Viewing System Processes using ps and top commands

By
koromicha
-
1
3452

When commands are run on a system, various processes associated with them are created. Among the roles of a system administrator, being able to determine what processes are running, monitor and manage them is a critical skill. There are several program tools that can be used to achieve this. In this tutorial, we are going to explore some of these tools, ps and top.

The ps program.

ps(process status) command is a program that is used to display the status of the current active processes on the system. It accepts three kinds of options:

  • UNIX options, These are options which can be grouped together and must be preceded by a dash (-).
  • BSD options, These options may be grouped and must not be used with a dash.
  • GNU long options, These are multi-character options preceded by two dashes (- -).

The basic ps syntax is:

ps [options]

NB. If ps is used without options, it will display only current processes run from its terminal.

→ ps
PID TTY          TIME CMD
5727 pts/0    00:00:05 zsh
31393 pts/0    00:00:00 ps

Some of the commonly used options inlcude:

  • -A, -e – Displays all the processes running on the system.
  • -u user, -U user, – -User – Displays the processes owned by the specified user.
  • – -pid, -p – Select processes by process ID.
  • – -ppid – Select processes by parent process ID.
  • -F – extra full format listing.
  • -w – displays wide output. When using this option, its good to direct the output to some file.
  • -j – shows session ID and process group ID.
  • -l – long listing.
  • – -help – display help information.
  • – -forest, -f, -H – show process hierarchy.
  • – -sort – specify sort order.
  • – -tty – select processes by attached terminal.
  • – -no-heading, – -no-headers – suppress headers.
  • – -version – displays version information.

By default, ps selects all processes with the same effective user ID (euid=EUID) as the current user and associated with the same terminal as the user who run them. It displays the process ID (pid=PID), the terminal associated with the process (tname=TTY), the cumulated CPU time in [DD-]hh:mm:ss format (time=TIME), and the executable name (ucmd=CMD).

Using BSD-style options will add process state (stat=STAT) to the default display and show the command args (args=COMMAND) instead of the executable name, change the process selection to include processes on other terminals (TTYs) that are owned by logged in user.

The ps header has different columns each with different meaning as discussed below.

A sample output of the ps command:

→ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.1 200828  5588 ?        Ss   Jan30   0:02 /sbin/init nosplash
root         3  0.0  0.0      0     0 ?        S    Jan30   0:06 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S<   Jan30   0:00 [kworker/0:0H]
root       331  0.0  0.0      0     0 ?        D    Jan30   0:17 [rtsx_usb_ms_1]
root       448  0.0  0.4 787916 16220 ?        Ssl  Jan30   0:00 /usr/bin/libvirtd
root       331  0.0  0.0      0     0 ?        D    Jan30   0:17 [rtsx_usb_ms_1]
koromic+   516  0.0  0.0  13692  3192 tty1     Ss+  Jan30   0:00 /bin/sh /usr/bin/startx
koromic+ 14919  0.0  0.0  40952  3520 pts/0    R+   09:21   0:00 ps aux
  • USER – Deines the name of the user owns the process/runs the program.
  • PID – This is the process ID of the process.
  • %CPU – Specifies the percentage of the CPU the process is consuming.
  • %MEM – This s the percentage of memory the program is using.
  • VSZ – Specifies the amount of virtual memory, in KiB, being used by a process.
  • RSS – Resident Set Size, specifies the amount of physical memory, in KiB, being used by the process.
  • TTY – TeleType code, specifies the type of terminal from which the process was launched. This can be tty1 (normal terminal on your server) or pts/0 (pseudo-terminal slave e.g xterm).
  • STAT – Defines the status codes of different processes. Some of the codes are explained below.
  • START – States the time when the process was started.
  • TIME – Displays the total CPU time consumed by the process.
  • COMMAND – States the command used to launch the process including arguments used if any.

Some of the Process Status codes include;

  • Sleeping (S) The process is waiting for an event to complete.
  • s Indicates that the process is a session leader.
  • Running, R Indicates that the process is actively running or is in the queue waiting to be served.
  • uninteruptible sleep (D) The process is in a sleep state that cannot be stopped especially if its waiting for I/O.
  • l shows that the process is multi-threaded.
  • + Indicates that the process is in the background process group.
  • Zombie (Z) Indicates a process that has been stopped but could not be removed by a parent process.
  • < Indicates a process with high-priority.
  • N Indicates a process with low-priority.
  • L Indicates that the process has pages locked into memory.

The output of a ps command is usually truncated so as to fit the display screen. To display a wide output, option – w can be passed as stated in options above.

From the ps output, one can be able to manage processes that are consuming unrealistic CPU time or memory. If, for instance, you want to manage certain processes using their PIDs, you can pipe the output of the ps to grep program. For example, to find the PID of the firefox browser:

    → ps aux | grep firefox
    koromic+ 14974 74.1  9.9 1149980 391764 ?      Rl   10:22   0:12 firefox
    koromic+ 15799  0.0  0.0  10756  2228 pts/0    S+   10:23   0:00 grep --color=auto firefox

The top program.

The top utility is a dynamic variant of ps provides a dynamic real-time overview of all the processes running on the system. It can display system summary information as well as a list of processes or threads currently being managed by the Linux kernel. It can therefore be used to identify processes that are consuming unreasonable amount of CPU.

By default, top sorts its entries by percentage CPU usage.

Sample output of the top command is shown below.

# top
top - 04:09:57 up 45 min,  1 user,  load average: 0.00, 0.01, 0.05
Tasks: 126 total,   2 running, 124 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.0 us,  0.0 sy,  0.0 ni,100.0 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem :  1016768 total,   743312 free,   113704 used,   159752 buff/cache
KiB Swap:   946172 total,   946172 free,        0 used.   749340 avail Mem 

PID USER       PR   NI    VIRT    RES    SHR  S %CPU %MEM     TIME+ COMMAND
1859 zabbix    20    0    82092   1396    592 S  0.3  0.1   0:00.91 zabbix_agentd 
2607 root      20    0    146160  2024   1388 R  0.3  0.2   0:01.05 top            
   1 root      20    0    45964   6488   3900 S  0.0  0.6   0:02.89 systemd            
   2 root      20    0        0      0      0 S  0.0  0.0   0:00.01 kthreadd       
   3 root      20    0        0      0      0 S  0.0  0.0   0:00.00 ksoftirqd/0             
   5 root       0  -20        0      0      0 S  0.0  0.0   0:00.00 kworker/0:0H

Some of the most important parameters displayed by the top utility include load average,system Tasks, system uptime, CPU usage, Memory usage and Swap memory usage.

load average indicates the average number of processes waiting to be served at any given time. It shows system load average over the last 1, 5 and 15 minutes. It is related to the number of CPU core in a system and therefore it should not be higher than the number of CPU cores. In case the load average is way higher than the number of CPU cores, inspect the system to find out the cause and ensure that the system isnot overloaded.

System uptime — Top command can also show the length of time the system has been running. The same result can be obtained using the uptime utility which also shows the system load average.

Tasks — Displays system summary information of all the tasks currently being managed by the Linux kernel.

CPU usage (%Cpu(s):) — This is another performance indicator which summarizes performance of all the CPU cores in the system. Some of the performance indicators are described below:

  • us — Specifies the percentage of CPU time spend on handling user space processes.
  • sy — Indicates the percentage of CPU time spend in kernel space for handling system calls.
  • ni — Amount of CPU time spend while handling processes whose priority (nice value) has been adjusted.
  • id — CPU time spend in idle loop, that is when no program is using the processor.
  • wa — Amount of CPU time spend while waiting for noninterruptible I/O processes such as disks requests.
  • hi — This is the time the processor spends on handling hardware interrupts.
  • si — This is the time the processor spends on handling software interrupts.
  • st — In virtualization environment, this displays amount of the CPU time stolen by the virtual machines from the hypervisor.

Memory usage (KiB Mem:) — This gives an overview of RAM usage. Some of the RAM usage parameters include:

  • total — Total amount of RAM in KiB with 1 KiB being equal to 1024 bytes.
  • free — The amount of RAM that is not being used.
  • used — Total amount of RAM that is being used by various processes.
  • buffers — Amount of RAM memory used hold data temporarily while it is being moved from one place to another.
  • cache — Amount of memory being used to temporarily store frequently accessed data for quick access, thus improving system performance.

Swap space Usage — This is the memory space, located in the hard-drive, that can be used in case there is a shortage in RAM memory. If the system needs more memory resources and the RAM is full, inactive pages (caches that have not been used recently) in memory are moved to the swap space to free up space.

Another important program to check current memory usage is free utility.

Options that can be used when launching the top command include:

  • -d delay — specifies delay between updates. Default rate is usually 5 seconds.
  • -p pid — used to monitor specific processes based on their PIDs. PIDs can be obtained using ps utility.
  • -n iter — tells top to display certain number of updates (iter) and quit.
  • -b — This causes top to operate in batch mode,i.e direct the output to some file instead of displaying them on the screen.

For example, to log a single update of the system performance to a top.txt file in the current directory;

# top -b -n 1 > top.txt

There are other interactive commands that can be used when top is running;

  • M, > key – sorts the display by memory usage.
  • P, < key – sorts the display by the CPU usage (default).
  • s – alters the display update rate.
  • q – quits the top utility.
  • r – alters the priority of a process.
  • k – kills a process,you will be prompted for a PID value.
  • ?, h – displays help.
  • u – sorts the display by the user, it prompts for username.

htop is an alternative process-viewer for top but unlike top, it provides a full listing of processes rather than top-resource consuming processes allowing a user to scroll vertically or horizontally to view all processes and full commands. Besides, one does’t necessarily have to type in the PID nor the priority renice value to kill a process or adjust a priority of a process.

Reference:

# man ps
# man top

RELATED ARTICLESMORE FROM AUTHOR

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here