 |
|
Find Processes by Pattern or User
Linux Tips by Burleson Consulting |
The pgrep command is used
to find processes which have a certain pattern in the command. The following
command looks for processes containing the pattern nautilus. The process ID
number of any matching process(es) is returned.
$ pgrep nautilus
18094
3149
20224
11597
31355
pgrep is a useful way to find specific running programs
but should be used judiciously. You could very easily end up with more than you
had planned.
Another way to see only those processes owned by a
specific user is the ?u option. The following are the pids for the lp user:
$ pgrep ?u lp
22233
28688
30970
7593
10833
2005
32267
26226
You can combine these two methods to match a specific
user and pattern. Here we see the process IDs for processes owned by the user
lp which match the pattern foomatic.
$ pgrep ?u lp foomatic
22233
28688
30970
Now let's look at the most active processes in the
system.
Display the Most Active Processes
The top command provides a dynamic display of the
current activity within a Linux system. By default top will list running
processes owned by all users. The processes which are currently using the most
CPU are listed first and top will list as many processes as will fit on the
screen.
$ top
top - 22:58:28 up 4:49, 2 users, load average: 0.03,
0.08, 0.05
Tasks: 79 total, 1 running, 78 sleeping, 0
stopped, 0 zombie
Cpu(s): 22.3% user, 5.6% system, 0.0% nice, 72.1%
idle
Mem: 255656k total, 238208k used, 17448k
free, 23460k buffers
Swap: 506008k total, 0k used, 506008k
free, 96400k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM
TIME+ Command
18325 root 17 0 41524 16m 1952 S 23.6 6.5
5:10.99 X
21234 terry 12 0 10648 10m 7180 S 2.6 4.2
0:33.20 gnome-terminal
11784 root 14 0 984 984 772 R 1.6 0.4
0:00.46 top
1 root 9 0 500 500 448 S 0.0 0.2
0:05.12 init
2 root 9 0 0 0 0 S 0.0 0.0
0:00.06 keventd
3 root 9 0 0 0 0 S 0.0 0.0
0:00.15 kapmd
4 root 18 19 0 0 0 S 0.0 0.0
0:00.00 ksoftirqd_CPU0
5 root 9 0 0 0 0 S 0.0 0.0
0:00.00 kswapd
6 root 9 0 0 0 0 S 0.0 0.0
0:00.00 bdflush
7 root 9 0 0 0 0 S 0.0 0.0
0:00.14 kupdated
8 root -1 -20 0 0 0 S 0.0 0.0
0:00.00 mdrecoveryd
12 root 9 0 0 0 0 S 0.0 0.0
0:00.33 kjournald
13282 root 9 0 0 0 0 S 0.0 0.0
0:00.00 khubd
14301 root 9 0 0 0 0 S 0.0 0.0
0:00.00 kjournald
8235 root 9 0 968 968 696 S 0.0 0.4
0:00.00 dhclient
13016 rpc 9 0 536 536 464 S 0.0 0.2
0:00.01 portmap
1867 root 9 0 624 624 520 S 0.0 0.2
0:00.25 syslogd
9038 root 9 0 1312 1312 436 S 0.0 0.5
0:00.32 klogd
27920 xfs 9 0 3724 3724 952 S 0.0 1.5
0:00.25 xfs
4918 root 9 0 3096 3096 2952 S 0.0 1.2
0:00.18 gdm-binary
31982 daemon 9 0 504 504 444 S 0.0 0.2
0:00.00 atd
14666 root 9 0 1360 1360 1148 S 0.0 0.5
0:00.14 sshd
14744 root 9 0 876 876 756 S 0.0 0.3
0:00.02 xinetd
18588 root 9 0 4160 4160 3728 S 0.0 1.6
0:00.84 gdm-binary
22969 root 9 0 2040 2040 1296 S 0.0 0.8
0:01.08 cupsd
24020 lp 9 0 4232 4232 3756 S 0.0 1.7
0:07.72 foomatic-rip
22081 root 9 0 2332 2332 1164 S 0.0 0.9
0:00.58 smb
17197 root 9 0 452 452 416 S 0.0 0.2
0:00.00 rwhod
29921 root 9 0 552 552 508 S 0.0 0.2
0:00.07 rwhod
27808 lp 9 0 4236 4236 4056 S 0.0 1.7
0:00.01 foomatic-rip
Once you are done in top you just need to type q to quit
and return to the command line.
Here we see the default top output. There's a lot here,
but here are a few of the highlights. Some of this will be familiar from the ps
output.
|
top output field |
Description |
|
up |
How long this system has been
running. May be in days |
|
users |
Number of connected users |
|
load average |
Number of processes currently running
plus the number waiting to run over one, five and fifteen minutes*. |
|
Tasks (or processes) |
The total number of active processes |
|
CPU |
user |
|
system |
idle |
|
iowait (not shown) |
How the CPU is currently being used |
|
The percent of CPU consumed by user
processes |
The percent of CPU consumed by system
processes |
|
The percent of CPU not currently
being used |
The percent of CPU spent waiting for
data (typically disk) |
|
Mem |
total |
|
used |
free |
|
Memory usage information |
The total amount of memory in this
system |
|
Memory currently used in the system |
Unused memory |
|
Swap |
total |
|
used |
free |
|
Information about disk being used as
memory |
Total amount of disk assigned for use
as memory |
|
Swap currently in use |
Unused swap |
|
PID |
Process ID number of this process |
|
USER |
Username of the process owner |
|
%CPU |
Percent of CPU currently being used
by this process |
|
%MEM |
Percent of total memory being used by
this process |
|
TIME |
Total CPU time consumed by this
process |
|
Command |
The command which was executed
(truncated) |
* The calculation is more complicated than this, but
this simple explanation will suffice for now. Generally a system with a load
average lower than its number of CPUs is keeping up with its work. One with a
load average of one to two times its number of CPUs is starting to fall behind
and things aren't getting done as quickly as they are coming in, but a load
average of several times the number of CPUs typically indicates the system is
bogged down. Of course user experience is the best indicator of system
performance.
The one, five and fifteen minute load averages are
useful for identifying the trend of the system. If the one minute load average
is lower than the five and fifteen minute averages the system has probably
finished some large tasks and the system is getting less busy than it previously
was. If the one and five minute averages are higher it is likely the system is
getting busier than it was fifteen minutes ago.
While running top there are several commands which will
change what top shows you. Some common ones are:
* Spacebar: Refreshes the display
* h: Display the help screen
* k: Kills a process*
* n: Changes the number of processes displayed
* u: Specify what user's tasks to view (blank for all
users)
* p: Sorts tasks by CPU usage
* s: Change the number of seconds between refreshing
* q: Quit top
*We'll talk more about killing processes later in this
chapter. For now you probably don't want to use this command. The rest of them
you can go ahead and experiment with.
As with most other commands, top can be started with a
number of different options. The most commonly used option when logged in as
root is the -u option to limit the active process display to a particular user.
$ top ?u terry
top - 23:20:22 up 5:11, 2 users, load average: 0.33,
0.17, 0.06
Tasks: 79 total, 2 running, 77 sleeping, 0
stopped, 0 zombie
Cpu(s): 18.8% user, 4.2% system, 0.0% nice, 77.0%
idle
Mem: 255656k total, 240748k used, 14908k
free, 24772k buffers
Swap: 506008k total, 0k used, 506008k
free, 96796k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM
TIME+ Command
21462 terry 9 0 12440 12m 8332 S 2.4 4.9
0:15.11 gnome-panel --sm-client-id default2
21234 terry 9 0 12380 12m 8160 S 1.8 4.8
0:47.21 /usr/bin/gnome-terminal
4029 terry 9 0 7476 7476 5040 S 1.4 2.9
0:30.15 /usr/bin/metacity --sm-client-id=default1
7416 terry 9 0 27600 26m 10m S 1.0 10.8
0:32.55 nautilus --no-default-window --sm-client-id default3
6513 terry 9 0 11736 11m 10m S 0.2 4.6
0:02.20 kdeinit: kded
3696 terry 9 0 8724 8720 5876 S 0.0 3.4
0:01.79 gnome-session
4054 terry 9 0 7224 7224 1988 S 0.0 2.8
0:01.79 /usr/lib/gconfd-2 11
25812 terry 9 0 2472 2472 1904 S 0.0 1.0
0:00.39 /usr/lib/bonobo-activation-server --ac-activate --ior-output-
11467 terry 9 0 2676 2676 2148 S 0.0 1.0
0:00.88 gnome-smproxy --sm-client-id default0
13021 terry 9 0 6420 6416 5092 S 0.0 2.5
0:00.97 gnome-settings-daemon --oaf-activate-iid=OAFIID:GNOME_Settings
11135 terry 9 0 1744 1744 1140 S 0.0 0.7
0:06.07 [fam]
25609 terry 9 0 27600 26m 10m S 0.0 10.8
0:00.19 nautilus --no-default-window --sm-client-id default3
31992 terry 9 0 27600 26m 10m S 0.0 10.8
0:00.58 nautilus --no-default-window --sm-client-id default3
11456 terry 9 0 27600 26m 10m S 0.0 10.8
0:01.55 nautilus --no-default-window --sm-client-id default3
2216 terry 9 0 27600 26m 10m S 0.0 10.8
0:00.00 nautilus --no-default-window --sm-client-id default3
18785 terry 9 0 6920 6916 5604 S 0.0 2.7
0:00.69 /usr/lib/notification-area-applet --oaf-activate-
id=OAFIID:GN
30999 terry 9 0 4228 4228 3508 S 0.0 1.7
0:01.08 pam-panel-icon --sm-client-id default4
8494 terry 9 0 17724 17m 13m S 0.0 6.9
0:30.34 kwrite
4890 terry 8 0 7888 7888 7684 S 0.0 3.1
0:00.03 kdeinit: Running...
16796 terry 9 0 8380 8380 8080 S 0.0 3.3
0:00.08 kdeinit: dcopserver --nosid --suicide
29590 terry 9 0 8924 8924 8540 S 0.0 3.5
0:00.21 kdeinit: klauncher
23583 terry 9 0 8524 8524 8188 S 0.0 3.3
0:00.23 kdeinit: kio_file file /tmp/ksocket-
erry/klauncherjEhebb.slav
17263 terry 9 0 576 576 504 S 0.0 0.2
0:00.02 [gnome-pty-helpe]
14241 terry 9 0 1540 1540 1096 S 0.0 0.6
0:00.28 bash
Here we see the top processes owned by the user terry.
As you can see, the ?u option works very similarly with top as it did with ps.
While you are running top you can
Now that we know how to track down running processes we
might find some we need to do away with. In the next section we'll see how to
kill processes. Be careful with these commands, especially if you have root
privileges!
This is an excerpt from "Easy
Linux Commands" by Linux guru Jon Emmons. You can purchase it for only
$19.95 (30%-off) at
this link.
and include the URL for the page.
