Linux Command summary for viewing system process information (PS/top/pstree)

Linux Process view system process information Commands include: static process view command (PS), dynamic process view command (top), and view process Tree Command (pstree ), these processes are described as follows:

1. view the PS of a static process

Ps command format: PS-Aux

PS-La view all system data

PS axjf connects to some process tree statuses

-A: Like-E, the table lists all processes.

-A: processes not related to Terminal

-U: processes related to valid users

X: usually used together with the parameter. Complete information can be listed.

Output Format: L: list the PID information carefully.

J: working format

-F: make a more complete output.

PS-L: only view bash-related processes

zhouyl@ubuntu:~$ ps -lF S   UID   PID  PPID  C PRI  NI ADDR SZ WCHAN  TTY          TIME CMD0 S  1000 20257 20248  0  80   0 -  6067 wait   pts/7    00:00:00 bash0 R  1000 21392 20257  0  80   0 -  2466 -      pts/7    00:00:00 ps

F: Process flag

4: The permission is root.

1: indicates that the task can only be copied and cannot be executed.

S: indicates the state of the process (STAT)

R: running indicates that the instance is running.

S: Sleep indicates sleep, but can be awakened

D: It indicates a sleep state and cannot be awakened. Generally, this process may be waiting for I/O.

T: Stop indicates stopping, for example, pausing background work or error processes.

Z: Zombie process. The process has been terminated but cannot be put out of memory.

UID/Pid/ppid: indicates the user's UID/PID Number of the Process/PID Number of the parent PROCESS OF THE PROCESS

C: CPU usage, in percentage

PRI/Ni: indicates the CPU execution priority of the process. The smaller the number, the higher the priority.

ADDR: the part that supports the process in the memory. If the process is running, it indicates "-".

SZ: Memory occupied by the Process

Wchan: indicates whether the process is running. if the process is running, it indicates "-".

TTY: indicates the login terminal. If it is a remote login, it indicates pts/h.

Time: indicates the CPU usage time of the process.

CMD: Command, which indicates the process started by the command.

The following describes how to view all processes in the PS-Aux system.

zhouyl@ubuntu:~$ ps auxUSER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMANDroot         1  0.0  0.0  24564  2444 ?        Ss   08:19   0:00 /sbin/initroot         2  0.0  0.0      0     0 ?        S    08:19   0:00 [kthreadd]root         3  0.0  0.0      0     0 ?        S    08:19   0:04 [ksoftirqd/0]

User: indicates the user to which the process belongs.

PID: PID of the process

% CPU: indicates the CPU usage of the process.

% Mem: indicates the physical memory usage of the process.

Vsz: indicates the amount of virtual memory occupied by the process.

RSS: indicates the amount of fixed memory occupied by the process.

TTY: indicates the login port.

Stat: Same as the process state described above (R/S/D/T/Z process)

Start: the start time of the process.

Time: indicates the CPU usage time of the process.

Command: The command that triggers the process.

Botnets

Generally, the cause of a botnet process is that the process should have been completed or terminated for some reason, but the parent process of the process cannot completely end the process, the process is always in the memory. If you find that the CMD of a process is followed by <defunct>, it indicates that the process is a zombie process. For example:

1 2598 2598 2598? -1 ss 0 0: 00/usr/sbin/hcid <defunct>

When the system is unstable, the so-called zombie process may be caused by poor program writing or improper user operations. If there are many zombie processes in the system, remember to find out the parent process and follow up to optimize the host environment. If not, only reboot is available.

 

Ii. Dynamic Processes: Top

TOP Command Format

Top [-d |-BNP Paribas]-D: indicates the interface refresh time, in seconds. The default value is 5 seconds-B: Top in batches, there are more parameters that can usually be used with data redirection. The batch processing result is output to the file-N: With-B, how many times do I need to output the result-P: view the direct process, followed by the process number? : The key command p that can be entered for display in top is ranked by CPU usage M: ranked by memory usage N: ranked by PID t: accumulate the ranking K by the CPU time used by the process: Give a PID a signal R: Give a PID a new nice value Q: Exit

zhouyl@ubuntu:~$ toptop - 10:44:15 up  2:24,  6 users,  load average: 2.09, 2.70, 2.98Tasks: 209 total,   3 running, 206 sleeping,   0 stopped,   0 zombieCpu(s): 29.9%us, 17.4%sy,  0.0%ni, 52.4%id,  0.0%wa,  0.0%hi,  0.3%si,  0.0%stMem:   5046272k total,  4752156k used,   294116k free,  1291300k buffersSwap:   262140k total,       16k used,   262124k free,  1516100k cached  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND                                                                                           2813 zhouyl    20   0 1269m 200m  41m R   28  4.1  33:49.24 compiz                                                                                            1478 root      20   0  247m 130m  18m S   18  2.6  25:49.51 Xorg                                                                                              3972 zhouyl    20   0 1707m  71m  35m S   10  1.5  14:19.49 vlc                                                                                               3218 zhouyl    20   0  806m 158m  49m S    6  3.2  16:19.85 chrome                                                                                            3607 zhouyl    20   0  985m 130m  27m S    6  2.6   2:05.07 chrome 

There are six lines

The first line indicates the current time, the system boot time to the current time, and the number of login users. Server Load balancer means that the system runs several processes on average within 1, 5, and 15 minutes. The smaller the number of processes, the more idle the system is. If the number is higher than 1, pay attention to whether your system is too complicated.

The second line indicates the total number of processes running in the system and their respective running statuses. Note that zombie is generally 0. If it is another number, pay attention to it, the process is a zombie process.

Row 3: indicates the current overall CPU load. Pay special attention to % wa. This option indicates I/owait, generally, your system slows down because I/O causes a large problem. If you are a multi-core device, you can switch to 1 to view different CPU loads.

The following figure shows the CPU usage information and meanings of each value in the top command:

CPU (s): 29.9% us, 17.4% Sy, 0.0% Ni, 52.4% ID, 0.0% wa, 0.0% hi, 0.3% Si, 0.0% St
US: User time: the time when the CPU executes the user process, including the nices time. Generally, the higher the CPU usage, the better.
Sy: System Time: indicates the CPU running time in the kernel, including IRQ and softirq. A high CPU usage indicates a bottleneck in a part of the system. The lower the value, the better.
Ni: Nice time nice time: the time the system takes to adjust the process priority.
ID: idle time (idle time): The system is in the idle period, waiting for the process to run.
Wa: Waiting Time (Waiting Time): The time that CPI spends waiting for the completion of the I/O operation. The System Department should spend a lot of time waiting for I/O operations. Otherwise, it indicates that I/O has a bottleneck.
Hi: Hard IRQ time (hard IRQ Time): the amount of time the system takes to process hard interruptions.
Si: softirq time: the amount of time the system takes to process Soft Interrupt.
St: Steal time loss time (steal time): the time when the virtual CPU is forced to wait (involuntary wait). At this time, the hypervisor is serving another virtual processor.

Line 4 and Line 5: physical memory and virtual memory usage. The lower the usage of swap, the better. If swap usage is high, the physical memory is insufficient.

Row 6 and below:

PID: process ID

User: the user to which the process belongs.

PR: Abbreviation of priority. The priority of a process. The smaller the value, the higher the priority.

Ni: the abbreviation of Nice, which is related to priority. The smaller the value, the higher the priority.

% CPU: CPU usage

% Mem: memory usage

Time +: The sum of CPU usage time

It is worth noting that H or? Is input in top ?, Show Help

 

3. view the process Tree Command: pstree

Pstree Command Format

Pstree [-A | u] [-Up]-A: connections between processes are connected using ASCII characters-u: connections between processes are connected using utf8 characters-P: PID-u: the account name zhouyl @ Ubuntu: ~ of each process is also listed :~ $ Pstree-aupinit (1)-+-NetworkManager (1344)-+-dhclient (1707) |-dnsmasq (2560, nobody) |-dnsmasq (2645, nobody) |-{NetworkManager} (1374) | '-{NetworkManager} (1708) |-accounts-daemon (2184) --- {accounts-daemon} (2185) |-acpid (1417) |-ATD (1429, Daemon) |-avahi-daemon (1331, avahi) --- avahi-daemon (1332) |-bamfdaemon (2892, zhouyl) --- {bamfdaemon} (2896) |-faster THD (1319) |-chrome (3218, zhouyl)-+-chrome (3313) |-chrome (3690) -+-{chrome} (3693) |-{chrome} (3694) | '-{chrome} (3695) |-chrome (3718) -+-{chrome} (3719) |-{chrome} (3720) | '-{chrome} (3721)