monitoring program
profiler process ps
-A Show all processes
-N Show all processes that do not match the specified parameters
-a Show all processes except the controlling process (session leader ① ) and terminalless processes
-d Show all processes except the controlling process
-e Show all processes
- C cmdlist show processes included in cmdlist list
-G grplist show processes whose group ID is in grplist list
-U userlist show processes whose owner's user ID is in userlist list
-g grplist show session or group ID in grplist list Process ②
-p pidlist Display the process whose PID is in the pidlist list
-s sesslist Display the process whose session ID is in the sesslist list
-t ttylist Display the process whose terminal ID is in the ttylist list
-u userlist Display the process whose effective user ID is in the userlist list
-F show more extra output (relative to
the -f parameter) -O format show default output columns and specific columns specified by the format list
-M show process security information
-c show process additional scheduler information
-f show complete Format output
-j display task information
-l display long list
-o format display only columns specified by format
-y do not display process flag (process flag, a flag indicating process status)
-Z Display security context
-H Display processes in hierarchical format (tree, used to display parent processes)
-n namelist defines the value displayed in the WCHAN column
-w Use wide output mode, display unlimited width
-L show threads in process
-V show version number of ps command
$ps -ef This example uses two parameters: the -e parameter specifies to display all processes running on the system; the -f parameter expands the output, and these expanded columns contain useful information.
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 11:29 ? 00:00:01 init [5]
root 2 0 0 11:29 ? 00:00:00 [kthreadd]
root 3 2 0 11:29 ? 00:00:00 [migration/0]
root 4 2 0 11:29 ? 00:00:00 [ksoftirqd/0]
root 5 2 0 11:29 ? 00:00:00 [watchdog/0]
root 6 2 0 11:29 ? 00:00:00 [events/0]
root 7 2 0 11:29 ? 00:00:00 [khelper]
root 47 2 0 11:29 ? 00:00:00 [kblockd/0]
UID: The user who started these processes.
PID: The process ID of the process.
PPID: The process ID of the parent process (if the process was started by another process).
C: CPU utilization during the lifetime of the process.
STIME: The system time when the process started.
TTY: Terminal device when the process starts.
TIME: The cumulative CPU time required to run the process.
CMD: The name of the program to start.
$ ps -l produces a long format output.
$ ps -l
F S UID PID PPID C PRI NI ADDR SZ WCHAN TTY TIME CMD
0 S 500 3081 3080 0 80 0 - 1173 wait pts/0 00:00:00 bash
0 R 500 4463 3081 1 80 0 - 1116 - pts/0 00:00:00 ps
Note the extra columns after using the -l parameter.
F : The system flag assigned to the process by the kernel.
S : The state of the process (O means running; S means sleeping; R means runnable, waiting to run; Z means inflexible, the process has ended but the parent process no longer exists; T means stopped).
PRI : The priority of the process (higher numbers represent lower priorities).
NI: The humility value is used to participate in determining priorities.
ADDR : The memory address of the process.
SZ : The approximate size of the swap space required if the process is swapped out.
WCHAN : The address of the kernel function where the process sleeps.
Real-time monitoring process top
The top command is similar to the ps command and can display process information, but it is displayed in real time.
The first part of the output shows an overview of the system: the first line shows the current time, how long the system has been running, the number of users logged in, and the average load on the system.
The load average has 3 values: the last 1 minute, the last 5 minutes and the last 15 minutes. The larger the value, the higher the load on the system. Due to the short-term burst activity of the process, it is also common to have a high load value in the last minute, but if the average load in the past 15 minutes is high, it means that there may be a problem with the system. The point of explaining Linux system administration is to define exactly what is considered a high load. This value depends on the hardware configuration of the system and the programs normally running on the system. A value that is high load for one system may be a normal value for another system. Usually, if the load value of the system exceeds 2, it means that the system is busy.
The second line shows a summary of the process - the top command output refers to the process as a task: how many processes are running, sleeping, stopped, or in an inflexible state (a inflexible state is when the process No response).
The next line shows a summary of the CPU. top divides CPU utilization into categories of output based on the owner of the process (user or system) and the state of the process (running, idle, or waiting). The two lines immediately following it describe the state of the system memory. The first line says the physical memory of the system: how much memory is there in total, how much is currently used, and how much is free. The latter line says the same information, but for the state of the system's swap space (if allocated).
The last section shows a detailed list of currently running processes, some of which are similar to the output of the ps command.
PID: The ID of the process.
USER: The name of the process owner.
PR: The priority of the process.
NI: The humility value of the process.
VIRT: The total amount of virtual memory used by the process.
RES: The total amount of physical memory used by the process.
SHR: The total amount of memory shared by the process and other processes.
S: The state of the process (D stands for interruptible sleep state, R stands for running state, S stands for sleep state, T stands for tracking state or stopped state, and Z stands for rigid state).
%CPU: The percentage of CPU time used by the process.
%MEM: The memory used by the process as a percentage of the available memory.
TIME+: The total amount of CPU time since the process started.
COMMAND: The command line name corresponding to the process, that is, the name of the program to start.
By default, the top command sorts processes by %CPU value at startup. Various interactive commands can be used to reorder while top is running. Each interactive command is a single character, and typing it while the top command is running changes the behavior of top. Typing f allows you to select the field by which to sort the output, and typing d allows you to modify the polling interval. Type q to quit top. The user has a lot of control over the output of the top command. With this tool, you can often find the culprit that is taking up most of your system's resources.
end process
In Linux, processes communicate through signals. A process's signal is a predefined message that the process can recognize and decide to ignore or react to. How a process handles signals is determined by the developer programmatically. Most well-written programs can receive and handle standard Unix process signals. The following is a description of the process signal:
| Signal |
name | Depiction |
| 1 |
HUP |
hang |
| 2 |
INT |
interrupt |
| 3 |
QUIT |
end run |
| 9 |
KILL |
unconditional termination |
| 11 |
SEGV |
segfault |
| 15 |
TERM |
Terminate as much as possible |
| 17 |
STOP |
Unconditionally stops running, but does not terminate |
| 18 |
TSTP |
Stop or pause, but keep running in the background |
| 19 | ACCOUNT |
Resume execution after STOP or TSTP |
1. kill command
The ill command signals a process by its process ID (PID). By default, the kill command sends a TERM signal to all PIDs listed on the command line. Unfortunately, you can only use the PID of the process and not the command name , so the kill command sometimes doesn't work well. If you want to force termination, the -s parameter supports specifying another signal (either by signal name or signal value). As you can see from the example below, the kill command will not produce any output.
# kill -s HUP 3940
2. killall command
The killall command is very powerful, it supports killing a process by its name instead of its PID . The killall command also supports wildcards, which is useful when the system becomes slow under heavy load.
# killall http*
Monitor disk space
1 Mount the storage media
mount command
$ mount
/dev/mapper/VolGroup00-LogVol00 on / type ext3 (rw)
The mount command provides the following four pieces of information:
The device file name of the
media The mount point of the media mounted to the virtual directory The
file system type
The access status of the mounted media
To manually mount a device in a virtual directory, you need to be logged in as the root user, or run the sudo command as the root user. Here is the basic command to manually mount a media device:
mount -t type device directory
The type parameter specifies the filesystem type on which the disk is formatted. Linux can recognize a very large number of file system types. If you
are sharing these storage devices with a Windows PC, the following file system types are usually used.
vfat: Windows long file system.
ntfs: An advanced file system widely used in Windows NT, XP, Vista, and Windows 7.
iso9660: Standard CD-ROM file system
Parameters of the mount command
| parameter |
Depiction |
| -a |
Mount all filesystems specified in the /etc/fstab file |
| -f |
Make the mount command simulate mounting a device, but not actually mount it |
| -F |
When used with the -a parameter, all filesystems are mounted simultaneously |
| -v |
Verbose mode, which will explain each step of mounting the device |
| -I |
Do not enable any filesystem help files under /sbin/mount.filesystem |
| -l |
Automatically add filesystem labels to ext2, ext3 or XFS filesystems |
| -n |
Mount the device without registering it in the /etc/mtab mounted device file |
| -p num |
When doing encrypted mounts, get passphrase from file descriptor num |
| -s |
Ignore mount options that are not supported by this filesystem |
| -r |
Mount the device as read-only |
| -w |
mount the device as read-write (default parameters) |
| -L label |
Mount the device with the specified label |
| -U uuid |
将设备按指定的 uuid 挂载 |
| -O |
和 -a 参数一起使用,限制命令只作用到特定的一组文件系统上 |
| -o |
给文件系统添加特定的选项 |
- o 参数允许在挂载文件系统时添加一些以逗号分隔的额外选项。以下为常用的选项。
ro :以只读形式挂载。
rw :以读写形式挂载。
user :允许普通用户挂载文件系统。
check=none :挂载文件系统时不进行完整性校验。
loop :挂载一个文件。
2. umount 命令
umount [directory | device ]
3. df 命令
$ df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda2 18251068 7703964 9605024 45% /
df 命令会显示每个有数据的已挂载文件系统。如你在前例中看到的,有些已挂载设备仅限系统内部使用。命令输出如下:
设备的设备文件位置;
能容纳多少个1024字节大小的块;
已用了多少个1024字节大小的块;
还有多少个1024字节大小的块可用;
已用空间所占的比例;
设备挂载到了哪个挂载点上。
-h 把输出中的磁盘空间按照用户易读的形式显示,通常用M来替代兆字节,用G替代吉字节。
$ df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sdb2 18G 7.4G 9.2G 45% /
4. du 命令
下面是能让 du 命令用起来更方便的几个命令行参数。
-c :显示所有已列出文件总的大小。
-h :按用户易读的格式输出大小,即用K替代千字节,用M替代兆字节,用G替代吉字节。
-s :显示每个输出参数的总计。
处理数据文件
1 排序数据 sort
sort 命令参数
| 单破折线 双破折线 描 述 |
| -b --ignore-leading-blanks 排序时忽略起始的空白 -C --check=quiet 不排序,如果数据无序也不要报告 -c --check 不排序,但检查输入数据是不是已排序;未排序的话,报告 -d --dictionary-order 仅考虑空白和字母,不考虑特殊字符 -f --ignore-case 默认情况下,会将大写字母排在前面;这个参数会忽略大小写 -g --general-number-sort 按通用数值来排序(跟 -n 不同,把值当浮点数来排序,支持科学计数法表示的值) -i --ignore-nonprinting 在排序时忽略不可打印字符 -k --key=POS1[,POS2] 排序从POS1位置开始;如果指定了POS2的话,到POS2位置结束 -M --month-sort 用三字符月份名按月份排序 -m --merge 将两个已排序数据文件合并 -n --numeric-sort 按字符串数值来排序(并不转换为浮点数) -o --output=file 将排序结果写出到指定的文件中 -R --random-sort 按随机生成的散列表的键值排序 --random-source=FILE 指定 -R 参数用到的随机字节的源文件 -r --reverse 反序排序(升序变成降序) -S --buffer-size=SIZE 指定使用的内存大小 -s --stable 禁用最后重排序比较 -T --temporary-directory=DIR 指定一个位置来存储临时工作文件 -t --field-separator=SEP 指定一个用来区分键位置的字符 -u --unique和 -c 参数一起使用时,检查严格排序;不和 -c 参数一起用时,仅输出第一例相似的两行 -z --zero-terminated 用NULL字符作为行尾,而不是用换行符 |
-n 参数在排序数值时非常有用,比如 du 命令的输出。
$ du -sh * | sort -nr
2 搜索数据
grep [options] pattern [file]
如果要进行反向搜索(输出不匹配该模式的行),可加 -v 参数。
$ grep -v t file1
one
four
five
$
如果要显示匹配模式的行所在的行号,可加 -n 参数。
$ grep -n t file1
2:two
3:three
$
如果只要知道有多少行含有匹配的模式,可用 -c 参数。
$ grep -c t file1
2
$
如果要指定多个匹配模式,可用 -e 参数来指定每个模式。
$ grep -e t -e f file1
two
three
four
five
3 压缩数据
Linux文件压缩工具
| 工 具 文件扩展名 描述 |
| bzip2 .bz2 采用Burrows-Wheeler块排序文本压缩算法和霍夫曼编码 compress .Z 最初的Unix文件压缩工具,已经快没人用了 gzip .gz GNU压缩工具,用Lempel-Ziv编码 zip .zip Windows上PKZIP工具的Unix实现 |
gzip :用来压缩文件。
gzcat :用来查看压缩过的文本文件的内容。
gunzip :用来解压文件。
$ gzip myprog
$ ls -l my*
-rwxrwxr-x 1 rich rich 2197 2007-09-13 11:29 myprog.gz
4 归档数据 tar
tar function [options] object1 object2 ...
tar 命令的功能
| 功 能 长 名 称 描 述 |
| -A --concatenate 将一个已有tar归档文件追加到另一个已有tar归档文件 -c --create 创建一个新的tar归档文件 -d --diff 检查归档文件和文件系统的不同之处 --delete 从已有tar归档文件中删除 -r --append 追加文件到已有tar归档文件末尾 -t --list 列出已有tar归档文件的内容 -u --update 将比tar归档文件中已有的同名文件新的文件追加到该tar归档文件中 -x --extract 从已有tar归档文件中提取文件 |
tar 命令选项(和命令功能一起使用)
| 选 项 描 述 |
| C dir 切换到指定目录 -f file 输出结果到文件或设备 file -j 将输出重定向给 bzip2 命令来压缩内容 -p 保留所有文件权限 -v 在处理文件时显示文件 -z 将输出重定向给 gzip 命令来压缩内容 |
这些选项经常合并到一起使用。首先,你可以用下列命令来创建一个归档文件:
tar -cvf test.tar test/ test2/
上面的命令创建了名为test.tar的归档文件,含有test和test2目录内容。接着,用下列命令:
tar -tf test.tar
列出tar文件test.tar的内容(但并不提取文件)。最后,用命令:
tar -xvf test.tar