Common parameters: a displays all processes of all users (including other users), u displays processes by user name and start time, and x displays processes of uncontrolled terminals; e. display all processes, including uncontrolled processes; f. display processes in tree format; l. output in long format; w... news & nbsp;
Common parameters:
A. display all processes of all users (including other users );
U displays processes in the username and start time order;
X displays the process of the uncontrolled terminal;
E. display all processes, including those without control;
F process is displayed in a tree format;
L long format output;
W to avoid the truncation of detailed parameters, you can use multiple w to display them completely (for example, ww or www );
O options to be viewed
Commonly used is the aux ef
The following describes the ps output parameters.
Owner of the USER process;
PID process ID;
PPID parent process;
% Percentage of CPU used by CPU processes;
% MEM memory usage percentage;
NICE value of the NI process, that is, the priority value of the process (-20 ~ 19). the greater the value, the lower the priority;
Virtual size of VSZ process;
Number of RS resident pages;
TTY terminal ID. The question mark indicates that there is no end, that is, the system itself.
STAT process status
D Uninterruptible sleep (usually IO)
R is running and can be crossed in the queue;
S is in sleep state;
T stop or be tracked;
W enters the memory switch (it is invalid from kernel 2.6 );
X dead processes (never seen );
Z botnets;
<Process with high priority
N processes with lower priority
L Some pages are locked into the memory;
S process leader (with sub-processes under it );
L is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)
+ Process Group in the background;
WCHAN is waiting for process resources;
The START time of the process;
TIME the cpu time consumed by the process;
COMMAND name and parameters;
Ps application example
Ps aux | more
Because ps aux shows too much content, you can connect to the MPs queue to view it by page or generate a file based on the result.
Pa aux> ps. file
Queries the process of a program.
Ps aux | grep httpd
For example
[Root @ yufei ~] # Ps aux | grep httpd
Root 1470 0.0 4.1 281892 10220? Ss/usr/sbin/httpd
Apache 1494 0.0 2.2 281892 5548? S/usr/sbin/httpd
Apache 1495 0.0 2.2 281892 5548? S/usr/sbin/httpd
Apache 1496 0.0 2.2 281892 5548? S/usr/sbin/httpd
Apache 1497 0.0 2.2 281892 5548? S/usr/sbin/httpd
Apache 1498 0.0 2.2 281892 5548? S/usr/sbin/httpd
Apache 1499 0.0 2.2 281892 5548? S/usr/sbin/httpd
Apache 1500 0.0 2.2 281892 5548? S/usr/sbin/httpd
Apache 1501 0.0 2.2 281892 5548? S/usr/sbin/httpd
Root 1613 0.0 0.3 103232 872 pts/0 S + grep httpd
Displays the process tree of a program.
Ps auxf | grep httpd
The following is an example
[Root @ yufei ~] # Ps auxf | grep httpd
Root 1615 0.0 0.3 103228 864 pts/0 S + \ _ grep httpd
Root 1470 0.0 4.1 281892 10220? Ss/usr/sbin/httpd
Apache 1494 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd
Apache 1495 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd
Apache 1496 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd
Apache 1497 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd
Apache 1498 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd
Apache 1499 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd
Apache 1500 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd
Apache 1501 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd
From the above results, we can clearly see that all apache processes are caused by/usr/sbin/httpd, so if you stop them, other processes are automatically stopped.
[Root @ yufei ~] # Killed 1470
[Root @ yufei ~] # Ps auxf | grep httpd
Root 1617 0.0 0.3 103228 864 pts/0 S + \ _ grep httpd
We found that the httpd process is gone.
Display certain process options
Ps axo pid, % cpu, % mem, comm | grep httpd
Start httpd first
[Root @ yufei ~] # Service httpd start
Starting httpd: [OK]
The following describes some options for a process.
[Root @ yufei ~] # Ps axo pid, % cpu, % mem, comm | grep httpd
1628 0.0 httpd
1630 0.0 httpd
1631 0.0 httpd
1632 0.0 httpd
1633 0.0 httpd
1634 0.0 httpd
1635 0.0 httpd
1636 0.0 httpd
1637 0.0 httpd
Is it very convenient and practical!
Here, we also need to know what a zombie process is. Generally, the cause of a botnet process is that the process should have been completed or terminated for some reason, but the parent process of the process cannot completely end the process, the process is always in memory. If you find that the command is followed by the CMD command of a process The process is a zombie process. When the system is unstable, it is easy to cause so-called zombie processes. It may also be caused by incomplete program writing or poor user operation habits. If you find many zombie processes in the system, remember to find the parent process of the process, and then perform a tracking to eliminate the problem!
From Yufei blog