One day, learn about RHEL6 system process management in Linux. Process 2: observe ps commands.

Common parameters: a displays all processes of all users (including other users), u displays processes by user name and start time, and x displays processes of uncontrolled terminals; e. display all processes, including uncontrolled processes; f. display processes in tree format; l. output in long format; w... news & nbsp;

 

Common parameters:

A. display all processes of all users (including other users );

U displays processes in the username and start time order;

X displays the process of the uncontrolled terminal;

 

E. display all processes, including those without control;

F process is displayed in a tree format;

 

L long format output;

W to avoid the truncation of detailed parameters, you can use multiple w to display them completely (for example, ww or www );

 

O options to be viewed

 

 

Commonly used is the aux ef

 

The following describes the ps output parameters.

 

Owner of the USER process;

PID process ID;

PPID parent process;

% Percentage of CPU used by CPU processes;

% MEM memory usage percentage;

NICE value of the NI process, that is, the priority value of the process (-20 ~ 19). the greater the value, the lower the priority;

Virtual size of VSZ process;

Number of RS resident pages;

TTY terminal ID. The question mark indicates that there is no end, that is, the system itself.

STAT process status

D Uninterruptible sleep (usually IO)

R is running and can be crossed in the queue;

S is in sleep state;

T stop or be tracked;

W enters the memory switch (it is invalid from kernel 2.6 );

X dead processes (never seen );

Z botnets;

<Process with high priority

N processes with lower priority

L Some pages are locked into the memory;

S process leader (with sub-processes under it );

L is multi-threaded (using CLONE_THREAD, like NPTL pthreads do)

+ Process Group in the background;

WCHAN is waiting for process resources;

The START time of the process;

TIME the cpu time consumed by the process;

COMMAND name and parameters;

Ps application example

 

Ps aux | more

Because ps aux shows too much content, you can connect to the MPs queue to view it by page or generate a file based on the result.

 

Pa aux> ps. file

Queries the process of a program.

Ps aux | grep httpd

For example

 

[Root @ yufei ~] # Ps aux | grep httpd

Root 1470 0.0 4.1 281892 10220? Ss/usr/sbin/httpd

Apache 1494 0.0 2.2 281892 5548? S/usr/sbin/httpd

Apache 1495 0.0 2.2 281892 5548? S/usr/sbin/httpd

Apache 1496 0.0 2.2 281892 5548? S/usr/sbin/httpd

Apache 1497 0.0 2.2 281892 5548? S/usr/sbin/httpd

Apache 1498 0.0 2.2 281892 5548? S/usr/sbin/httpd

Apache 1499 0.0 2.2 281892 5548? S/usr/sbin/httpd

Apache 1500 0.0 2.2 281892 5548? S/usr/sbin/httpd

Apache 1501 0.0 2.2 281892 5548? S/usr/sbin/httpd

Root 1613 0.0 0.3 103232 872 pts/0 S + grep httpd

Displays the process tree of a program.

 

Ps auxf | grep httpd

The following is an example

[Root @ yufei ~] # Ps auxf | grep httpd

Root 1615 0.0 0.3 103228 864 pts/0 S + \ _ grep httpd

Root 1470 0.0 4.1 281892 10220? Ss/usr/sbin/httpd

Apache 1494 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd

Apache 1495 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd

Apache 1496 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd

Apache 1497 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd

Apache 1498 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd

Apache 1499 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd

Apache 1500 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd

Apache 1501 0.0 2.2 281892 5548? S \ _/usr/sbin/httpd

From the above results, we can clearly see that all apache processes are caused by/usr/sbin/httpd, so if you stop them, other processes are automatically stopped.

 

[Root @ yufei ~] # Killed 1470

[Root @ yufei ~] # Ps auxf | grep httpd

Root 1617 0.0 0.3 103228 864 pts/0 S + \ _ grep httpd

We found that the httpd process is gone.

 

Display certain process options

 

Ps axo pid, % cpu, % mem, comm | grep httpd

Start httpd first

 

[Root @ yufei ~] # Service httpd start

Starting httpd: [OK]

The following describes some options for a process.

 

[Root @ yufei ~] # Ps axo pid, % cpu, % mem, comm | grep httpd

1628 0.0 httpd

1630 0.0 httpd

1631 0.0 httpd

1632 0.0 httpd

1633 0.0 httpd

1634 0.0 httpd

1635 0.0 httpd

1636 0.0 httpd

1637 0.0 httpd

Is it very convenient and practical!

 

Here, we also need to know what a zombie process is. Generally, the cause of a botnet process is that the process should have been completed or terminated for some reason, but the parent process of the process cannot completely end the process, the process is always in memory. If you find that the command is followed by the CMD command of a process The process is a zombie process. When the system is unstable, it is easy to cause so-called zombie processes. It may also be caused by incomplete program writing or poor user operation habits. If you find many zombie processes in the system, remember to find the parent process of the process, and then perform a tracking to eliminate the problem!

From Yufei blog