ps示例
2024-08-26 22:10:47
博客PS示例
一显示指定真正用户名(RUID)或用户ID的进程
打开另外一个终端
[root@centos72 ~]# id wang
uid=1000(wang) gid=1000(wang) groups=1000(wang)
[root@centos72 ~]# su - wang
Last login: Thu May 9 16:22:21 CST 2019 on pts/1
[wang@centos72 ~]$ passwd
Changing password for user wang.
Changing password for wang.
(current) UNIX password:
uid,euid都表示有效用户是root,真正的用户是wang
因为这是因为普通用户具有suid权限
[root@centos72 ~]# ps axo pid,cmd,ni,%cpu,uid,euid,ruid | tail
1252 [kworker/0:2] 0 0.0 0 0 0
1269 [kworker/0:0] 0 0.0 0 0 0
1270 [kworker/1:0] 0 0.0 0 0 0
1273 [kworker/1:2] 0 0.0 0 0 0
1276 su - wang 0 0.0 0 0 0
1277 -bash 0 0.0 1000 1000 1000
1300 passwd 0 0.1 0 0 1000
1305 [kworker/0:1] 0 0.0 0 0 0
1308 ps axo pid,cmd,ni,%cpu,uid, 0 0.0 0 0 0
1309 tail 0 0.0 0 0
显示wang用户,会显示真正发起进程的用户以及有效用户
-f: 显示完整格式程序信息
-U userlist 指定真正的用户ID或名称
从下面可以看出执行passwd进程的真正用户是root
[root@centos72 ~]# ps -fU wang
UID PID PPID C STIME TTY TIME CMD
wang 2135 2134 0 00:49 pts/3 00:00:00 -bash
root 2195 2135 0 00:55 pts/3 00:00:00 passwd
[wang@centos72 ~]$ passwd
Changing password for user wang.
Changing password for wang.
(current) UNIX password:
二显示指定有效用户名(RUID)或用户ID的进程
ps -fu wang 或者ps -fu 1000显示指定有效用户名(EUID)或用户ID的进程
-u userlist 指定有效的用户ID或名称
[root@centos72 ~]# ps -fu wang
UID PID PPID C STIME TTY TIME CMD
wang 2135 2134 0 00:49 pts/3 00:00:00 -bash
3100
查看以root用户权限(实际和有效ID)运行的每个进程:
ps -U root -u root
[root@centos72 ~]# ps -U root -u root | head
PID TTY TIME CMD
1 ? 00:00:01 systemd
2 ? 00:00:00 kthreadd
3 ? 00:00:00 ksoftirqd/0
5 ? 00:00:00 kworker/0:0H
6 ? 00:00:00 kworker/u256:0
7 ? 00:00:00 migration/0
8 ? 00:00:00 rcu_bh
9 ? 00:00:00 rcu_sched
10 ? 00:00:00 lru-add-drain
[root@centos72 ~]# ps -U root -u root | tail
2053 ? 00:00:00 sshd
2057 pts/2 00:00:00 bash
2110 ? 00:00:00 sshd
2114 pts/3 00:00:00 bash
2134 pts/3 00:00:00 su
2189 ? 00:00:00 kworker/0:0
2195 pts/3 00:00:00 passwd
2214 ? 00:00:00 kworker/0:2
2227 pts/2 00:00:00 ps
2228 pts/2 00:00:00 tail
[root@centos72 ~]# ps -U root -u root | wc
108 432
三列出实际组真正组拥有的所有进程(实际组ID:RGID或名称)
[wang@centos72 ~]$ passwd
Changing password for user wang.
Changing password for wang.
(current) UNIX password:
[root@centos72 ~]# id wang
uid=1000(wang) gid=1000(wang) groups=1000(wang)
[root@centos72 ~]# ps -fG wang
UID PID PPID C STIME TTY TIME CMD
wang 2135 2134 0 00:49 pts/3 00:00:00 -bash
root 2195 2135 0 00:55 pts/3 00:00:00 passwd
[root@centos72 ~]# ps -fG 1000
UID PID PPID C STIME TTY TIME CMD
wang 2135 2134 0 00:49 pts/3 00:00:00 -bash
root 2195 2135 0 00:55 pts/3 00:00:00 passwd
四列出有效组名称(或会话)所拥有的所有进程
很明显实际和有效是有区别的
[wang@centos72 ~]$ passwd
Changing password for user wang.
Changing password for wang.
(current) UNIX password:
[root@centos72 ~]# ps -fg 1000
UID PID PPID C STIME TTY TIME CMD
[root@centos72 ~]# ps -fG 1000
UID PID PPID C STIME TTY TIME CMD
wang 2135 2134 0 00:49 pts/3 00:00:00 -bash
root 2195 2135 0 00:55 pts/3 00:00:00 passwd
五通过进程ID来显示所属的进程
-p pid 显示指pid的进程
[root@centos72 ~]# ps -fp 1
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 00:28 ? 00:00:01 /usr/lib/systemd/systemd --switched-root --system --de
显示指定PID的多个进程:
ps -fp 多个进程编号,以逗号分开
[root@centos72 ~]# ps -fp 1,2110
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 00:28 ? 00:00:01 /usr/lib/systemd/systemd --switched-root --system --de
root 2110 785 0 00:49 ? 00:00:00 sshd: root@pts/
六以父进程ID来显示其下所有的进程
ps -f --ppid
[root@centos72 ~]# pstree -p
systemd(1)─┬─NetworkManager(544)─┬─{NetworkManager}(591)
│ └─{NetworkManager}(593)
├─VGAuthService(545)
├─agetty(558)
├─auditd(515)───{auditd}(516)
├─crond(555)
├─dbus-daemon(540)───{dbus-daemon}(542)
├─irqbalance(538)
├─master(869)─┬─pickup(870)
│ └─qmgr(871)
├─polkitd(539)─┬─{polkitd}(541)
│ ├─{polkitd}(543)
│ ├─{polkitd}(569)
│ ├─{polkitd}(570)
│ └─{polkitd}(573)
├─rsyslogd(787)─┬─{rsyslogd}(790)
│ └─{rsyslogd}(791)
├─sshd(785)─┬─sshd(1421)───bash(1425)
│ ├─sshd(1916)───bash(1920)
│ ├─sshd(2053)───bash(2057)───pstree(2255)
│ └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
├─systemd-journal(357)
├─systemd-logind(548)
├─systemd-udevd(388)
├─tuned(784)─┬─{tuned}(1026)
│ ├─{tuned}(1027)
│ ├─{tuned}(1028)
│ └─{tuned}(1041)
└─vmtoolsd(546)───{vmtoolsd}(580)
第1个进程的子进程
[root@centos72 ~]# ps -f --ppid 1
UID PID PPID C STIME TTY TIME CMD
root 357 1 0 00:28 ? 00:00:00 /usr/lib/systemd/systemd-journald
root 388 1 0 00:28 ? 00:00:01 /usr/lib/systemd/systemd-udevd
root 515 1 0 00:28 ? 00:00:00 /sbin/auditd
root 538 1 0 00:28 ? 00:00:00 /usr/sbin/irqbalance --foreground
polkitd 539 1 0 00:28 ? 00:00:00 /usr/lib/polkit-1/polkitd --no-debug
dbus 540 1 0 00:28 ? 00:00:00 /usr/bin/dbus-daemon --system --address=systemd: --nof
root 544 1 0 00:28 ? 00:00:00 /usr/sbin/NetworkManager --no-daemon
root 545 1 0 00:28 ? 00:00:00 /usr/bin/VGAuthService -s
root 546 1 0 00:28 ? 00:00:02 /usr/bin/vmtoolsd
root 548 1 0 00:28 ? 00:00:00 /usr/lib/systemd/systemd-logind
root 555 1 0 00:28 ? 00:00:00 /usr/sbin/crond -n
root 558 1 0 00:28 tty1 00:00:00 /sbin/agetty --noclear tty1 linux
root 784 1 0 00:28 ? 00:00:00 /usr/bin/python -Es /usr/sbin/tuned -l -P
root 785 1 0 00:28 ? 00:00:00 /usr/sbin/sshd -D
root 787 1 0 00:28 ? 00:00:00 /usr/sbin/rsyslogd -n
root 869 1 0 00:28 ? 00:00:00 /usr/libexec/postfix/master -w
├─sshd(785)─┬─sshd(1421)───bash(1425)
│ ├─sshd(1916)───bash(1920)
│ ├─sshd(2053)───bash(2057)───pstree(2261)
│ └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
├─systemd-journal(357)
├─systemd-logind(548)
├─systemd-udevd(388)
├─tuned(784)─┬─{tuned}(1026)
│ ├─{tuned}(1027)
│ ├─{tuned}(1028)
│ └─{tuned}(1041)
└─vmtoolsd(546)───{vmtoolsd}(580)
[root@centos72 ~]# ps -f --ppid 785
UID PID PPID C STIME TTY TIME CMD
root 1421 785 0 00:29 ? 00:00:00 sshd: root@pts/0
root 1916 785 0 00:34 ? 00:00:00 sshd: root@pts/1
root 2053 785 0 00:39 ? 00:00:00 sshd: root@pts/2
root 2110 785 0 00:49 ? 00:00:00 sshd: root@pts/
七按tty显示所属进程:ps -ft
好处就是杀死非法的终端进程
实际上只要把父进程杀死就可以了
[root@centos72 ~]# tty
/dev/pts/2
[root@centos72 ~]# ps -ft
PID TTY STAT TIME COMMAND
2057 pts/2 Ss 0:00 -bash
2265 pts/2 R+ 0:00 \_ ps -ft
[root@centos72 ~]#
[root@centos72 ~]#
[root@centos72 ~]# ps -ft /dev/pts/2
UID PID PPID C STIME TTY TIME CMD
root 2057 2053 0 00:39 pts/2 00:00:00 -bash
root 2269 2057 0 01:22 pts/2 00:00:00 ps -ft /dev/pts/2
[root@centos72 ~]# ps -ft pts/2
UID PID PPID C STIME TTY TIME CMD
root 2057 2053 0 00:39 pts/2 00:00:00 -bash
root 2270 2057 0 01:22 pts/2 00:00:00 ps -ft pts/
八以进程树显示系统中的进程如何相互链接
ps -e --forest
[root@centos72 ~]# ps -e --forest
PID TTY TIME CMD
2 ? 00:00:00 kthreadd
3 ? 00:00:00 \_ ksoftirqd/0
5 ? 00:00:00 \_ kworker/0:0H
6 ? 00:00:00 \_ kworker/u256:0
7 ? 00:00:00 \_ migration/0
8 ? 00:00:00 \_ rcu_bh
9 ? 00:00:00 \_ rcu_sched
10 ? 00:00:00 \_ lru-add-drain
11 ? 00:00:00 \_ watchdog/0
12 ? 00:00:00 \_ watchdog/1
13 ? 00:00:00 \_ migration/1
14 ? 00:00:00 \_ ksoftirqd/1
15 ? 00:00:00 \_ kworker/1:0
16 ? 00:00:00 \_ kworker/1:0H
18 ? 00:00:00 \_ kdevtmpfs
19 ? 00:00:00 \_ netns
20 ? 00:00:00 \_ khungtaskd
21 ? 00:00:00 \_ writeback
22 ? 00:00:00 \_ kintegrityd
23 ? 00:00:00 \_ bioset
24 ? 00:00:00 \_ kblockd
25 ? 00:00:00 \_ md
26 ? 00:00:00 \_ edac-poller
32 ? 00:00:00 \_ kswapd0
33 ? 00:00:00 \_ ksmd
34 ? 00:00:00 \_ khugepaged
35 ? 00:00:00 \_ crypto
43 ? 00:00:00 \_ kthrotld
45 ? 00:00:00 \_ kmpath_rdacd
46 ? 00:00:00 \_ kaluad
47 ? 00:00:00 \_ kworker/1:1
48 ? 00:00:00 \_ kpsmoused
50 ? 00:00:00 \_ ipv6_addrconf
63 ? 00:00:00 \_ deferwq
94 ? 00:00:00 \_ kauditd
104 ? 00:00:00 \_ kworker/1:2
236 ? 00:00:00 \_ ata_sff
239 ? 00:00:00 \_ mpt_poll_0
241 ? 00:00:00 \_ mpt/0
245 ? 00:00:00 \_ scsi_eh_0
246 ? 00:00:00 \_ scsi_tmf_0
247 ? 00:00:00 \_ kworker/u256:2
248 ? 00:00:00 \_ scsi_eh_1
249 ? 00:00:00 \_ scsi_tmf_1
250 ? 00:00:00 \_ scsi_eh_2
251 ? 00:00:00 \_ scsi_tmf_2
253 ? 00:00:00 \_ ttm_swap
254 ? 00:00:00 \_ irq/16-vmwgfx
277 ? 00:00:00 \_ bioset
278 ? 00:00:00 \_ xfsalloc
279 ? 00:00:00 \_ xfs_mru_cache
280 ? 00:00:00 \_ xfs-buf/sda2
281 ? 00:00:00 \_ xfs-data/sda2
282 ? 00:00:00 \_ xfs-conv/sda2
283 ? 00:00:00 \_ xfs-cil/sda2
284 ? 00:00:00 \_ xfs-reclaim/sda
285 ? 00:00:00 \_ xfs-log/sda2
286 ? 00:00:00 \_ xfs-eofblocks/s
287 ? 00:00:00 \_ xfsaild/sda2
288 ? 00:00:00 \_ kworker/0:1H
356 ? 00:00:00 \_ kworker/1:1H
405 ? 00:00:00 \_ nfit
432 ? 00:00:00 \_ xfs-buf/sda3
433 ? 00:00:00 \_ xfs-data/sda3
434 ? 00:00:00 \_ xfs-conv/sda3
435 ? 00:00:00 \_ xfs-cil/sda3
436 ? 00:00:00 \_ xfs-reclaim/sda
437 ? 00:00:00 \_ xfs-log/sda3
438 ? 00:00:00 \_ xfs-eofblocks/s
439 ? 00:00:00 \_ xfsaild/sda3
446 ? 00:00:00 \_ xfs-buf/sda1
447 ? 00:00:00 \_ xfs-data/sda1
448 ? 00:00:00 \_ xfs-conv/sda1
449 ? 00:00:00 \_ xfs-cil/sda1
450 ? 00:00:00 \_ xfs-reclaim/sda
451 ? 00:00:00 \_ xfs-log/sda1
452 ? 00:00:00 \_ xfs-eofblocks/s
453 ? 00:00:00 \_ xfsaild/sda1
2214 ? 00:00:00 \_ kworker/0:2
2243 ? 00:00:00 \_ kworker/0:1
2268 ? 00:00:00 \_ kworker/0:0
1 ? 00:00:01 systemd
357 ? 00:00:00 systemd-journal
388 ? 00:00:01 systemd-udevd
515 ? 00:00:00 auditd
538 ? 00:00:00 irqbalance
539 ? 00:00:00 polkitd
540 ? 00:00:00 dbus-daemon
544 ? 00:00:00 NetworkManager
545 ? 00:00:00 VGAuthService
546 ? 00:00:02 vmtoolsd
548 ? 00:00:00 systemd-logind
555 ? 00:00:00 crond
558 tty1 00:00:00 agetty
784 ? 00:00:00 tuned
785 ? 00:00:00 sshd
1421 ? 00:00:00 \_ sshd
1425 pts/0 00:00:00 | \_ bash
1916 ? 00:00:00 \_ sshd
1920 pts/1 00:00:00 | \_ bash
2053 ? 00:00: \_ sshd
2057 pts/2 00:00:00 | \_ bash
2271 pts/2 00:00:00 | \_ ps
2110 ? 00:00: \_ sshd
2114 pts/3 00:00: \_ bash
2134 pts/3 00:00:00 \_ su
2135 pts/3 00:00: \_ bash
2195 pts/3 00:00:00 \_ passwd
787 ? 00:00: rsyslogd
869 ? 00:00: master
870 ? 00:00: \_ pickup
871 ? 00:00:00 \_ qmgr
以进程树显示指定的进程
[root@centos72 ~]# ps -f --forest -C sshd
UID PID PPID C STIME TTY TIME CMD
root 785 1 0 00:28 ? 00:00:00 /usr/sbin/sshd -D
root 1421 785 0 00:29 ? 00:00:00 \_ sshd: root@pts/0
root 1916 785 0 00:34 ? 00:00:00 \_ sshd: root@pts/1
root 2053 785 0 00:39 ? 00:00:00 \_ sshd: root@pts/2
root 2110 785 0 00:49 ? 00:00:00 \_ sshd: root@pts/
[root@centos72 ~]# ps -ef --forest | grep -v grep | grep sshd
root 785 1 0 00:28 ? 00:00:00 /usr/sbin/sshd -D
root 1421 785 0 00:29 ? 00:00:00 \_ sshd: root@pts/0
root 1916 785 0 00:34 ? 00:00:00 \_ sshd: root@pts/1
root 2053 785 0 00:39 ? 00:00:00 \_ sshd: root@pts/2
root 2110 785 0 00:49 ? 00:00:00 \_ sshd: root@pts/
和上面的相比有明显区别
[root@centos72 ~]# pstree -p
systemd(1)─┬─NetworkManager(544)─┬─{NetworkManager}(591)
│ └─{NetworkManager}(593)
├─VGAuthService(545)
├─agetty(558)
├─auditd(515)───{auditd}(516)
├─crond(555)
├─dbus-daemon(540)───{dbus-daemon}(542)
├─irqbalance(538)
├─master(869)─┬─pickup(870)
│ └─qmgr(871)
├─polkitd(539)─┬─{polkitd}(541)
│ ├─{polkitd}(543)
│ ├─{polkitd}(569)
│ ├─{polkitd}(570)
│ └─{polkitd}(573)
├─rsyslogd(787)─┬─{rsyslogd}(790)
│ └─{rsyslogd}(791)
├─sshd(785)─┬─sshd(1421)───bash(1425)
│ ├─sshd(1916)───bash(1920)
│ ├─sshd(2053)───bash(2057)───pstree(2278)
│ └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
├─systemd-journal(357)
├─systemd-logind(548)
├─systemd-udevd(388)
├─tuned(784)─┬─{tuned}(1026)
│ ├─{tuned}(1027)
│ ├─{tuned}(1028)
│ └─{tuned}(1041)
└─vmtoolsd(546)───{vmtoolsd}(580)
九显示一个进程的所有线程,将显示LWP(轻量级进程)以及NLWP(轻量级进程数)列
启动httpd进程
[root@centos72 ~]# ps -fL -C httpd
UID PID PPID LWP C NLWP STIME TTY TIME CMD
[root@centos72 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@centos72 ~]# systemctl restart httpd
[root@centos72 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
[root@centos72 ~]# ps -fL -C httpd
UID PID PPID LWP C NLWP STIME TTY TIME CMD
root 2295 1 2295 0 1 01:29 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 2296 2295 2296 0 1 01:29 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 2297 2295 2297 0 1 01:29 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 2298 2295 2298 0 1 01:29 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 2299 2295 2299 0 1 01:29 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 2300 2295 2300 0 1 01:29 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
[root@centos72 ~]# pstree -p
systemd(1)─┬─NetworkManager(544)─┬─{NetworkManager}(591)
│ └─{NetworkManager}(593)
├─VGAuthService(545)
├─agetty(558)
├─auditd(515)───{auditd}(516)
├─crond(555)
├─dbus-daemon(540)───{dbus-daemon}(542)
├─httpd(2295)─┬─httpd(2296)
│ ├─httpd(2297)
│ ├─httpd(2298)
│ ├─httpd(2299)
│ └─httpd(2300)
├─irqbalance(538)
├─master(869)─┬─pickup(870)
│ └─qmgr(871)
├─polkitd(539)─┬─{polkitd}(541)
│ ├─{polkitd}(543)
│ ├─{polkitd}(569)
│ ├─{polkitd}(570)
│ └─{polkitd}(573)
├─rsyslogd(787)─┬─{rsyslogd}(790)
│ └─{rsyslogd}(791)
├─sshd(785)─┬─sshd(1421)───bash(1425)
│ ├─sshd(1916)───bash(1920)
│ ├─sshd(2053)───bash(2057)───pstree(2304)
│ └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
├─systemd-journal(357)
├─systemd-logind(548)
├─systemd-udevd(388)
├─tuned(784)─┬─{tuned}(1026)
│ ├─{tuned}(1027)
│ ├─{tuned}(1028)
│ └─{tuned}(1041)
└─vmtoolsd(546)───{vmtoolsd}(580)
在6上查看
注意要启动服务
[root@centos65 ~]# ss -tnl | grep 80
LISTEN 0 128 :::80 :::*
[root@centos65 ~]# pstree -p
init(1)─┬─abrt-dump-oops(1811)
├─abrtd(1801)
├─acpid(1428)
├─atd(1858)
├─auditd(1251)───{auditd}(1252)
├─automount(1511)─┬─{automount}(1512)
│ ├─{automount}(1513)
│ ├─{automount}(1528)
│ └─{automount}(1531)
├─crond(1843)
├─dbus-daemon(1389)───{dbus-daemon}(1391)
├─dnsmasq(2023)
├─hald(1440)─┬─hald-runner(1441)─┬─hald-addon-acpi(1495)
│ │ └─hald-addon-inpu(1473)
│ └─{hald}(1442)
├─httpd.worker(2729)─┬─httpd.worker(2731)─┬─{httpd.worker}(2766)
│ │ ├─{httpd.worker}(2768)
│ │ ├─{httpd.worker}(2769)
│ │ ├─{httpd.worker}(2770)
│ │ ├─{httpd.worker}(2771)
│ │ ├─{httpd.worker}(2772)
│ │ ├─{httpd.worker}(2773)
│ │ ├─{httpd.worker}(2774)
│ │ ├─{httpd.worker}(2775)
│ │ ├─{httpd.worker}(2776)
│ │ ├─{httpd.worker}(2777)
│ │ ├─{httpd.worker}(2778)
│ │ ├─{httpd.worker}(2779)
│ │ ├─{httpd.worker}(2780)
│ │ ├─{httpd.worker}(2781)
│ │ ├─{httpd.worker}(2782)
│ │ ├─{httpd.worker}(2783)
│ │ ├─{httpd.worker}(2784)
│ │ ├─{httpd.worker}(2785)
│ │ ├─{httpd.worker}(2786)
│ │ ├─{httpd.worker}(2787)
│ │ ├─{httpd.worker}(2788)
│ │ ├─{httpd.worker}(2789)
│ │ ├─{httpd.worker}(2790)
│ │ ├─{httpd.worker}(2791)
│ │ └─{httpd.worker}(2792)
│ ├─httpd.worker(2732)─┬─{httpd.worker}(2767)
│ │ ├─{httpd.worker}(2793)
│ │ ├─{httpd.worker}(2794)
│ │ ├─{httpd.worker}(2795)
│ │ ├─{httpd.worker}(2796)
│ │ ├─{httpd.worker}(2797)
│ │ ├─{httpd.worker}(2798)
│ │ ├─{httpd.worker}(2799)
│ │ ├─{httpd.worker}(2800)
│ │ ├─{httpd.worker}(2801)
│ │ ├─{httpd.worker}(2802)
│ │ ├─{httpd.worker}(2803)
│ │ ├─{httpd.worker}(2804)
│ │ ├─{httpd.worker}(2805)
│ │ ├─{httpd.worker}(2806)
│ │ ├─{httpd.worker}(2807)
│ │ ├─{httpd.worker}(2808)
│ │ ├─{httpd.worker}(2809)
│ │ ├─{httpd.worker}(2810)
│ │ ├─{httpd.worker}(2811)
│ │ ├─{httpd.worker}(2812)
│ │ ├─{httpd.worker}(2813)
│ │ ├─{httpd.worker}(2814)
│ │ ├─{httpd.worker}(2815)
│ │ ├─{httpd.worker}(2816)
│ │ └─{httpd.worker}(2817)
│ └─httpd.worker(2734)─┬─{httpd.worker}(2755)
│ ├─{httpd.worker}(2818)
│ ├─{httpd.worker}(2819)
│ ├─{httpd.worker}(2820)
│ ├─{httpd.worker}(2821)
│ ├─{httpd.worker}(2822)
│ ├─{httpd.worker}(2823)
│ ├─{httpd.worker}(2824)
│ ├─{httpd.worker}(2825)
│ ├─{httpd.worker}(2826)
│ ├─{httpd.worker}(2827)
│ ├─{httpd.worker}(2828)
│ ├─{httpd.worker}(2829)
│ ├─{httpd.worker}(2830)
│ ├─{httpd.worker}(2831)
│ ├─{httpd.worker}(2832)
│ ├─{httpd.worker}(2833)
│ ├─{httpd.worker}(2834)
│ ├─{httpd.worker}(2835)
│ ├─{httpd.worker}(2836)
│ ├─{httpd.worker}(2837)
│ ├─{httpd.worker}(2838)
│ ├─{httpd.worker}(2839)
│ ├─{httpd.worker}(2840)
│ ├─{httpd.worker}(2841)
│ └─{httpd.worker}(2842)
├─irqbalance(1307)
├─ksmtuned(1830)───sleep(11883)
├─libvirtd(1875)─┬─{libvirtd}(1876)
│ ├─{libvirtd}(1877)
│ ├─{libvirtd}(1878)
│ ├─{libvirtd}(1879)
│ ├─{libvirtd}(1880)
│ ├─{libvirtd}(1881)
│ ├─{libvirtd}(1882)
│ ├─{libvirtd}(1883)
│ ├─{libvirtd}(1884)
│ └─{libvirtd}(1885)
├─master(1772)─┬─pickup(11801)
│ └─qmgr(1779)
├─mingetty(1916)
├─mingetty(1918)
├─mingetty(1920)
├─mingetty(1922)
├─mingetty(1924)
├─mingetty(1926)
├─rpc.idmapd(1633)
├─rpc.mountd(1588)
├─rpc.rquotad(1583)
├─rpc.statd(1354)
├─rpcbind(1332)
├─rsyslogd(1273)─┬─{rsyslogd}(1274)
│ ├─{rsyslogd}(1276)
│ └─{rsyslogd}(1277)
├─sshd(1682)───sshd(2134)───bash(2138)───pstree(11886)
├─udevd(536)─┬─udevd(1933)
│ └─udevd(1934)
└─xinetd(1693)
注意要精确匹配才会出现
[root@centos65 ~]# ps -fL -C httpd
UID PID PPID LWP C NLWP STIME TTY TIME CMD
[root@centos65 ~]# ps -fL -C httpd.worker
UID PID PPID LWP C NLWP STIME TTY TIME CMD
root 2729 1 2729 0 1 01:31 ? 00:00:02 /usr/sbin/httpd.worker
apache 2731 2729 2731 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2766 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2768 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2769 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2770 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2771 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2772 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2773 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2774 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2775 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2776 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2777 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2778 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2779 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2780 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2781 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2782 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2783 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2784 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2785 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2786 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2787 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2788 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2789 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2790 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2791 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2731 2729 2792 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2732 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2767 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2793 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2794 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2795 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2796 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2797 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2798 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2799 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2800 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2801 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2802 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2803 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2804 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2805 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2806 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2807 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2808 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2809 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2810 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2811 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2812 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2813 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2814 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2815 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2816 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2732 2729 2817 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2734 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2755 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2818 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2819 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2820 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2821 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2822 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2823 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2824 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2825 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2826 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2827 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2828 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2829 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2830 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2831 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2832 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2833 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2834 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2835 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2836 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2837 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2838 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2839 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2840 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2841 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
apache 2734 2729 2842 0 27 01:31 ? 00:00:00 /usr/sbin/httpd.worker
十列出所有格式说明符:ps L
[root@centos72 ~]# ps L
%cpu %CPU
%mem %MEM
_left LLLLLLLL
_left2 L2L2L2L2
_right RRRRRRRR
_right2 R2R2R2R2
_unlimited U
_unlimited2 U2
alarm ALARM
args COMMAND
atime TIME
blocked BLOCKED
bsdstart START
bsdtime TIME
c C
caught CAUGHT
cgroup CGROUP
class CLS
cls CLS
cmd CMD
comm COMMAND
command COMMAND
context CONTEXT
cp CP
cpuid CPUID
cputime TIME
drs DRS
dsiz DSIZ
egid EGID
egroup EGROUP
eip EIP
esp ESP
etime ELAPSED
etimes ELAPSED
euid EUID
euser EUSER
f F
fgid FGID
fgroup FGROUP
flag F
flags F
fname COMMAND
fsgid FSGID
fsgroup FSGROUP
fsuid FSUID
fsuser FSUSER
fuid FUID
fuser FUSER
gid GID
group GROUP
ignored IGNORED
intpri PRI
ipcns IPCNS
label LABEL
lastcpu C
lim LIM
longtname TTY
lsession SESSION
lstart STARTED
lwp LWP
m_drs DRS
m_size SIZE
m_trs TRS
machine MACHINE
maj_flt MAJFL
majflt MAJFLT
min_flt MINFL
minflt MINFLT
mntns MNTNS
netns NETNS
ni NI
nice NI
nlwp NLWP
nwchan WCHAN
opri PRI
ouid OWNER
pagein PAGEIN
pcpu %CPU
pending PENDING
pgid PGID
pgrp PGRP
pid PID
pidns PIDNS
pmem %MEM
policy POL
ppid PPID
pri PRI
pri_api API
pri_bar BAR
pri_baz BAZ
pri_foo FOO
priority PRI
psr PSR
rgid RGID
rgroup RGROUP
rss RSS
rssize RSS
rsz RSZ
rtprio RTPRIO
ruid RUID
ruser RUSER
s S
sched SCH
seat SEAT
sess SESS
session SESS
sgi_p P
sgi_rss RSS
sgid SGID
sgroup SGROUP
sid SID
sig PENDING
sig_block BLOCKED
sig_catch CATCHED
sig_ignore IGNORED
sig_pend SIGNAL
sigcatch CAUGHT
sigignore IGNORED
sigmask BLOCKED
size SIZE
slice SLICE
spid SPID
stackp STACKP
start STARTED
start_stack STACKP
start_time START
stat STAT
state S
stime STIME
suid SUID
supgid SUPGID
supgrp SUPGRP
suser SUSER
svgid SVGID
svgroup SVGROUP
svuid SVUID
svuser SVUSER
sz SZ
tgid TGID
thcgr THCGR
thcount THCNT
tid TID
time TIME
tname TTY
tpgid TPGID
trs TRS
trss TRSS
tsig PENDING
tsiz TSIZ
tt TT
tty TT
tty4 TTY
tty8 TTY
ucmd CMD
ucomm COMMAND
uid UID
uid_hack UID
uname USER
unit UNIT
user USER
userns USERNS
util C
utsns UTSNS
uunit UUNIT
vsize VSZ
vsz VSZ
wchan WCHAN
wname WCHAN
zone ZONE
十一查看进程的PID,PPID,用户名和命令
ps -eo pid,ppid,user,cmd
[root@centos72 ~]# ps -eo pid,ppid,user,cmd
PID PPID USER CMD
1 0 root /usr/lib/systemd/systemd --switched-root --system --deserialize 22
2 0 root [kthreadd]
3 2 root [ksoftirqd/0]
5 2 root [kworker/0:0H]
6 2 root [kworker/u256:0]
7 2 root [migration/0]
8 2 root [rcu_bh]
9 2 root [rcu_sched]
10 2 root [lru-add-drain]
11 2 root [watchdog/0]
12 2 root [watchdog/1]
13 2 root [migration/1]
14 2 root [ksoftirqd/1]
16 2 root [kworker/1:0H]
18 2 root [kdevtmpfs]
19 2 root [netns]
20 2 root [khungtaskd]
21 2 root [writeback]
22 2 root [kintegrityd]
23 2 root [bioset]
24 2 root [kblockd]
25 2 root [md]
26 2 root [edac-poller]
32 2 root [kswapd0]
33 2 root [ksmd]
34 2 root [khugepaged]
35 2 root [crypto]
43 2 root [kthrotld]
45 2 root [kmpath_rdacd]
46 2 root [kaluad]
48 2 root [kpsmoused]
50 2 root [ipv6_addrconf]
63 2 root [deferwq]
94 2 root [kauditd]
236 2 root [ata_sff]
239 2 root [mpt_poll_0]
241 2 root [mpt/0]
245 2 root [scsi_eh_0]
246 2 root [scsi_tmf_0]
247 2 root [kworker/u256:2]
248 2 root [scsi_eh_1]
249 2 root [scsi_tmf_1]
250 2 root [scsi_eh_2]
251 2 root [scsi_tmf_2]
253 2 root [ttm_swap]
254 2 root [irq/16-vmwgfx]
277 2 root [bioset]
278 2 root [xfsalloc]
279 2 root [xfs_mru_cache]
280 2 root [xfs-buf/sda2]
281 2 root [xfs-data/sda2]
282 2 root [xfs-conv/sda2]
283 2 root [xfs-cil/sda2]
284 2 root [xfs-reclaim/sda]
285 2 root [xfs-log/sda2]
286 2 root [xfs-eofblocks/s]
287 2 root [xfsaild/sda2]
288 2 root [kworker/0:1H]
356 2 root [kworker/1:1H]
357 1 root /usr/lib/systemd/systemd-journald
388 1 root /usr/lib/systemd/systemd-udevd
405 2 root [nfit]
432 2 root [xfs-buf/sda3]
433 2 root [xfs-data/sda3]
434 2 root [xfs-conv/sda3]
435 2 root [xfs-cil/sda3]
436 2 root [xfs-reclaim/sda]
437 2 root [xfs-log/sda3]
438 2 root [xfs-eofblocks/s]
439 2 root [xfsaild/sda3]
446 2 root [xfs-buf/sda1]
447 2 root [xfs-data/sda1]
448 2 root [xfs-conv/sda1]
449 2 root [xfs-cil/sda1]
450 2 root [xfs-reclaim/sda]
451 2 root [xfs-log/sda1]
452 2 root [xfs-eofblocks/s]
453 2 root [xfsaild/sda1]
515 1 root /sbin/auditd
538 1 root /usr/sbin/irqbalance --foreground
539 1 polkitd /usr/lib/polkit-1/polkitd --no-debug
540 1 dbus /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-a
544 1 root /usr/sbin/NetworkManager --no-daemon
545 1 root /usr/bin/VGAuthService -s
546 1 root /usr/bin/vmtoolsd
548 1 root /usr/lib/systemd/systemd-logind
555 1 root /usr/sbin/crond -n
558 1 root /sbin/agetty --noclear tty1 linux
784 1 root /usr/bin/python -Es /usr/sbin/tuned -l -P
785 1 root /usr/sbin/sshd -D
787 1 root /usr/sbin/rsyslogd -n
869 1 root /usr/libexec/postfix/master -w
871 869 postfix qmgr -l -t unix -u
2053 785 root sshd: root@pts/2
2057 2053 root -bash
2110 785 root sshd: root@pts/3
2114 2110 root -bash
2134 2114 root su - wang
2135 2134 wang -bash
2195 2135 root passwd
2295 1 root /usr/sbin/httpd -DFOREGROUND
2296 2295 apache /usr/sbin/httpd -DFOREGROUND
2297 2295 apache /usr/sbin/httpd -DFOREGROUND
2298 2295 apache /usr/sbin/httpd -DFOREGROUND
2299 2295 apache /usr/sbin/httpd -DFOREGROUND
2300 2295 apache /usr/sbin/httpd -DFOREGROUND
2540 2 root [kworker/1:1]
2558 2 root [kworker/0:2]
2583 2 root [kworker/0:0]
2590 869 postfix pickup -l -t unix -u
2593 2 root [kworker/1:2]
2594 2 root [kworker/1:0]
2596 2 root [kworker/0:1]
2597 2057 root ps -eo pid,ppid,user,cmd
十二使用其PID查找进程名称:ps -p 编号 -o comm=
[root@centos72 ~]# ps -p 1 -o comm=
systemd
[root@centos72 ~]# pstree
systemd─┬─NetworkManager───2*[{NetworkManager}]
├─VGAuthService
├─agetty
├─auditd───{auditd}
├─crond
├─dbus-daemon───{dbus-daemon}
├─httpd───5*[httpd]
├─irqbalance
├─master─┬─pickup
│ └─qmgr
├─polkitd───5*[{polkitd}]
├─rsyslogd───2*[{rsyslogd}]
├─sshd─┬─sshd───bash───pstree
│ └─sshd───bash───su───bash───passwd
├─systemd-journal
├─systemd-logind
├─systemd-udevd
├─tuned───4*[{tuned}]
└─vmtoolsd───{vmtoolsd}
[root@centos65 ~]# ps -p 1 -o comm=
init
[root@centos65 ~]# pstree
init─┬─abrt-dump-oops
├─abrtd
├─acpid
├─atd
├─auditd───{auditd}
├─automount───4*[{automount}]
├─crond
├─dbus-daemon───{dbus-daemon}
├─dnsmasq
├─hald─┬─hald-runner─┬─hald-addon-acpi
│ │ └─hald-addon-inpu
│ └─{hald}
├─httpd.worker───3*[httpd.worker───26*[{httpd.worker}]]
├─irqbalance
├─ksmtuned───sleep
├─libvirtd───10*[{libvirtd}]
├─master─┬─pickup
│ └─qmgr
├─6*[mingetty]
├─rpc.idmapd
├─rpc.mountd
├─rpc.rquotad
├─rpc.statd
├─rpcbind
├─rsyslogd───3*[{rsyslogd}]
├─sshd───sshd───bash───pstree
├─udevd───2*[udevd]
└─xinetd
十三要以其名称选择特定进程,显示其所有子进程
ps -C sshd,bash
[root@centos72 ~]# ps -C sshd,bash
PID TTY TIME CMD
785 ? 00:00:00 sshd
2053 ? 00:00:00 sshd
2057 pts/2 00:00:00 bash
2110 ? 00:00:00 sshd
2114 pts/3 00:00:00 bash
2135 pts/3 00:00:00 bash
十四查找指定进程名所有的所属PID
在编写需要从std输出或文件读取PID的脚本时这个参数很有用:ps -C httpd,sshd -o pid=
[root@centos72 ~]# ps -C httpd,sshd -o pid=
785
2053
2110
2295
2296
2297
2298
2299
2300
[root@centos72 ~]# pstree -p
systemd(1)─┬─NetworkManager(544)─┬─{NetworkManager}(591)
│ └─{NetworkManager}(593)
├─VGAuthService(545)
├─agetty(558)
├─auditd(515)───{auditd}(516)
├─crond(555)
├─dbus-daemon(540)───{dbus-daemon}(542)
├─httpd(2295)─┬─httpd(2296)
│ ├─httpd(2297)
│ ├─httpd(2298)
│ ├─httpd(2299)
│ └─httpd(2300)
├─irqbalance(538)
├─master(869)─┬─pickup(2590)
│ └─qmgr(871)
├─polkitd(539)─┬─{polkitd}(541)
│ ├─{polkitd}(543)
│ ├─{polkitd}(569)
│ ├─{polkitd}(570)
│ └─{polkitd}(573)
├─rsyslogd(787)─┬─{rsyslogd}(790)
│ └─{rsyslogd}(791)
├─sshd(785)─┬─sshd(2053)───bash(2057)───pstree(2602)
│ └─sshd(2110)───bash(2114)───su(2134)───bash(2135)───passwd(2195)
├─systemd-journal(357)
├─systemd-logind(548)
├─systemd-udevd(388)
├─tuned(784)─┬─{tuned}(1026)
│ ├─{tuned}(1027)
│ ├─{tuned}(1028)
│ └─{tuned}(1041)
└─vmtoolsd(546)───{vmtoolsd}(580)
检查一个进程的执行时间
已经运行了14个小时了
[root@centos72 ~]# ps -eo comm,etime,user | grep apache
httpd 14:22:12 apache
httpd 14:22:12 apache
httpd 14:22:12 apache
httpd 14:22:12 apache
httpd 14:22:12 apache
[root@centos72 ~]# ps -eo comm,etime,user | grep httpd
httpd 14:23:31 root
httpd 14:23:15 apache
httpd 14:23:15 apache
httpd 14:23:15 apache
httpd 14:23:15 apache
httpd 14:23:15 apache
[root@centos72 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 :::80 :::*
LISTEN 0 128 :::22 :::*
LISTEN 0 100 ::1:25 :::*
使用另外一种方法
[root@centos72 ~]# ps -C httpd -o comm,etime,user
COMMAND ELAPSED USER
httpd 14:25:59 root
httpd 14:25:43 apache
httpd 14:25:43 apache
httpd 14:25:43 apache
httpd 14:25:43 apache
httpd 14:25:43 apache
[root@centos72 ~]# ps -C apache -o comm,etime,user
COMMAND ELAPSED USER
[root@centos72 ~]# ps -C systemd -o comm,etime,user
COMMAND ELAPSED USER
systemd 15:28:27 root
[root@centos72 ~]#
[root@centos65 ~]# ps -C init -o comm,etime,user
COMMAND ELAPSED USER
init 15:21:51 root
十五查找占用最多内存的进程
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem |head
注意是倒序排列,--sort=-%mem加上-表示倒序
按照内存排序
[root@centos72 ~]# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem |head
PID PPID CMD %MEM %CPU
784 1 /usr/bin/python -Es /usr/sb 1.9 0.0
787 1 /usr/sbin/rsyslogd -n 1.4 0.0
539 1 /usr/lib/polkit-1/polkitd - 1.2 0.0
544 1 /usr/sbin/NetworkManager -- 0.9 0.0
1 0 /usr/lib/systemd/systemd -- 0.6 0.0
388 1 /usr/lib/systemd/systemd-ud 0.6 0.0
545 1 /usr/bin/VGAuthService -s 0.6 0.0
546 1 /usr/bin/vmtoolsd 0.6 0.0
2053 785 sshd: root@pts/2 0.5 0.0
[root@centos65 ~]# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head
PID PPID CMD %MEM %CPU
1 0 /sbin/init 0.1 0.0
2 0 [kthreadd] 0.0 0.0
3 2 [migration/0] 0.0 0.0
4 2 [ksoftirqd/0] 0.0 0.0
5 2 [stopper/0] 0.0 0.0
6 2 [watchdog/0] 0.0 0.0
7 2 [migration/1] 0.0 0.0
8 2 [stopper/1] 0.0 0.0
9 2 [ksoftirqd/1] 0.0 0.0
按照CPU排序
这个命令是很实用的,负载大的进程就不能杀死
[root@centos72 ~]# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head
PID PPID CMD %MEM %CPU
1 0 /usr/lib/systemd/systemd -- 0.6 0.0
2 0 [kthreadd] 0.0 0.0
3 2 [ksoftirqd/0] 0.0 0.0
5 2 [kworker/0:0H] 0.0 0.0
6 2 [kworker/u256:0] 0.0 0.0
7 2 [migration/0] 0.0 0.0
8 2 [rcu_bh] 0.0 0.0
9 2 [rcu_sched] 0.0 0.0
10 2 [lru-add-drain] 0.0 0.0
十六显示安全信息,和 selinux有关,不必看
[root@centos72 ~]# ps -eM
LABEL PID TTY TIME CMD
system_u:system_r:init_t:s0 1 ? 00:00:03 systemd
system_u:system_r:kernel_t:s0 2 ? 00:00:00 kthreadd
system_u:system_r:kernel_t:s0 3 ? 00:00:00 ksoftirqd/0
system_u:system_r:kernel_t:s0 5 ? 00:00:00 kworker/0:0H
system_u:system_r:kernel_t:s0 6 ? 00:00:00 kworker/u256:0
system_u:system_r:kernel_t:s0 7 ? 00:00:00 migration/0
system_u:system_r:kernel_t:s0 8 ? 00:00:00 rcu_bh
system_u:system_r:kernel_t:s0 9 ? 00:00:00 rcu_sched
system_u:system_r:kernel_t:s0 10 ? 00:00:00 lru-add-drain
system_u:system_r:kernel_t:s0 11 ? 00:00:00 watchdog/0
system_u:system_r:kernel_t:s0 12 ? 00:00:00 watchdog/1
system_u:system_r:kernel_t:s0 13 ? 00:00:00 migration/1
system_u:system_r:kernel_t:s0 14 ? 00:00:00 ksoftirqd/1
system_u:system_r:kernel_t:s0 16 ? 00:00:00 kworker/1:0H
system_u:system_r:kernel_t:s0 18 ? 00:00:00 kdevtmpfs
system_u:system_r:kernel_t:s0 19 ? 00:00:00 netns
system_u:system_r:kernel_t:s0 20 ? 00:00:00 khungtaskd
system_u:system_r:kernel_t:s0 21 ? 00:00:00 writeback
system_u:system_r:kernel_t:s0 22 ? 00:00:00 kintegrityd
system_u:system_r:kernel_t:s0 23 ? 00:00:00 bioset
system_u:system_r:kernel_t:s0 24 ? 00:00:00 kblockd
system_u:system_r:kernel_t:s0 25 ? 00:00:00 md
system_u:system_r:kernel_t:s0 26 ? 00:00:00 edac-poller
system_u:system_r:kernel_t:s0 32 ? 00:00:00 kswapd0
system_u:system_r:kernel_t:s0 33 ? 00:00:00 ksmd
system_u:system_r:kernel_t:s0 34 ? 00:00:00 khugepaged
system_u:system_r:kernel_t:s0 35 ? 00:00:00 crypto
system_u:system_r:kernel_t:s0 43 ? 00:00:00 kthrotld
system_u:system_r:kernel_t:s0 45 ? 00:00:00 kmpath_rdacd
system_u:system_r:kernel_t:s0 46 ? 00:00:00 kaluad
system_u:system_r:kernel_t:s0 48 ? 00:00:00 kpsmoused
system_u:system_r:kernel_t:s0 50 ? 00:00:00 ipv6_addrconf
system_u:system_r:kernel_t:s0 63 ? 00:00:00 deferwq
system_u:system_r:kernel_t:s0 94 ? 00:00:00 kauditd
system_u:system_r:kernel_t:s0 236 ? 00:00:00 ata_sff
system_u:system_r:kernel_t:s0 239 ? 00:00:00 mpt_poll_0
system_u:system_r:kernel_t:s0 241 ? 00:00:00 mpt/0
system_u:system_r:kernel_t:s0 245 ? 00:00:00 scsi_eh_0
system_u:system_r:kernel_t:s0 246 ? 00:00:00 scsi_tmf_0
system_u:system_r:kernel_t:s0 247 ? 00:00:00 kworker/u256:2
system_u:system_r:kernel_t:s0 248 ? 00:00:00 scsi_eh_1
system_u:system_r:kernel_t:s0 249 ? 00:00:00 scsi_tmf_1
system_u:system_r:kernel_t:s0 250 ? 00:00:00 scsi_eh_2
system_u:system_r:kernel_t:s0 251 ? 00:00:00 scsi_tmf_2
system_u:system_r:kernel_t:s0 253 ? 00:00:00 ttm_swap
system_u:system_r:kernel_t:s0 254 ? 00:00:00 irq/16-vmwgfx
system_u:system_r:kernel_t:s0 277 ? 00:00:00 bioset
system_u:system_r:kernel_t:s0 278 ? 00:00:00 xfsalloc
system_u:system_r:kernel_t:s0 279 ? 00:00:00 xfs_mru_cache
system_u:system_r:kernel_t:s0 280 ? 00:00:00 xfs-buf/sda2
system_u:system_r:kernel_t:s0 281 ? 00:00:00 xfs-data/sda2
system_u:system_r:kernel_t:s0 282 ? 00:00:00 xfs-conv/sda2
system_u:system_r:kernel_t:s0 283 ? 00:00:00 xfs-cil/sda2
system_u:system_r:kernel_t:s0 284 ? 00:00:00 xfs-reclaim/sda
system_u:system_r:kernel_t:s0 285 ? 00:00:00 xfs-log/sda2
system_u:system_r:kernel_t:s0 286 ? 00:00:00 xfs-eofblocks/s
system_u:system_r:kernel_t:s0 287 ? 00:00:00 xfsaild/sda2
system_u:system_r:kernel_t:s0 288 ? 00:00:00 kworker/0:1H
system_u:system_r:kernel_t:s0 356 ? 00:00:00 kworker/1:1H
system_u:system_r:syslogd_t:s0 357 ? 00:00:00 systemd-journal
system_u:system_r:udev_t:s0-s0:c0.c1023 388 ? 00:00:01 systemd-udevd
system_u:system_r:kernel_t:s0 405 ? 00:00:00 nfit
system_u:system_r:kernel_t:s0 432 ? 00:00:00 xfs-buf/sda3
system_u:system_r:kernel_t:s0 433 ? 00:00:00 xfs-data/sda3
system_u:system_r:kernel_t:s0 434 ? 00:00:00 xfs-conv/sda3
system_u:system_r:kernel_t:s0 435 ? 00:00:00 xfs-cil/sda3
system_u:system_r:kernel_t:s0 436 ? 00:00:00 xfs-reclaim/sda
system_u:system_r:kernel_t:s0 437 ? 00:00:00 xfs-log/sda3
system_u:system_r:kernel_t:s0 438 ? 00:00:00 xfs-eofblocks/s
system_u:system_r:kernel_t:s0 439 ? 00:00:00 xfsaild/sda3
system_u:system_r:kernel_t:s0 446 ? 00:00:00 xfs-buf/sda1
system_u:system_r:kernel_t:s0 447 ? 00:00:00 xfs-data/sda1
system_u:system_r:kernel_t:s0 448 ? 00:00:00 xfs-conv/sda1
system_u:system_r:kernel_t:s0 449 ? 00:00:00 xfs-cil/sda1
system_u:system_r:kernel_t:s0 450 ? 00:00:00 xfs-reclaim/sda
system_u:system_r:kernel_t:s0 451 ? 00:00:00 xfs-log/sda1
system_u:system_r:kernel_t:s0 452 ? 00:00:00 xfs-eofblocks/s
system_u:system_r:kernel_t:s0 453 ? 00:00:00 xfsaild/sda1
system_u:system_r:auditd_t:s0 515 ? 00:00:00 auditd
system_u:system_r:irqbalance_t:s0 538 ? 00:00:02 irqbalance
system_u:system_r:policykit_t:s0 539 ? 00:00:00 polkitd
system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 540 ? 00:00:01 dbus-daemon
system_u:system_r:NetworkManager_t:s0 544 ? 00:00:00 NetworkManager
system_u:system_r:vmtools_t:s0 545 ? 00:00:00 VGAuthService
system_u:system_r:vmtools_t:s0 546 ? 00:00:35 vmtoolsd
system_u:system_r:systemd_logind_t:s0 548 ? 00:00:00 systemd-logind
system_u:system_r:crond_t:s0-s0:c0.c1023 555 ? 00:00:00 crond
system_u:system_r:getty_t:s0-s0:c0.c1023 558 tty1 00:00:00 agetty
system_u:system_r:tuned_t:s0 784 ? 00:00:05 tuned
system_u:system_r:sshd_t:s0-s0:c0.c1023 785 ? 00:00:00 sshd
system_u:system_r:syslogd_t:s0 787 ? 00:00:02 rsyslogd
system_u:system_r:postfix_master_t:s0 869 ? 00:00:00 master
system_u:system_r:postfix_qmgr_t:s0 871 ? 00:00:00 qmgr
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2053 ? 00:00:00 sshd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2057 pts/2 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2110 ? 00:00:00 sshd
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2114 pts/3 00:00:00 bash
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2134 pts/3 00:00:00 su
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2135 pts/3 00:00: bash
unconfined_u:unconfined_r:passwd_t:s0-s0:c0.c1023 2195 pts/3 00:00:00 passwd
system_u:system_r:httpd_t:s0 2295 ? 00:00: httpd
system_u:system_r:httpd_t:s0 2296 ? 00:00: httpd
system_u:system_r:httpd_t:s0 2297 ? 00:00: httpd
system_u:system_r:httpd_t:s0 2298 ? 00:00: httpd
system_u:system_r:httpd_t:s0 2299 ? 00:00: httpd
system_u:system_r:httpd_t:s0 2300 ? 00:00: httpd
system_u:system_r:kernel_t:s0 2540 ? 00:00:00 kworker/1:
system_u:system_r:kernel_t:s0 2583 ? 00:00:00 kworker/0:
system_u:system_r:postfix_pickup_t:s0 2590 ? 00:00: pickup
system_u:system_r:kernel_t:s0 2596 ? 00:00:00 kworker/0:
system_u:system_r:kernel_t:s0 2613 ? 00:00:00 kworker/1:
system_u:system_r:kernel_t:s0 2618 ? 00:00:00 kworker/0:
system_u:system_r:kernel_t:s0 2632 ? 00:00:00 kworker/1:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 2635 pts/2 00:00:00 ps
[root@centos72 ~]# ps --context
PID CONTEXT COMMAND
2057 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 -bash
2640 unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 ps --context
十七使用watch实用程序执行重复的输出以实现对就程进行实时的监视
如下面的命令显示每秒钟的监视:
watch -n 1 'ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head
Every 1.0s: ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem Sat May 18 16:06:57 2019 PID PPID CMD %MEM %CPU
784 1 /usr/bin/python -Es /usr/sb 1.9 0.0
787 1 /usr/sbin/rsyslogd -n 1.4 0.0
539 1 /usr/lib/polkit-1/polkitd - 1.2 0.0
544 1 /usr/sbin/NetworkManager -- 0.9 0.0
1 0 /usr/lib/systemd/systemd -- 0.6 0.0
388 1 /usr/lib/systemd/systemd-ud 0.6 0.0
545 1 /usr/bin/VGAuthService -s 0.6 0.0
546 1 /usr/bin/vmtoolsd 0.6 0.0
2053 785 sshd: root@pts/2 0.5 0.0
2110 785 sshd: root@pts/3 0.5 0.0
2295 1 /usr/sbin/httpd -DFOREGROUN 0.5 0.0
785 1 /usr/sbin/sshd -D 0.4 0.0
871 869 qmgr -l -t unix -u 0.4 0.0
2590 869 pickup -l -t unix -u 0.4 0.0
357 1 /usr/lib/systemd/systemd-jo 0.3 0.0
2296 2295 /usr/sbin/httpd -DFOREGROUN 0.3 0.0
2297 2295 /usr
现在开启新的终端,创建文件消耗大量内存
[root@centos72 ~]# dd if=/dev/zero of=/dev/null bs=1G
Every 1.0s: ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem Sat May 18 16:10:43 2019 PID PPID CMD %MEM %CPU
2998 2114 dd if=/dev/zero of=/dev/nul 80.7 4.4
3034 3033 ps -eo pid,ppid,cmd,%mem,%c 0.1 1.0
546 1 /usr/bin/vmtoolsd 0.0 0.0
2986 2057 watch -n 1 ps -eo pid,ppid, 0.0 0.0
2057 2053 -bash 0.0 0.0
784 1 /usr/bin/python -Es /usr/sb 0.0 0.0
1 0 /usr/lib/systemd/systemd -- 0.0 0.0
538 1 /usr/sbin/irqbalance --fore 0.0 0.0
2114 2110 -bash 0.0 0.0
3033 2986 watch -n 1 ps -eo pid,ppid, 0.0 0.0
540 1 /usr/bin/dbus-daemon --syst 0.0 0.0
2295 1 /usr/sbin/httpd -DFOREGROUN 0.0 0.0
2053 785 sshd: root@pts/2 0.0 0.0
2987 2057 head 0.0 0.0
555 1 /usr/sbin/crond -n 0.0 0.0
544 1 /usr/sbin/NetworkManager -- 0.0 0.0
548 1 /usr/lib/systemd/systemd-lo 0.0 0.0
2110 785 sshd: root@pts/3 ger -- 0.0 0.0
785 1 /usr/sbin/sshd -D 0.0 0.0
最新文章
- VC 鼠标滚轮事件控制绘图的问题
- APP弱网测试
- YII的关联查询
- C++,栈与队列
- 字符集乱码问题:ISO-8859-1和GBK
- Developer Tools(开发工具)
- [iOS基础控件 - 6.3] 使用可视化连线方式指定dataSource、delegate
- 明天参加GDG devfest
- 场解决方案添加webpart(Create Webpart to page using code)
- 编译LFS
- CDZSC_2015寒假新人(2)——数学 P
- php curl详解用法[真的详解]
- yii框架数据库操作数据访问对象(DAO)简单总结
- Java的流程控制结构,细节详解
- Angular 2 前端 http 传输 model 对象及其外键的问题
- django-表单
- linux下64位汇编的系统调用(5)
- 【Node.js】二、基于Express框架 + 连接MongoDB + 写后端接口
- C++中关于字符串的一些API
- 把linux的man手册转化为windows下可读的格式