This tutorial will guide you on viewing system processes using ps and top commands. When commands are run on a system, various processes associated with them are created. Among the roles of a system administrator, being able to determine what processes are running, monitor and manage them is a critical skill. There are several program tools that can be used to achieve this. In this tutorial, we are going to explore some of these tools, ps and top.
Table of Contents
Viewing System Processes using ps and top commands
Viewing System Processes using ps command in Linux
ps(process status) command is a program that is used to display the status of the current active processes on the system. It accepts three kinds of options:
- UNIX options, These are options which can be grouped together and must be preceded by a dash (-).
- BSD options, These options may be grouped and must not be used with a dash.
- GNU long options, These are multi-character options preceded by two dashes (–).
Basic ps command Syntax
The basic ps syntax is:
ps [options]NB. If ps is used without options, it will display only current processes run from its terminal.
psPID TTY TIME CMD
5727 pts/0 00:00:05 zsh
31393 pts/0 00:00:00 psCommonly Used ps Command Options
Some of the commonly used options include:
-A,-e– Displays all the processes running on the system.-u user,-U user,--User– Displays the processes owned by the specified user.--pid, -p – Select processes by process ID.--ppid– Select processes by parent process ID.-F– extra full format listing.-w– displays wide output. When using this option, its good to direct the output to some file.-j– shows session ID and process group ID.-l– long listing.--help– display help information.--forest, -f, -H – show process hierarchy.--sort– specify sort order.--tty– select processes by attached terminal.--no-heading,--no-headers– suppress headers.--version– displays version information.
The ps command Output Headers
By default, ps selects all processes with the same effective user ID (euid=EUID) as the current user and associated with the same terminal as the user who run them.
It displays the process ID (pid=PID), the terminal associated with the process (tname=TTY), the cumulated CPU time in [DD-]hh:mm:ss format (time=TIME), and the executable name (ucmd=CMD).
Using BSD-style options will add process state (stat=STAT) to the default display and show the command args (args=COMMAND) instead of the executable name, change the process selection to include processes on other terminals (TTYs) that are owned by logged in user.
The ps header has different columns each with different meaning as discussed below.
A sample output of the ps command:
ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 200828 5588 ? Ss Jan30 0:02 /sbin/init nosplash
root 3 0.0 0.0 0 0 ? S Jan30 0:06 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< Jan30 0:00 [kworker/0:0H]
root 331 0.0 0.0 0 0 ? D Jan30 0:17 [rtsx_usb_ms_1]
root 448 0.0 0.4 787916 16220 ? Ssl Jan30 0:00 /usr/bin/libvirtd
root 331 0.0 0.0 0 0 ? D Jan30 0:17 [rtsx_usb_ms_1]
koromic+ 516 0.0 0.0 13692 3192 tty1 Ss+ Jan30 0:00 /bin/sh /usr/bin/startx
koromic+ 14919 0.0 0.0 40952 3520 pts/0 R+ 09:21 0:00 ps aux
Demystifying the ps command headers;
- USER – Defines the name of the user owns the process/runs the program.
- PID – This is the process ID of the process.
- %CPU – Specifies the percentage of the CPU the process is consuming.
- %MEM – This s the percentage of memory the program is using.
- VSZ – Specifies the amount of virtual memory, in KiB, being used by a process.
- RSS – Resident Set Size, specifies the amount of physical memory, in KiB, being used by the process.
- TTY – TeleType code, specifies the type of terminal from which the process was launched. This can be tty1 (normal terminal on your server) or pts/0 (pseudo-terminal slave e.g xterm).
- STAT – Defines the status codes of different processes. Some of the codes are explained below.
- START – States the time when the process was started.
- TIME – Displays the total CPU time consumed by the process.
- COMMAND – States the command used to launch the process including arguments used if any.
ps command Process Status codes
Some of the Process Status codes include;
Sleeping (S): This is an Interruptible sleep. The process is waiting for an event to complete or for a system resource to become available.sIndicates that the process is a session leader. A session leader is a process that creates a new session and group ID for a group of related processes. When a session leader terminates, its process group is sent a SIGHUP signal, which typically causes the processes in that group to terminate as wellR (Running or runnable)Indicates that the process is actively running or is in the queue waiting to be it is waiting to be executed by the CPU.uninteruptible sleep (D)The process is in a sleep state that cannot be stopped especially if its waiting for I/O. This usually happens when a process is waiting for a system resource that is not currently available.lshows that the process is multi-threaded and has threads that are executing concurrently.+Indicates that the process is in the foreground process group.-Process is in the background process group of its control terminal.Zombie/Defunct (Z)Indicates a process that has been stopped but could not be removed by a parent process.<Indicates a process with high-priority.NIndicates a process with scheduling low-priority.LIndicates that the process has pages locked into memory.T– Stopped. This means that the process has been stopped by a signal or a user action and it can be resumed later.X– Dead. This indicates that the process has been terminated or crashed.
Display wide ps command output
The output of a ps command is usually truncated so as to fit the display screen.
To display a wide output, option – w can be passed as stated in options above.
The -w option tells ps to use 132 columns to display output instead of the default 80 columns.
Here’s the command to display the ps output in wide format:
ps -efwManaging Processes based on ps command output
From the ps output, one can be able to manage processes that are consuming unrealistic CPU time or memory based on their PID (Process ID) which is usually shown in the second column of the ps output. Some common management commands you can use:
kill: Sends a signal to a process to request it to terminate. For example,kill 1234will send the defaultTERMsignal to process ID 1234 to request it to terminate.killall: Sends a signal to all processes with a certain name. For example,killall chromewill send the defaultTERMsignal to all processes namedchrometo request them to terminate.pkill: Sends a signal to a process based on its name. For example,pkill firefoxwill send the defaultTERMsignal to all processes namedfirefoxto request them to terminate.renice: Changes the priority of a running process. You can userenicecommand followed by the priority level and the PID of the process to change its priority. For example,renice +10 1234will increase the priority of process ID 1234 by 10.
Viewing System Processes using top command in Linux
The top utility is a dynamic variant of ps provides a dynamic real-time overview of all the processes running on the system. It can display system summary information as well as a list of processes or threads currently being managed by the Linux kernel.
By default, top sorts its entries by percentage CPU usage.
Sample output of the top command is shown below.
top
top - 12:14:36 up 14 min, 1 user, load average: 0.28, 0.34, 0.28
Tasks: 122 total, 1 running, 121 sleeping, 0 stopped, 0 zombie
%Cpu(s): 2.2 us, 0.8 sy, 0.0 ni, 96.8 id, 0.0 wa, 0.0 hi, 0.2 si, 0.0 st
MiB Mem : 1975.8 total, 62.7 free, 1468.9 used, 444.2 buff/cache
MiB Swap: 1870.0 total, 1781.5 free, 88.5 used. 347.6 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1016 elastic+ 20 0 3270644 902772 23716 S 5.0 44.6 2:00.14 java
679 kibana 20 0 11.1g 344300 27532 S 2.3 17.0 0:48.46 node
675 elastic+ 20 0 2602252 25528 20172 S 0.3 1.3 0:03.94 java
1639 root 20 0 0 0 0 I 0.3 0.0 0:00.17 kworker/1:2-events
2363 kifarun+ 20 0 10472 4020 3332 R 0.3 0.2 0:00.04 top
1 root 20 0 167768 12828 7960 S 0.0 0.6 0:03.13 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gp
4 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_par_gp
5 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 slub_flushwq
6 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 netns
8 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 kworker/0:0H-events_highpri
9 root 20 0 0 0 0 I 0.0 0.0 0:00.73 kworker/u4:0-ext4-rsv-conversion
10 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 mm_percpu_wq
11 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_tasks_rude_
12 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_tasks_trace
13 root 20 0 0 0 0 S 0.0 0.0 0:00.36 ksoftirqd/0
14 root 20 0 0 0 0 I 0.0 0.0 0:00.38 rcu_sched
15 root rt 0 0 0 0 S 0.0 0.0 0:00.00 migration/0
16 root -51 0 0 0 0 S 0.0 0.0 0:00.00 idle_inject/0
17 root 20 0 0 0 0 I 0.0 0.0 0:00.40 kworker/0:1-inode_switch_wbs
18 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/0
19 root 20 0 0 0 0 S 0.0 0.0 0:00.00 cpuhp/1
20 root -51 0 0 0 0 S 0.0 0.0 0:00.00 idle_inject/1
21 root rt 0 0 0 0 S 0.0 0.0 0:00.16 migration/1
22 root 20 0 0 0 0 S 0.0 0.0 0:00.19 ksoftirqd/1
23 root 20 0 0 0 0 I 0.0 0.0 0:00.02 kworker/1:0-cgroup_destroy
Most Important Parameters displayed by top
Some of the most important parameters displayed by the top utility include; load average,system Tasks, system uptime, CPU usage, Memory usage and Swap memory usage.
- load average indicates the average number of processes waiting to be served at any given time. It shows system load average over the last 1, 5 and 15 minutes. It is related to the number of CPU core in a system and therefore it should not be higher than the number of CPU cores. In case the load average is way higher than the number of CPU cores, inspect the system to find out the cause and ensure that the system is not overloaded.
- System uptime — Top command can also show the length of time the system has been running. The same result can be obtained using the uptime utility which also shows the system load average.
- Tasks — Displays system summary information of all the tasks currently being managed by the Linux kernel.
- CPU usage (%Cpu(s):) — This is another performance indicator which summarizes performance of all the CPU cores in the system. Some of the performance indicators are described below:
- us: Specifies the percentage of CPU time spend on handling user space processes.
- sy: Indicates the percentage of CPU time spend in kernel space for handling system calls.
- ni: Amount of CPU time spend while handling processes whose priority (nice value) has been adjusted.
- id: CPU time spend in idle loop, that is when no program is using the processor.
- wa: Amount of CPU time spend while waiting for non-interruptible I/O processes such as disks requests to complete.
- hi: This is the time the processor spends on handling hardware interrupts.
- si: This is the time the processor spends on handling software interrupts.
- st: In virtualization environment, this displays amount of the CPU time stolen by the virtual machines from the hypervisor.
- Memory usage (KiB Mem:) — This gives an overview of RAM usage. Some of the RAM usage parameters include:
- total: Total amount of RAM in KiB with 1 KiB being equal to 1024 bytes.
- free: The amount of RAM that is not being used.
- used: Total amount of RAM that is being used by various processes.
- buffers: Amount of RAM memory used hold data temporarily while it is being moved from one place to another.
- cache: Amount of memory being used to temporarily store frequently accessed data for quick access, thus improving system performance.
- Swap space Usage — This is the memory space, located in the hard-drive, that can be used in case there is a shortage in RAM memory. If the system needs more memory resources and the RAM is full, inactive pages (caches that have not been used recently) in memory are moved to the swap space to free up space.
Another important program to check current memory usage is free utility.
Options that can be used when launching top command
Options that can be used when launching the top command include:
- -d delay: specifies delay between updates. Default rate is usually 5 seconds.
- -p pid: used to monitor specific processes based on their PIDs. PIDs can be obtained using ps utility.
- -n iter: tells top to display certain number of updates (iter) and quit.
- -b: This causes top to operate in batch mode,i.e direct the output to some file instead of displaying them on the screen.
For example, to log a single update of the system performance to a top.txt file in the current directory;
top -b -n 1 > top.txtThere are other interactive commands that can be used when top is running (You can press these on the keyboard when top is running);
- M or > key – sorts the display by memory usage.
- P or < key – sorts the display by the CPU usage (default).
- s – alters the display update rate.
- q – quits the top utility.
- r – alters the priority of a process.
- k – kills a process,you will be prompted for a PID value.
- ?, h – displays help.
- u – sorts the display by the user, it prompts for username.
htop is an alternative process-viewer for top but unlike top, it provides a full listing of processes rather than top-resource consuming processes allowing a user to scroll vertically or horizontally to view all processes and full commands. Besides, one does’t necessarily have to type in the PID nor the priority renice value to kill a process or adjust a priority of a process.
Reference:
Other Tutorials
Lock Linux User Account after Multiple Failed Login Attempts
Hi,
Great…
Thanks a lot