: