PS
PS Parameters
[[Email protected] ~]# PS aux <== Observation System all program data [[email protected] ~]# Ps-la <== is also able to observe the system data [email Protected] ~]# PS AXJF <== together with some program tree state options and Parameters:-a : All processes are shown with the same utility as-e;-a : all process not related to terminal;-u
: Effective user (effective user)-related process; X : Typically used with the A parameter to list more complete information. Output format planning: L : A longer, more detailed list of information about the PID; J : Working format (jobs format)-F : Make a more complete output.
Brother Bird personally think PS this command man page is not very good to consult, because many different Unix use this PS to check the state of the program, in order to meet the needs of different versions, so this man page is very large! Therefore, usually bird brother will suggest you, directly back two compare different options, one is only to check their own bash program "Ps-l" one is can check all the system running program "PS aux"! Note that you are not mistaken, "PS aux" does not have that minus sign (-)! Let's take a look at the state of your bash program:
just watch your bash related programs: Ps-l
Example one: the PID and related information currently belonging to your own login is listed (only related to their bash) [[email protected] ~]# ps-lf S UID pid PPID C PRI NI A DDR SZ Wchan TTY time CMD4 S 0 13639 13637 0 0- 1287 wait pts/1 00:00:00 Bash4 R 0 13700 13639 0 0- 1101- pts/1 00:00:00 PS
The whole system is running a lot of programs, but if you use Ps-l to list only the programs that are related to your operating environment (bash), the top-level parent program will be your own bash and not extend to the INIT program! So what are the data ps-l show? Let's look at it:
- F: Represents this program flag (process Flags), which describes the summary permissions of the program, common numbers are:
- If 4 indicates that the permission for this program is root;
- A 1 indicates that this subroutine is only replicating (fork) and not actually running (exec).
- S: Represents the status of this program (STAT), the main state is:
- R (Running): The program is running;
- S (Sleep): The program is currently in sleep State (idle) but can be awakened (signal).
- D: Sleep state that cannot be awakened, usually this program may be waiting for I/O (ex> print)
- T: Stop state (stop), which may be in the work control (background pause) or the traced State;
- Z (Zombie): Zombie status, the program has been terminated but cannot be removed to memory.
- Uid/pid/ppid: Represents "This program is owned by the UID/program PID number/PID number of this program's parent program"
- C: Represents CPU utilization, in percent;
- The pri/ni:priority/nice abbreviation, which represents the priority order that the program is run by the CPU, the smaller the value, the faster the program is run by the CPU. The detailed PRI and NI will be explained in the next section.
- Addr/sz/wchan: All memory-related, ADDR is kernel function, indicating which part of the program, if it is a running program, will generally show "-"/SZ represents how much memory the program uses/Wchan indicates whether the program is currently running , similarly, if-indicates that it is running.
- TTY: The terminal location of the lander, if the remote login uses the dynamic termination interface (pts/n);
- Time: Use off the CPU, note that this program actually spends the CPU time, not the system time;
- CMD: is the abbreviation of command, which causes the order of the triggering procedure of this program.
So what you see in the ps-l output is that "bash's program belongs to the user with the UID of 0, the state is sleep, and the reason for it is sleep because he triggered the PS (state is run)." The PID of this program is 13639, the priority run order is 75, the terminal interface obtained by the release bash is PTS/1, and the running state is waiting (wait). "Is that clear enough?" What do you mean by trying to parse what the PS line represents?
Observing System All Programs: PS aux
Example two: List all currently in-memory programs: [[email protected] ~]# PS auxuser PID%cpu%MEM VSZ RSS TTY STAT START time Commandroot 1 0.0 0.0 2064 616? Ss Mar11 0:01 init [5]root 2 0.0 0.0 0 0? s< Mar11 0:00 [migration/0]root 3 0.0 0.0 0 0? SN Mar11 0:00 [ksoftirqd/0] ..... (omitted in middle) ... root 13639 0.0 0.2 5148 1508 pts/1 Ss 11:44 0:00-bashroot 14232 0.0 0.1 4452 876 pts/1 r+ 15:52 0:00 PS auxroot 18593 0.0 0.0 2240 476? Ss Mar14 0:00/usr/sbin/atd
You will find that ps-l and PS aux display the same items! In the PS aux display project, the meaning of each field is:
- User: Does the process belong to that user account?
- PID: The program identification code for the process.
- %CPU: The percentage of CPU resources that the process uses off;
- %MEM: The percentage of physical memory occupied by the process;
- VSZ: The amount of virtual memory that the process uses (Kbytes)
- RSS: The amount of fixed memory that the process occupies (Kbytes)
- TTY: The process is running on that terminal, if it is not related to the terminal, display?, in addition, TTY1-TTY6 is the user above the lander program, if it is pts/0 and so on, it is represented by the network into the host computer program.
- STAT: The current state of the program, showing the same status as the Ps-l S flag (r/s/t/z)
- Start: The time at which the process is triggered to start;
- Time: The process actually uses the CPU runtime.
- Command: What is the actual command for the program?
In general, PS aux will be in accordance with the PID order to sort the display, we still use the 13639 pid that line to explain! The meaning of the line is "root runs a bash PID of 13639, consumes 0.2% of the memory capacity percentage, the status is sleep (S), the program starts at 11:44, and the terminal environment is PTS/1." "With PS aux see is actually the same program!" Does that make sense? Let's continue to use PS to look at other information!
Example three: Show All Programs in sample one: [[email protected] ~]# Ps-laf S UID PID PPID C PRI NI ADDR SZ Wchan TTY Time CMD4 S 0 1 0 0 0- 435- ? 00:00:01 init1 S 0 2 1 0 94 - 0 ksofti? 00:00:00 ksoftirqd/01 S 0 3 1 0 -5- 0 worker? 00:00:00 events/0 .... (omitted below) .... # you will find that each field is the same as the output of the ps-l, but the program that is displayed includes all the programs in the system. Example four: List programs similar to program tree display: [[email protected] ~]# PS axjf PPID PID pgid SID TTY tpgid STAT UID Time COMMAND 0 1 1 1? -1 Ss 0 0:01 init [5] ..... (omitted in the middle) ..... 1 4586 4586 4586? -1 Ss 0 0:00/usr/sbin/sshd 4586 13637 13637 13637? -1 SS 0 0:00 \_ sshd: [email protected]/113637 13639 13639 13639 pts/1 14266 Ss 0 0:00< C59/>\_-bash13639 14266 14266 13639 pts/1 14266 r+ 0 0:00 \_ PS axjf ..... (omitted later) .....
Did you see that? In fact, brother Bird in some tests, are network connection into the host to test, so Luo, you will find in fact there is a correlation between the program! However, in fact, you can use Pstree to achieve this program tree Oh! In the above example, Brother Bird is the network service provided by SSHD to get a program, the program provides bash for me to use, and I go through bash to run PS AXJF! So you can see it, okay? The meaning of the other fields please man PS (although it is really difficult for man to come out!) Solomon
Example five: Find out the PID numbers related to cron and syslog services? [[Email protected] ~]# PS aux | Egrep ' (cron|syslog) ' root 4286 0.0 0.0 1720 572 ? Ss Mar11 0:00 syslogd-m 0root 4661 0.0 0.1 5500 1192? Ss Mar11 0:00 crondroot 14286 0.0 0.0 4116 592 pts/1 r+ 16:15 0:00 Egrep (cron|syslog) # So the number is 4286 and 4661 of these two Luo! That's what you're looking for!
Besides, what we have to know is what is a "zombie (zombie)" program? Usually, the cause of the zombie program is because the program should have been completed, or should be terminated, but the program's parent program can not complete the program to end, and that the program has been in memory. If you find that after a program's CMD is still connected to <defunct>, it means that the program is a zombie program, for example:
Apache 8683 0.0 0.9 83384 9992? Z 14:33 0:00/usr/sbin/httpd <defunct>
When the system is unstable, it is easy to cause the so-called Zombie program, may be because the program is not written well, or the user's operating habits and so on caused by bad. If you find a lot of zombie programs in the system, remember! To find out the program's parent program, and then do a good job of tracking, good host environment optimization Ah! See what needs to be improved, don't just kill him directly! Otherwise, if he had been produced, it would have been troublesome! @[email protected]
In fact, usually zombie programs are not control, and directly to the init of this program to be responsible, but Init is the first system running program, he is the parent program of all Programs! We can't kill the program (kill him, the system dies!) , so Luo, if a zombie program, and the system after a while there is no way through the core non-recurrent special processing to remove the program, then you have to reboot the way to erase the program!
Pstree
[[email protected] ~]# Pstree [-a| U] [-up] options and Parameters:-A: The connection between each program tree is connected in ASCII bytes;-u: The connection between each program tree is connected in the byte of a universal code. There may be errors under certain terminal interfaces,-P: And also list the pid;-u for each process: and also list the account name of each process. Example one: List the dependencies of all the program trees on the current system: [[email protected] ~]# pstree-ainit-+-acpid |-atd |-auditd-+-audispd---{audispd} < = = This line is AUDITD with the bottom line for the sub-program | '-{AUDITD} |-automount---4*[{automount}] <== by default, similar programs are displayed numerically .... (omitted in the middle) .... | -SSHD---sshd---bash---pstree <== is the dependency of our command run! .... (omitted below) .... # Note that in order to save the layout, so Bird has deleted many programs! Example two: Bear the title, at the same time show the PID and users [[email protected] ~]# pstree-aupinit (1)-+-acpid (4555) |-atd (18593) |-AUDITD ( 4256)-+-audispd (4258)---{audispd} (4261) | '-{AUDITD} (4257) |-automount (4536)-+-{automount} (4537) <== program similar but PID is different! | |-{automount} (4538) | |-{automount} (4541) | '-{automount} (4544) .... (omitted in the middle) .... | -SSHD (4586)---sshd (16903)---bash (16905)---pstree (16967).... (omitted in the middle) .... | -XFS (4692,XFS) <== because this program owner is not running Pstree! So list accounts .... (omitted below) .... # in parentheses () the PID and the owner of the program! However, because I am running this command with # root, the program that is rooted is not displayed!
If you want to find the correlation between the program, this pstree really good to not! Direct input Pstree can find program dependencies, as shown in the table above, and also use line segments to link the correlation program! The general link symbol can use ASCII code, but sometimes because the language problem will be actively linked with the Unicode symbol, but because the terminal may not support the encoding, may cause garbled problems. It is therefore possible to add A-A option to overcome this type of segment garbled problem.
Output by Pstree We can also know very well that all the programs are attached to the INIT program! Look carefully, the PID of this program is a number Oh! Because he is the first program that is called by the Linux core actively! So the PID is a number. This is also mentioned in the zombie program we just mentioned, why does the zombie program need to be restarted? Because Init is restarting, and restarting Init is reboot!
If you also want to know the PID and the user, plus-u and-P two parameters can be. We didn't always mention, how do I find the parent program if the subroutine hangs or the subroutine is always cut off? Oh! Use this pstree to be right! ^_^
signal of the process
The program can be controlled with each other! For example, you can shut down, restart the server software, the server software itself is a program, since you can let her shut down or start, of course, you can control the program! So how does the program manage each other? In fact, by giving the program a signal (signal) to tell the program what you want her to do! So this signal is very important!
To give certain actions to a work that already exists in the background, give a signal directly to the work number. So how many signal are there? You can use the kill-l (lowercase l) or the man 7 signal can be queried! The main signal code and name corresponding and the content is:
code |
name |
content |
1 |
sighup |
launches the terminated program, allowing the PID to reread its profile, similar to restarting |
2 |
sigint |
equivalent to keyboard input [ctrl]-c to interrupt a program |
9 |
sigkill |
means that a program is forced to break, and if the program is halfway through, the unfinished portion may have a "half product" generated , like Vim will have. FILENAME.SWP to keep it down. |
15 |
sigterm |
terminates the program with the normal end program. Because it is normal to terminate, so the subsequent action will be completed by him. However, if the program already has a problem, it is not possible to use the normal method of termination, the input of this signal is also useless. |
17 |
sigstop |
rather than using keyboard input [ctrl]-z to pause a program /td> |
The above is only a common signal, more signal information please yourself Man 7 signal it! In general, you just have to remember the meaning of the three numbers "1, 9, 15". So how do we send a signal to a program? Go through kill or Killall!
Kill
Kill can help us transfer this signal to a job (%jobnumber) or to a PID (directly entering a number). To re-emphasize is: kill after the direct addition of numbers and add%number case is different! This is important! Because the work control has 1th work, but PID 1th is specifically "init" this program! How can you turn off init? Shut down INIT and your system will be gone! So remember that percent is specifically used in the work of control Oh!
Using PS to find the PID of this program, and then use kill to transmit information, so that the syslog can re-read the configuration file.
Since the configuration file needs to be re-read, signal is number 1th. To find out the PID of a syslog can be done: PS aux | grep ' syslog ' | Grep-v ' grep ' | awk ' {print $} ' is followed by the actual use of the Kill-1 PID, so the whole sequence of commands would be this: Kill-sighup $ (ps aux|grep ' syslog ' |grep-v ' grep ' |awk ' {print $} ') if If you have restarted the syslog, you can refer to the contents of the login file, using the following command: Tail-5/var/log/messages If you see a word like "Mar 15:08:20 www syslogd 1.4.1:restart", It means that SYSLOGD has restarted in 3/19 (restart)!
After understanding this usage, if in the future you want to remove the connection of an inexplicable lander, you can find the relevant program by using PSTREE-P, and then delete the program with kill-9, the line will be kicked off! That's easy!
Killall
Because the PID (or job number) must be added after kill, usually kill will match the PS, Pstree and other commands, because we must find the corresponding ID of the program! But, in this way, is it troublesome to use the "name of the issuing order" to give a signal? For example, can the Syslog program be given a SIGHUP signal directly? OK! Use Killall!
[[email protected] ~]# killall [-iie] [command name] options and Parameters:-I : interactive meaning, interactive, if need to delete, will appear prompt bytes to the user;-e : exact means "command name to follow", but the entire complete command cannot exceed 15 bytes. -I: the command name (possibly with parameters) ignores case. Example one: Give syslogd this command to start the PID of a SIGHUP signal [[email protected] ~]# KILLALL-1 syslogd# If you take a closer look at PS aux, syslogd is the full command name. But if the entire parameter is included, # then SYSLOGD-M 0 is complete! Example two: Force termination of all programs initiated with httpd [[email protected] ~]# killall-9 httpd example three: Ask each bash program in turn to see if it needs to be terminated! [Email protected] ~]# killall-i-9 Bashkill bash (16905)? (y/n) N <== this does not kill! Kill Bash (17351)? (y/n) y <== this kill! # with interactive features! You can ask if you want to remove the bash program. Note that if you do not have the-i parameter, all bash will be killed by this root! Including the root of his own bash Oh! ^_^
In short, to remove a program, we can use the PID or the command name to start the program, and if you want to delete a service? Oh! The simplest way to do this is to use killall, because he can remove all programs that start with a command name in the system. For example, in example two above, all the programs in the system that start with HTTPD will be deleted!
pidof
[[email protected] ~]# pidof [-SX] program_name options and Parameters:-S : List only one PID and not all pid-x : Also list the program name possible PPID PID Example one: List the current system above Init and syslogd these two programs Pid[[email protected] ~]# pidof init syslogd1 4286# Theoretically, there should be two PID. The above display also appeared two PID. # is the PID of the two programs: Init and SYSLOGD, respectively.
Very simple usage, through this pidof command, and with the PS aux and the formal notation, you can easily find the program content you want it.
Transfer from http://vbird.dic.ksu.edu.tw/linux_basic/0440processcontrol_3.php
Common program management commands [GO]