Home » linux-commands » How To Monitor Linux Server with ps command

How To Monitor Linux Server with ps command

The ps command on linux is one of the most basic commands for viewing the running processes on the linux. It provides the current processes and services with detailed like cpu usage, memory utilization, user id, command name etc. ps command is very usefully for every linux system admin should know about it
To view every process on the system execute the following command:

root@linuxpcfix [/user]# ps -e
root@linuxpcfix [/user]# ps -ef
root@linuxpcfix [/user]# ps -eF
root@linuxpcfix [/user]# ps -ely

sample output

UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
root 1 0 0 8478 2900 0 10:35 ? 00:00:01 /sbin/init
root 2 0 0 0 0 0 10:35 ? 00:00:00 [kthreadd]
root 3 2 0 0 0 0 10:35 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 0 0 0 10:35 ? 00:00:00 [kworker/0:0H]
root 7 2 0 0 0 1 10:35 ? 00:00:04 [rcu_sched]
root 8 2 0 0 0 0 10:35 ? 00:00:03 [rcuos/0]
root 9 2 0 0 0 0 10:35 ? 00:00:01 [rcuos/1]
root 10 2 0 0 0 1 10:35 ? 00:00:00 [rcuos/2]
root 11 2 0 0 0 0 10:35 ? 00:00:00 [rcuos/3]
root 12 2 0 0 0 0 10:35 ? 00:00:00 [rcu_bh]
root 13 2 0 0 0 0 10:35 ? 00:00:00 [rcuob/0]
root 14 2 0 0 0 0 10:35 ? 00:00:00 [rcuob/1]
root 15 2 0 0 0 0 10:35 ? 00:00:00 [rcuob/2]
root 16 2 0 0 0 0 10:35 ? 00:00:00 [rcuob/3]

To reveals every process on the system using BSD syntax:

root@linuxpcfix [/user]# ps ax
root@linuxpcfix [/user]# ps axu

To print a process tree:

root@linuxpcfix [/user]# ps -ejH
root@linuxpcfix [/user]# ps axjf

Sample output

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 33912 2900 ? Ss 10:35 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S 10:35 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 10:35 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 10:35 0:00 [kworker/0:0H] root 7 0.0 0.0 0 0 ? S 10:35 0:04 [rcu_sched] root 8 0.0 0.0 0 0 ? S 10:35 0:03 [rcuos/0] root 9 0.0 0.0 0 0 ? S 10:35 0:01 [rcuos/1] root 10 0.0 0.0 0 0 ? S 10:35 0:00 [rcuos/2] root 11 0.0 0.0 0 0 ? S 10:35 0:00 [rcuos/3] root 12 0.0 0.0 0 0 ? S 10:35 0:00 [rcu_bh] root 13 0.0 0.0 0 0 ? S 10:35 0:00 [rcuob/0] root 14 0.0 0.0 0 0 ? S 10:35 0:00 [rcuob/1] root 15 0.0 0.0 0 0 ? S 10:35 0:00 [rcuob/2] root 16 0.0 0.0 0 0 ? S 10:35 0:00 [rcuob/3] root 17 0.0 0.0 0 0 ? S 10:35 0:04 [migration/0] root 26 0.0 0.0 0 0 ? S 10:35 0:00 [watchdog/0] root 27 0.0 0.0 0 0 ? S 10:35 0:00 [watchdog/1] root 20 0.1 0.0 0 0 ? S 10:35 0:04 [migration/1] root 21 0.0 0.0 0 0 ? S 10:35 0:00 [ksoftirqd/1] root 23 0.0 0.0 0 0 ? S< 10:35 0:00 [kworker/1:0H] root 24 0.0 0.0 0 0 ? S< 10:35 0:00 [khelper] root 25 0.0 0.0 0 0 ? S 10:35 0:00 [kdevtmpfs]

To get information about threads:

root@linuxpcfix [/user]# ps -eLf
root@linuxpcfix [/user]#ps axms

Sample Output

ID PID PENDING BLOCKED IGNORED CAUGHT STAT TTY TIME COMMAND
0 1 00000000000000000000 – – – – ? 2:55 /sbin/init

0 2 0000000000000000000 – – – – ? 0:00 [kthreadd]
0 3 00000000000000000000 – – – – – ? 2:40 [ksoftirqd/0]
– 2:40 –
0 5 0000000000000000000 – – – – – ? 0:00 [kworker/0:0H]

0 7 0000000000000000000 – – – – – ? 8:11 [rcu_sched]
– 8:11 –
0 8 0000000000000000000 – – – – ? 18:09 [rcuos/0]
18:09 –
0 9 0000000000000000000 – – – – – ? 0:00 [rcuos/1]

0 10 0000000000000000 00 – – – – – ? 0:00 [rcuos/2]
0 11 0000000000000000000 – – – — ? 0:00 [rcuos/3]

0 12 0000000000000000 000 – – – – ? 0:00 [rcuos/4]

To reveals security information:

root@linuxpcfix [/user]# ps -eo fuser,suser,ruser,euser,f,comm,label
root@linuxpcfix [/user]# ps axZ
root@linuxpcfix [/user]# ps -eM

Sample Output

FUSER SUSER RUSER EUSER F COMMAND LABEL
root root root root 44 init unconfined
root root root root 1 kthreadd unconfined
root root root root 1 ksoftirqd/0 unconfined
root root root root 1 kworker/0:0H unconfined
root root root root 1 rcu_sched unconfined
root root root root 1 rcuos/0 unconfined
root root root root 1 rcuos/1 unconfined
root root root root 1 rcuos/2 unconfined
root root root root 1 rcuos/3 unconfined
root root root root 1 rcuos/4 unconfined
root root root root 1 rcuos/5 unconfined
root root root root 1 rcuos/6 unconfined
root root root root 1 rcuos/7 unconfined
root root root root 1 rcuos/8 unconfined
root root root root 1 rcuos/9 unconfined

To see every process running as user (real & effective ID) in user format:

root@linuxpcfix [/user]# ps -U root -u root u ps -U nrinewsp -u nrinewsp u

To view every process with a user-defined format:

root@linuxpcfix [/user]# ps -eo class,tid,pid,ni,rtprio,comm,pcpu,rtprio,stat,wchan:14,psr
root@linuxpcfix [/user]# ps axo stat,euid,ppid,pid,pcpu,comm,ruid,tty,tpgid,sess,pgrp
root@linuxpcfix [/user]# ps -eopid,tt,user,fname,tmout,f,wchan

To see only the process IDs of syslogd:

root@linuxpcfix [/user]# ps -C syslogd -o pid=

To see only the name of PID 2307:

root@linuxpcfix [/user]# ps -p 2307 -o comm=

Use “ww” with “aux” for whole information related the process including all CLI parameters

root@linuxpcfix [/user]# ps auxww

Output

USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 37216 3788 ? Ss 2015 2:55 /sbin/init
root 2 0.0 0.0 0 0 ? S 2015 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 2015 2:40 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 2015 0:00 [kworker/0:0H] root 7 0.0 0.0 0 0 ? S 2015 8:11 [rcu_sched] root 8 0.0 0.0 0 0 ? S 2015 18:09 [rcuos/0] root 9 0.0 0.0 0 0 ? S 2015 0:00 [rcuos/1] root 128 0.0 0.0 0 0 ? S 2015 0:00 [rcuob/56] root 129 0.0 0.0 0 0 ? S 2015 0:00 [rcuob/57] root 130 0.0 0.0 0 0 ? S 2015 0:00 [rcuob/58] message+ 1050 0.0 0.0 39312 1228 ? Ss 2014 0:01 dbus-daemon --system --fork syslog 1115 0.0 3.1 257380 63076 ? Ssl 2014 12:22 rsyslogd root 1190 0.0 0.0 14540 620 tty4 Ss+ 2015 0:00 /sbin/getty -8 38400 tty4 root 1193 0.0 0.0 14540 620 tty5 Ss+ 2015 0:00 /sbin/getty -8 38400 tty5 root 1198 0.0 0.0 14540 620 tty2 Ss+ 2015 0:00 /sbin/getty -8 38400 tty2 root 1199 0.0 0.0 14540 620 tty3 Ss+ 2015 0:00 /sbin/getty -8 38400 tty3 root 1202 0.0 0.0 14540 620 tty6 Ss+ 2015 0:00 /sbin/getty -8 38400 tty6 root 1227 0.0 0.0 63464 1372 ? Ss 2015 9:48 /usr/sbin/sshd -D root 1230 0.0 0.0 4368 408 ? Ss 2015 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket root 1234 0.0 0.0 23656 756 ? Ss 2015 0:16 cron daemon 1235 0.0 0.0 19140 16 ? Ss 2015 0:00 atd mysql 1278 0.0 2.2 755484 45208 ? Ssl 2015 141:30 /usr/sbin/mysqld www-data 27582 0.0 0.9 425300 19604 ? S Feb01 0:00 /usr/sbin/apache2 -k start www-data 27583 0.0 0.9 424872 19684 ? S Feb01 0:00 /usr/sbin/apache2 -k start

Some other much useful ps command options (-w option for wide output)as given below.

root@linuxpcfix [/user]# ps auxww | grep pid
root 1230 0.0 0.0 4368 408 ? Ss 2015 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
root 44306 0.0 0.0 10468 912 pts/1 S+ 02:23 0:00 grep –color=auto pid

To see the apache webserver process execute the following the command.

root@linuxpcfix [/user]# ps auxww | grep apache
root 7191 0.0 1.1 422008 22508 ? Ss 2014 5:17 /usr/sbin/apache2 -k start
www-data 27582 0.0 0.9 425300 19604 ? S Feb01 0:00 /usr/sbin/apache2 -k start
www-data 27583 0.0 0.9 424872 19684 ? S Feb01 0:00 /usr/sbin/apache2 -k start
www-data 27584 0.0 0.9 424904 19172 ? S Feb01 0:00 /usr/sbin/apache2 -k start
www-data 27585 0.0 1.0 425396 20580 ? S Feb01 0:00 /usr/sbin/apache2 -k start
www-data 27586 0.0 0.9 424872 19684 ? S Feb01 0:00 /usr/sbin/apache2 -k start
www-data 29637 0.0 0.9 424872 19144 ? S Feb01 0:00 /usr/sbin/apache2 -k start
www-data 29646 0.0 1.1 425392 22104 ? S Feb01 0:00 /usr/sbin/apache2 -k start
www-data 29651 0.0 0.8 423992 17280 ? S Feb01 0:00 /usr/sbin/apache2 -k start
root 44360 0.0 0.0 10468 912 pts/1 S+ 02:24 0:00 grep –color=auto apache
linux-commands No Comment , ,

About

I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry since more than 14 years.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

Time limit is exhausted. Please reload the CAPTCHA.

Categorized Tag Cloud