Linux offers a number of tools for examining your running processes. With the applications shown below, you can find out which applications are eating all your memory and which files are attached to those rogue programs. Or you can just get a global view of how your system is performing.
Regardless of your specific level of interest, this tutorial will offer you a starting point on that journey.
Perhaps the most well-known service/process manager in the Linux toolkit is top. Its name is an acronym for “Table Of Processes.” The Linux version (others have been written for Unix, Solaris, etc.) is hosted with the procps package, a collection of utilities that you can grab at the link above.
You can see in this screenshot that top provides a lot of information at once. At the top of the screen you can see how long the computer has been running, its current CPU usage, and current memory usage. These values pertain to the entire system – not just the individual programs displayed below that text.
In contrast, you can see individual CPU and memory use for various running processes in the bulk of the screen. The screenshot here only shows the services the “root” user is running, and “systemd” comes in first as the consumer of the most memory use at just 0.3 percent.
You can run top in the command line with just
top to enter an interactive readout of all running processes for all users. Running
top U user will enter that same type of environment, but it will show the processes for that specific user.
You can also single out a running process by first running
pidof process to enter that output into top with
top -p pid. For instance,
pid firefox on this machine returns “2886,” so running
top -p 2886 shows only that process’s information on its screen.
Some utilities try to pare down what top offers. One such program, iotop, does exactly that. Its output, as you can see here, is much simpler than top’s deluge.
Iotop reveals the input/output of a running process. At the top of its screen it shows the disk read and disk write, in bytes, before revealing the ID of each process and the individual read, write, and I/O they are consuming.
You can, as with top, select iotop’s output by specifying parameters such as
iotop -p pid to monitor a single process or
iotop -u user to monitor a single user’s running processes.
From the outset, Monit tries to be more specific but still easy to use. It runs as a daemon and will follow processes and services that you specify in its configuration file.
Starting the deamon from the command line doesn’t look like much.
To make the most of Monit’s capabilities, it’s a good practice to enable Monit to run from startup. Using systemd, the
systemctl enable monit command will complete that task.
You can then edit Monit’s configuration file (located at “/etc/monitrc”) to follow and modify specific processes from the second they begin running. Check out this option in the config file below.
Although the lines are commented out, you can see that this series of commands would follow the Apache process, start or stop it if necessary, and create alerts when something goes wrong. The config file is meant to be easy to read and edit; it uses keywords such as “start,” “if,” “then,” and “within” to complete tasks.
If you’re curious as to which files a process has opened when it’s running, use lsof. Running the
lsof command will, by default, list every file opened by every process running on the system. Therefore, it can be useful to be more specific with your query.
You can dig into the specific name of a running process, such as Firefox, by piping lsof’s output into
grep, which will search for a string you specify.
So if you want to find out if Firefox is running a FLAC audio library, a command like the following would be useful:
It reduces the output from thousands of lines to approximately twenty.
A version of that command produces the following.
What you can replicate here is first running lsof, then searching for “firefox” as a string in lsof’s output, then searching through those lines with “firefox” in them for the string “libflac.” Grep uses the
-i flag in that last command to ignore uppercases and lowercases in its search.
The final command
grep -i gdbus is used here to provide a single-line example. It arbitrarily picks out the one line of output that shows “gdbus” as the task command lsof identified.
Lsof displays the command associated with a running process, its process ID, the task command associated with the file the process runs, and the name of the file attached to the running process, in addition to some other data.
The simplest application in this list, ps_mem, lists the memory usage of running processes on a system. A dry run of
ps_mem in the command line will reveal a list of all running processes and their individual memory consumption.
To investigate a specific process, you can list its ID – remember to use
pidof process to get that information – in the
ps_mem -p process command. Check out this output for reference:
Ps_mem is useful if you have a program you think is using too much memory. You can use it as a standalone tool or in tandem with others to verify their findings.
Don’t let the applications on your computer run astray. Keep them in check with a quick look at top, iotop, or ps_mem, and investigate further with Monit and lsof.
These are powerful tools that have a lot more options available in their man pages, so be sure to also read their documentation when investigating a troublesome issue.
Image credit: Xfce to the rescue!