Linux Process view system process information Commands include: static process view command (PS), dynamic process view command (top), and view process Tree Command (pstree ), these processes are described as follows:
1. view the PS of a static process
Ps command format: PS-Aux
PS-La view all system data
PS axjf connects to some process tree statuses
-A: Like-E, the table lists all processes.
-A: processes not related to Terminal
-U: processes related to valid users
X: usually used together with the parameter. Complete information can be listed.
Output Format: L: list the PID information carefully.
J: working format
-F: make a more complete output.
PS-L: only view bash-related processes
zhouyl@ubuntu:~$ ps -lF S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD0 S 1000 20257 20248 0 80 0 - 6067 wait pts/7 00:00:00 bash0 R 1000 21392 20257 0 80 0 - 2466 - pts/7 00:00:00 ps
F: Process flag
4: The permission is root.
1: indicates that the task can only be copied and cannot be executed.
S: indicates the state of the process (STAT)
R: running indicates that the instance is running.
S: Sleep indicates sleep, but can be awakened
D: It indicates a sleep state and cannot be awakened. Generally, this process may be waiting for I/O.
T: Stop indicates stopping, for example, pausing background work or error processes.
Z: Zombie process. The process has been terminated but cannot be put out of memory.
UID/Pid/ppid: indicates the user's UID/PID Number of the Process/PID Number of the parent PROCESS OF THE PROCESS
C: CPU usage, in percentage
PRI/Ni: indicates the CPU execution priority of the process. The smaller the number, the higher the priority.
ADDR: the part that supports the process in the memory. If the process is running, it indicates "-".
SZ: Memory occupied by the Process
Wchan: indicates whether the process is running. if the process is running, it indicates "-".
TTY: indicates the login terminal. If it is a remote login, it indicates pts/h.
Time: indicates the CPU usage time of the process.
CMD: Command, which indicates the process started by the command.
The following describes how to view all processes in the PS-Aux system.
zhouyl@ubuntu:~$ ps auxUSER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMANDroot 1 0.0 0.0 24564 2444 ? Ss 08:19 0:00 /sbin/initroot 2 0.0 0.0 0 0 ? S 08:19 0:00 [kthreadd]root 3 0.0 0.0 0 0 ? S 08:19 0:04 [ksoftirqd/0]
User: indicates the user to which the process belongs.
PID: PID of the process
% CPU: indicates the CPU usage of the process.
% Mem: indicates the physical memory usage of the process.
Vsz: indicates the amount of virtual memory occupied by the process.
RSS: indicates the amount of fixed memory occupied by the process.
TTY: indicates the login port.
Stat: Same as the process state described above (R/S/D/T/Z process)
Start: the start time of the process.
Time: indicates the CPU usage time of the process.
Command: The command that triggers the process.
Botnets
Generally, the cause of a botnet process is that the process should have been completed or terminated for some reason, but the parent process of the process cannot completely end the process, the process is always in the memory. If you find that the CMD of a process is followed by <defunct>, it indicates that the process is a zombie process. For example:
1 2598 2598 2598? -1 ss 0 0: 00/usr/sbin/hcid <defunct>
When the system is unstable, the so-called zombie process may be caused by poor program writing or improper user operations. If there are many zombie processes in the system, remember to find out the parent process and follow up to optimize the host environment. If not, only reboot is available.
Ii. Dynamic Processes: Top
TOP Command Format
Top [-d |-BNP Paribas]-D: indicates the interface refresh time, in seconds. The default value is 5 seconds-B: Top in batches, there are more parameters that can usually be used with data redirection. The batch processing result is output to the file-N: With-B, how many times do I need to output the result-P: view the direct process, followed by the process number? : The key command p that can be entered for display in top is ranked by CPU usage M: ranked by memory usage N: ranked by PID t: accumulate the ranking K by the CPU time used by the process: Give a PID a signal R: Give a PID a new nice value Q: Exit
zhouyl@ubuntu:~$ toptop - 10:44:15 up 2:24, 6 users, load average: 2.09, 2.70, 2.98Tasks: 209 total, 3 running, 206 sleeping, 0 stopped, 0 zombieCpu(s): 29.9%us, 17.4%sy, 0.0%ni, 52.4%id, 0.0%wa, 0.0%hi, 0.3%si, 0.0%stMem: 5046272k total, 4752156k used, 294116k free, 1291300k buffersSwap: 262140k total, 16k used, 262124k free, 1516100k cached PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 2813 zhouyl 20 0 1269m 200m 41m R 28 4.1 33:49.24 compiz 1478 root 20 0 247m 130m 18m S 18 2.6 25:49.51 Xorg 3972 zhouyl 20 0 1707m 71m 35m S 10 1.5 14:19.49 vlc 3218 zhouyl 20 0 806m 158m 49m S 6 3.2 16:19.85 chrome 3607 zhouyl 20 0 985m 130m 27m S 6 2.6 2:05.07 chrome
There are six lines
The first line indicates the current time, the system boot time to the current time, and the number of login users. Server Load balancer means that the system runs several processes on average within 1, 5, and 15 minutes. The smaller the number of processes, the more idle the system is. If the number is higher than 1, pay attention to whether your system is too complicated.
The second line indicates the total number of processes running in the system and their respective running statuses. Note that zombie is generally 0. If it is another number, pay attention to it, the process is a zombie process.
Row 3: indicates the current overall CPU load. Pay special attention to % wa. This option indicates I/owait, generally, your system slows down because I/O causes a large problem. If you are a multi-core device, you can switch to 1 to view different CPU loads.
The following figure shows the CPU usage information and meanings of each value in the top command:
CPU (s): 29.9% us, 17.4% Sy, 0.0% Ni, 52.4% ID, 0.0% wa, 0.0% hi, 0.3% Si, 0.0% St
US: User time: the time when the CPU executes the user process, including the nices time. Generally, the higher the CPU usage, the better.
Sy: System Time: indicates the CPU running time in the kernel, including IRQ and softirq. A high CPU usage indicates a bottleneck in a part of the system. The lower the value, the better.
Ni: Nice time nice time: the time the system takes to adjust the process priority.
ID: idle time (idle time): The system is in the idle period, waiting for the process to run.
Wa: Waiting Time (Waiting Time): The time that CPI spends waiting for the completion of the I/O operation. The System Department should spend a lot of time waiting for I/O operations. Otherwise, it indicates that I/O has a bottleneck.
Hi: Hard IRQ time (hard IRQ Time): the amount of time the system takes to process hard interruptions.
Si: softirq time: the amount of time the system takes to process Soft Interrupt.
St: Steal time loss time (steal time): the time when the virtual CPU is forced to wait (involuntary wait). At this time, the hypervisor is serving another virtual processor.
Line 4 and Line 5: physical memory and virtual memory usage. The lower the usage of swap, the better. If swap usage is high, the physical memory is insufficient.
Row 6 and below:
PID: process ID
User: the user to which the process belongs.
PR: Abbreviation of priority. The priority of a process. The smaller the value, the higher the priority.
Ni: the abbreviation of Nice, which is related to priority. The smaller the value, the higher the priority.
% CPU: CPU usage
% Mem: memory usage
Time +: The sum of CPU usage time
It is worth noting that H or? Is input in top ?, Show Help
3. view the process Tree Command: pstree
Pstree Command Format
Pstree [-A | u] [-Up]-A: connections between processes are connected using ASCII characters-u: connections between processes are connected using utf8 characters-P: PID-u: the account name zhouyl @ Ubuntu: ~ of each process is also listed :~ $ Pstree-aupinit (1)-+-NetworkManager (1344)-+-dhclient (1707) |-dnsmasq (2560, nobody) |-dnsmasq (2645, nobody) |-{NetworkManager} (1374) | '-{NetworkManager} (1708) |-accounts-daemon (2184) --- {accounts-daemon} (2185) |-acpid (1417) |-ATD (1429, Daemon) |-avahi-daemon (1331, avahi) --- avahi-daemon (1332) |-bamfdaemon (2892, zhouyl) --- {bamfdaemon} (2896) |-faster THD (1319) |-chrome (3218, zhouyl)-+-chrome (3313) |-chrome (3690) -+-{chrome} (3693) |-{chrome} (3694) | '-{chrome} (3695) |-chrome (3718) -+-{chrome} (3719) |-{chrome} (3720) | '-{chrome} (3721)