User Tools

Site Tools

Trace:
process_investigation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
process_investigation [2016/01/28 09:22] – created luke7858process_investigation [2024/05/23 07:26] (current) – external edit 127.0.0.1
Line 1: Line 1:
 === processes investigation === === processes investigation ===
 +Please see [[top5_cpu_processes|top CPU consumers]] or [[ram_diagnostics|top RAM consumers]] for commands to find the offending processes
 +\\
 +Example Process:
 +<sxh bash>
 +USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
 +apache   1234  99.0  40.6 4704844 400260 ?      S    11:08   0:08 /usr/sbin/httpd
 +</sxh>
 +\\
 +=== Investigating a PID ===
 +First we need to find out if the process is an Established connection (replace 1234 with the PID):
 +<sxh bash>
 +netstat -pant | grep 1234
 +</sxh>
 +\\
 +=== Process 'State' Investigation ===
 +An important column to look into is the 'State' column. This tells you what the process is currently doing:
 +\\
 +^ State ^ Definition ^
 +| D  | uninterruptible sleep (usually IO) |
 +| R  | running or runnable (on run queue) |
 +| S  | interruptible sleep (waiting for an event to complete) |
 +| T  | stopped, either by a job control signal or because it is being traced | 
 +| X  | dead (should never be seen) |
 +| Z  | defunct ("zombie") process, terminated but not reaped by its parent |
 +|    | |
 +| <  | high-priority (not nice to other users) |
 +| N  | low-priority (nice to other users) |
 +| L  | has pages locked into memory (for real-time and custom IO) |
 +| s  | is a session leader |
 +| l  | is multi-threaded (using CLONE_THREAD, like NPTL pthreads do) |
 +| +  | is in the foreground process group |
 +\\
 + 
 +\\
 +=== Checking Process Activity ===
 Once you have a process to investigate, we will need to find out if the process is alive/active. Once you have a process to investigate, we will need to find out if the process is alive/active.
 \\ \\
Line 6: Line 41:
 The command below runs strace for 3 seconds and then terminates the command. Replace 1234 with the PID number you are investigating: The command below runs strace for 3 seconds and then terminates the command. Replace 1234 with the PID number you are investigating:
 <sxh bash> <sxh bash>
-timeout strace -p 1234+timeout strace -p 1234
 </sxh> </sxh>
- +If there is some for out output on the screen, this means the process is active. 
-<sxh bash> +\\ 
- +If there is nothing on the screen except something similar to the following then the process is not currently active:
-</sxh> +
 <sxh bash> <sxh bash>
 +Process 1 attached 
 +<detached ...>
 </sxh> </sxh>
 +If the process is not active and the output from the netstat command does not return anything then the process could be dead. 
process_investigation.1453972944.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki