1. Process Monitoring command (ps ):
To monitor and control processes, you must first understand the current process, that is, you need to view the current process, and the ps command is the most basic and very powerful process viewing command. You can use this command to determine which processes are running and running, whether the process is terminated, whether the process is dead, and which processes are occupying excessive resources. In short, most of the information can be obtained by executing this command.
Ps commands have many command line options and parameters. However, we usually only use the following two methods:
Option a shows all processes on the terminal, including those of other users. U displays the program status in user-based format. X shows all programs, which are not distinguished by terminals. -E: displays all processes. O and then specify the columns to be output, such as user and pid. Multiple columns are separated by commas. -P is followed by a list of pid IDs separated by commas. This command will only output the relevant data of these PIDs.
/> Ps aux
Root 1 0.0 0.1 2828 1400? Ss/sbin/init
Root 2 0.0 0.0 0 0? S [kthreadd]
Root 3 0.0 0.0 0 0? S [migration/0]
......
/> Ps-eo user, pid, % cpu, % mem, start, time, command | head-n 4
User pid % CPU % MEM STARTED TIME COMMAND
Root 1 0.0 0.1 09:51:08/sbin/init
Root 2 0.0 0.0 09:51:08 00:00:00 [kthreadd]
Root 3 0.0 0.0 09:51:08 [migration/0]
It should be noted that there are many parameters related to process performance in ps, which are displayed as columns in the output table, here we only provide several frequently used parameters. For more parameters, we need to go to the ps man manual based on the actual situation of our application.
# Display the data of processes whose pid is 1 (init) in the complete format
/> Ps-fp 1
UID PID PPID C STIME TTY TIME CMD
Root 1 0 0 05:16? 00:00:03/sbin/init
2. commands for changing the process priority (nice and renice ):
The most common usage of this Shell command is nice [-n <priority level>] [Execute Command]. The priority level ranges from-20 to 19, and-20 is the highest, 19 is the lowest. Only the system administrator can set a negative number.
# Run sleep in the background for 100 seconds and set its nice value to 19 at startup
/> Nice-n 19 sleep 100 &
[1] 4661
# Run sleep in the background for 100 seconds and set its nice value to-19 at startup.
/> Nice-n-19 sleep 100 &
[2] 4664
# Follow the two lines highlighted in yellow in the ps-l output. Their NI values are consistent with the set values.
/> Ps-l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
4 S 0 2833 2829 0 80 0-1739-pts/2 00:00:00 bash
0 S 0 4661 2833 0 99 19-1066-pts/2 00:00:00 sleep
4 S 0 4664 2833 0 61-19-1066-pts/2 00:00:00 sleep
4 R 0 4665 2833 1 80 0-1231-pts/2 00:00:00 ps
The renice command is used to reset the nice value for the executed process. The command contains the following common options:
Option description-g uses the program group name to modify the priority of all programs affiliated with the program group. -P changes the priority level of the program. This parameter is a preset value. -U specifies the user name to modify the priority of all programs belonging to the user.
# Switch to the stephen user and execute a background process. Here, the sleep process will sleep for 1000 seconds in the background.
/> Su stephen
/> Sleep 1000 &
[1] 4812
/> Exit# Return to the root user before switchover
# View the started background sleep process. The ni value is 0 and the host user is stephen.
/> Ps-eo user, pid, ni, command | grep stephen
Stephen 4812 0 sleep 1000
Root 4821 0 grep stephen
# Modify the nice value of all processes of a specified user
/> Renice-n 5-u stephen
500: old priority 0, new priority 5
# From the output result of executing ps again, we can see that the nice value of the sleep background process has been adjusted to 5
/> Ps-eo user, pid, ni, command | grep stephen
Stephen 4812 5 sleep 1000
Root 4826 0 grep stephen
# Modify the nice value of a process by specifying the process pid
/> Renice-n 10-p 4812
4812: old priority 5, new priority 10
# Execute ps again. The nice value of the sleep background process has changed from 5 to 10.
/> Ps-eo user, pid, ni, command | grep stephen
Stephen 4812 10 sleep 1000
Root 4829 0 grep stephen
3. List the tools used to open files in the current system (lsof ):
Lsof (list opened files). Its important function is to list files opened in the system,If no options or parameters are specified, lsof lists all files opened by all active processes.. As we all know, everything in linux is a file, such as a device, directory, or sockets. Therefore, using the lsof command is very helpful for daily linux management. The following describes the common options of the command:
Option description-a this option will perform the and operation on the result list selected by the following options. -C command_prefix: displays the files opened by a process starting with command_prefix. -P PID: displays the information of the opened file of the specified PID + d directory searches for the opened file from the folder directory (excluding subdirectories) to list the information of the files opened in this directory. + D directory: searches for (sub-Directories) from the folder directory to list the files opened in the directory. -D num_of_fd matches with the File Descriptor information. 3-10 can be used to indicate the range, and 3 or 10 can indicate some values. -U user: displays the opened files of a user. The user can use a regular expression. -I listens to the specified protocol, port, host, and other network information in the format of [proto] [@ host | addr] [: svc_list | port_list]
# View the process of opening the/dev/null file.
/> Lsof/dev/null | head-n 5
Command pid user fd type device size/OFF NODE NAME
Init 1 root 0u CHR 3671 0t0/dev/null
Init 1 root 1u CHR 3671 0t0/dev/null
Init 1 root 2u CHR 3671 0t0/dev/null
Udevd 397 root 0u CHR 1, 3, 0t0 3671/dev/null
# View the process for enabling port 22
/> Lsof-I: 22
Command pid user fd type device size/OFF NODE NAME
Sshd 1582 root 3u IPv4 11989 0t0 TCP *: ssh (LISTEN)
Sshd 1582 root 4u IPv6 11991 0t0 TCP *: ssh (LISTEN)
Sshd 2829 root 3r IPv4 19635 0t0 TCP bogon: ssh-> bogon: 15264 (ESTABLISHED)
# View files opened by the init process
/> Lsof-c init
Command pid user fd type device size/OFF NODE NAME
Init 1 root cwd DIR 8, 2 4096 2/
Init 1 root rtd DIR 8, 2 4096 2/
Init 1 root txt REG 136068 148567/sbin/init
Init 1 root mem REG 58536 137507/lib/libnss_files-2.12.so
Init 1 root mem REG 122232 186675/lib/libgcc_s-4.4.4-20100726.so.1
Init 1 root mem REG 141492 186436/lib/ld-2.12.so
Init 1 root mem REG 1855584 186631/lib/libc-2.12.so
Init 1 root mem REG 133136 186632/lib/libpthread-2.12.so
Init 1 root mem REG 99020 180422/lib/libinstitutes. so.1.0.0
Init 1 root mem REG 37304 186773/lib/libnih-dbus.so.1.0.0
Init 1 root mem REG 41728 186633/lib/librt-2.12.so
Init 1 root mem REG 286380 186634/lib/libdbus-1.so.3.4.0
Init 1 root 0u CHR 3671 0t0/dev/null
Init 1 root 1u CHR 3671 0t0/dev/null
Init 1 root 2u CHR 3671 0t0/dev/null
Init 1 root 3r FIFO 7969 0t0 pipe
Init 1 root 4 w FIFO 7969 0t0 pipe
Init 1 root 5r DIR 0, 10 0 1 inotify
Init 1 root 6r DIR 0, 10 0 1 inotify
Init 1 root 7u unix 0xf61e3840 0t0 7970 socket
Init 1 root 9u unix 0xf3bab280 0t0 11211 socket
In the FD column output above, the File Descriptor number is displayed, or the following content:
Cwd: current working directory;
Mem: memory-mapped file;
Mmap: memory-mapped device;
Pd: parent directory;
Rtd: root directory;
Txt: program text (code and data );
File Descriptor number Display Mode:
R for read access;
W for write access;
U for read and write access;
In the TYPE column output above, the file TYPE is displayed, for example:
DIR: Directory
LINK: LINK file
REG: Common File
# Check the files opened by the process (init) with pid 1. The output result is equivalent to the above command. They are all init.
/> Lsof-p 1
# View the files opened by the root process as the owner.
/> Lsof-u root
# View files opened by the owner for processes not root.
/> Lsof-u ^ root
# Check the process where the open protocol is tcp, the ip address is 192.168.220.134, and the port is 22.
/> Lsof-I tcp@192.168.220.134: 22
Command pid user fd type device size/OFF NODE NAME
Sshd 2829 root 3r IPv4 19635 0t0 TCP bogon: ssh-> bogon: 15264 (ESTABLISHED)
# View the open/root folder without considering Directory Search
/> Lsof + d/root
# View the open/root folder and Its subdirectory search
/> Lsof + D/root
# View all processes that open the FD (0-3) File
/> Lsof-d 0-3
#-Option a performs and on the selection results of option + d and option-c, and outputs the Merged Results.
/> Lsof + d.
Command pid user fd type device size/OFF NODE NAME
Bash 9707 root cwd DIR 4096 39887.
Lsof 9791 root cwd DIR 4096 39887.
Lsof 9792 root cwd DIR 4096 39887.
/> Lsof-a-c bash + d.
Command pid user fd type device size/OFF NODE NAME
Bash 9707 root cwd DIR 4096 39887.
It should be noted that, if there is (delete) at the end of the file name, it indicates that the file has been deleted, but it is still in the cache.
4. Process search/kill command (pgrep/pkill ):
Find and kill the specified process. Their options and parameters are identical. Here we only introduce pgrep. The following are common command line options:
Option description-d defines the delimiter between multiple processes. If not, use a line break. -N indicates that if the program has multiple processes running, only the latest ones are found, that is, the last processes started. -O indicates that if the program has multiple processes running, only the oldest process is found, that is, the oldest process started first. -G followed by a group id. This command only considers the processes in the group list when searching. -U followed by a group of valid user IDs (effetive user IDs). This command only considers the processes in the valid user list during search. -U followed by a group of actual user IDs. This command only takes the process in the real user list into account when searching. -X indicates that the process name must be completely matched. The preceding options can be partially matched. -L not only prints the pid, but also prints the process name. -F is generally used with-l to print the process parameters.# Manually create two background processes
/> Sleep 1000 &
3456
/> Sleep 1000 &
3457
# Search for a process named sleep and output all the found pid
/> Pgrep sleep
3456
3457
# Find the pid of a process named sleep. If there are multiple process IDs, separate them by using: instead of line breaks.
/> Pgrep-d: sleep
3456: 3457
# Find the pid of the Process named sleep. If there are multiple process IDs, output the last one.
/> Pgrep-n sleep
3457
# Find the pid of the Process named sleep. If there are multiple process IDs, output the first one.
/> Pgrep-o sleep
3456
# Search for a process named sleep. The group of running processes is root and stephen.
/> Pgrep-G root, stephen sleep
3456
3457
# Find the process whose valid user IDs are root and oracle and whose process name is sleep.
/> Pgrep-u root, oracle sleep
3456
3457
# Find the process whose actual user ID is root and oracle and whose process name is sleep.
/> Pgrep-U root, oracle sleep
3456
3457
# Find the process named sleep. Note that the process name found here must exactly match the process name in the parameter.
/> Pgrep-x sleep
3456
3457
#-X does not support partial matching, and the sleep process will not be identified. Therefore, the following command has no result.
/> Pgrep-x lupus
# Find the process named sleep and output all the found pid and process names.
/> Pgrep-l sleep
3456 sleep
3457 sleep
# Search for a process named sleep and output all the found pid, process name, and startup parameters.
/> Pgrep-lf sleep
3456 sleep 1000
3457 sleep 1000
# Search for a process named sleep and output its pid with a comma as the separator. When the result is sent to the ps command,-f indicates that the complete format is displayed, and-p indicates that the pid list is displayed, ps will only output process data in the list.
/> Pgrep-f sleep-d, | xargs ps-fp
UID PID PPID C STIME TTY TIME CMD
Root 3456 2138 0 00:00:00 pts/5 sleep 1000
Root 3457 2138 0 00:00:00 pts/5 sleep 1000