Enhance your Career in Networking With IPinBits!!!​

Linux for network engineers – Monitor linux processes

In the quest of learning the Networking stack of Linux, today we will study about How to monitor Linux processes.
First of all, what is a process? Well, A process is a running instance of a launched, executable program. If you run a script, it will be a process. It consists of:

  • An address space of allocated memory
  • Security properties, including ownership credentials and privileges
  • One or more execution threads of program code
  • The process state

But wait, why do we need to monitor these. To counter this question, I would say –

A program loaded into the memory of a Linux computer becomes a process. Processes need to be managed and monitored because they consume system resources like CPU time, memory and disk space. There are also security and safety implications. Monitoring and managing processes is, therefore, an important function of systems administrators.

Now we know why it is important to monitor process because no-one has unlimited CPU/Memory and disk space.
A process can have sub processes which are known as child process (Parent process will have child process). Processes are identified using a PID. The command for listing processes in Linux is “ps”. We generally used it with different flags to view more details. 
Now let’s take a look :-

ipinbits@ubuntu:~$ ps -aux
root          1  0.2  0.2 119780  5920 ?        Ss   18:00   0:02 /sbin/init auto noprompt
root          2  0.0  0.0      0     0 ?        S    18:00   0:00 [kthreadd]
root          4  0.0  0.0      0     0 ?        S<   18:00   0:00 [kworker/0:0H]
root          6  0.0  0.0      0     0 ?        S    18:00   0:00 [ksoftirqd/0]
syslog      843  0.0  0.1 256396  3224 ?        Ssl  18:01   0:00 /usr/sbin/rsyslogd -n

 In the above command we can see following information :-

Current user of the process – here it is root and syslog.
PID – This is identification of process in linux system.
CPU- Percentage of CPU used by the process
MEM – Percentage of memory used by process
VSZ – The Virtual Set Size is a memory size assigned to a process ( program ) during the initial execution.
RSS – Resident Set Size (physically resident memory – this is currently occupying space in the machine’s physical memory)
STAT – It shows the current state of the process (This should not be stopped or zombie)

  • D ­ Uninterruptible sleep (usually IO)­ a blocked state. The process waits for a hardware condition and cannot handle any signal
  • R ­ Running ­ Process is either running or ready to run
  • S ­ Interruptible sleep (waiting for an event to complete) ­ a Blocked state of a process and waiting for an event or signal from another process
  • T ­ Stopped, either by a job control signal or because it is being traced ­ Process is stopped or halted and can be restarted by some other process
  • X dead (should never be seen)
  • Z Defunct (“zombie”) process, terminated but not reaped by its parent­ process terminated, but the information is still there in the process table.

We can kill the specific process by using simple command – “kill -p PID”. Now, its time for some home work, spin-up your linux virtual machine and see the result of below commands :-

  • ps
  • ps -ef
  • ps aux
  • ps -ef | grep sshd

Related blog posts