神马文学网[Nemeth10] 5.7. ps: monitor processes
来源:百度文库 编辑:神马文学网 时间:2024/04/29 00:51:41
5.7. ps: monitor processes
ps is the system administrator’s main tool for monitoring processes. While versions of psdiffer in their arguments and display, they all deliver essentially thesame information. Part of the enormous variation among versions of ps can be traced back to differences in the development history of UNIX. However, psis also a command that vendors tend to customize for other reasons.It’s closely tied to the kernel’s handling of processes, so it tends toreflect all of a vendors’ underlying kernel changes.
pscan show the PID, UID, priority, and control terminal of processes. Italso gives information about how much memory a process is using, howmuch CPU time it has consumed, and its current status (running,stopped, sleeping, etc.). Zombies show up in a ps listing as
Implementations of pshave become hopelessly complex over the last decade. Several vendorshave abandoned the attempt to define meaningful displays and made theirpsescompletely configurable. With a little customization work, almost anydesired output can be produced. As a case in point, the psused by Linux is a trisexual and hermaphroditic version thatunderstands multiple option sets and uses an environment variable totell it what universe it’s living in.
Do not be alarmed byall this complexity: it’s there mainly for developers, not for systemadministrators. Although you will use ps frequently, you only need to know a few specific incantations.
On Linux and AIX, you can obtain a useful overview of all the processes running on the system with ps aux. The a option means to show all processes, x means to show even processes that don’t have a control terminal, and u selects the “user oriented” output format. Here’s an example of ps aux output on a machine running Red Hat (AIX output for the same command differs slightly):
Code View:Scroll/Show Allredhat$ ps aux
USER PID %CPU%MEM VSZ RSS TTY STAT TIME COMMAND
root 1 0.1 0.2 3356 560 ? S 0:00 init [5]
root 2 0 0 0 0 ? SN 0:00 [ksoftirqd/0]
root 3 0 0 0 0 ? S< 0:00 [events/0]
root 4 0 0 0 0 ? S< 0:00 [khelper]
root 5 0 0 0 0 ? S< 0:00 [kacpid]
root 18 0 0 0 0 ? S< 0:00 [kblockd/0]
root 28 0 0 0 0 ? S 0:00 [pdflush]
...
root 196 0 0 0 0 ? S 0:00 [kjournald]
root 1050 0 0.1 2652 448 ? Sroot 1472 0 0.3 3048 1008 ? Sroot 1646 0 0.3 3012 1012 ? Sroot 1733 0 0 0 0 ? S 0:00 [kjournald]
root 2124 0 0.3 3004 1008 ? Ss 0:00 /sbin/dhclient -1
root 2182 0 0.2 2264 596 ? Ss 0:00 syslogd -m 0
root 2186 0 0.1 2952 484 ? Ss 0:00 klogd -x
rpc 2207 0 0.2 2824 580 ? Ss 0:00 portmap
rpcuser 2227 0 0.2 2100 760 ? Ss 0:00 rpc.statd
root 2260 0 0.4 5668 1084 ? Ss 0:00 rpc.idmapd
root 2336 0 0.2 3268 556 ? Ss 0:00 /usr/sbin/acpid
root 2348 0 0.8 9100 2108 ? Ss 0:00 cupsd
root 2384 0 0.6 4080 1660 ? Ss 0:00 /usr/sbin/sshd
root 2399 0 0.3 2780 828 ? Ss 0:00 xinetd -stayalive
root 2419 0 1.1 7776 3004 ? Ss 0:00 sendmail: accept
...
Command names in bracketsare not really commands at all but rather kernel threads scheduled asprocesses. The meaning of each field is shown in Table 5.4 on the next page.
Table 5.4. Explanation of ps aux output
Additional flags:R = Runnable
S = Sleeping (< 20 sec)
Z = Zombie
D = In uninterruptible sleep
T = Traced or stopped
TIME CPU time the process has consumed COMMAND Command name and arguments[a]W = Process is swapped out
< = Process has higher than normal priority
N = Process has lower than normal priority
L = Some pages are locked in core
s = Process is a session leader
[a] Programs can modify this info, so it’s not necessarily an accurate representation of the actual command line.
Another useful set of arguments for Linux and AIX is lax, which provides more technical information. The a and x options are as above (show every process), and l selects the “long” output format. ps lax is also slightly faster to run than ps aux because it doesn’t have to translate every UID to a username—efficiency can be important if the system is already bogged down.
Shown here in an abbreviated example, ps laxincludes fields such as the parent process ID (PPID), nice value (NI),and the type of resource on which the process is waiting (WCHAN).
redhat$ ps lax
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TIME COMMAND
4 0 1 0 16 0 3356 560 select S 0:00 init [5]
1 0 2 1 34 19 0 0 ksofti SN 0:00 [ksoftirqd/0
1 0 3 1 5-10 0 0 worker S> 0:00 [events/0]
1 0 4 3 5-10 0 0 worker S> 0:00 [khelper]
5 0 2186 1 16 0 2952 484 syslog Ss 0:00 klogd -x
5 32 2207 1 15 0 2824 580 - Ss 0:00 portmap
5 29 2227 1 18 0 2100 760 select Ss 0:00 rpc.statd
1 0 2260 1 16 0 5668 1084 - Ss 0:00 rpc.idmapd
1 0 2336 1 21 0 3268 556 select Ss 0:00 acpid
5 0 2384 1 17 0 4080 1660 select Ss 0:00 sshd
1 0 2399 1 15 0 2780 828 select Ss 0:00 xinetd -sta
5 0 2419 1 16 0 7776 3004 select Ss 0:00 sendmail: a
...
Under Solaris and HP-UX, ps -ef is a good place to start. The e option selects all processes, and the f option sets the output format. (ps -ef also works on AIX and Linux systems; note the dash.)
solaris$ ps -ef
UID PID PPID C STIME TTY TIME COMD
root 0 0 80 Dec 21 ? 0:02 sched
root 1 0 2 Dec 21 ? 4:32 /etc/init-
root 2 0 8 Dec 21 ? 0:00 pageout
root 171 1 80 Dec 21 ? 0:02 /usr/lib/sendmail-bd
trent 8482 8444 35 14:34:10 pts/7 0:00 ps-ef
trent 8444 8442 203 14:32:50 pts/7 0:01 -csh
...
The columns in the ps -ef output are explained in Table 5.5.
Table 5.5. Explanation of ps -ef output
Like ps lax in the Linux and AIX worlds, ps -elf shows additional gory details on Solaris and HP-UX systems:
% ps -elf
F S UID PID PPID C P NI ADDR SZ WCHAN TIME COMD
19 T root 0 0 80 0 SY f00c2fd8 0 0:02 sched
8 S root 1 0 65 1 20 ff26a800 88 ff2632c8 4:32 init-
8 S root 142 1 41 1 20 ff2e8000 176 f00cb69 0:00 syslogd
...
The STIME and TTY columns have been omitted to fit this page; they are identical to those produced with ps -ef. Nonobvious fields are described in Table 5.6 on the next page.
Table 5.6. Explanation of ps -elf output
C Process CPU utilization/scheduling info P Scheduling priority (internal to the kernel, different from nice value) NI Nice value or SY for system processes ADDR Memory address of the process SZ Size (in pages) of the process in main memory WCHAN Address of the object the process is waiting forO = Currently running
R = Eligible to run
Z = Zombie
S = Sleeping (waiting for event)
T = Stopped or being traced
D = Uninterruptible sleep (disk, usually)