process_investigation
This is an old revision of the document!
processes investigation
Please see top CPU consumers or top RAM consumers for commands to find the offending processes
Investigating a PID
First we need to find out if the process is an Established connection (replace 1234 with the PID):
netstat -pant | grep 1234
| State | Definition |
|---|---|
| D | uninterruptible sleep (usually IO) |
| R | running or runnable (on run queue) |
| S | interruptible sleep (waiting for an event to complete) |
| T | stopped, either by a job control signal or because it is being traced |
| X | dead (should never be seen) |
| Z | defunct (“zombie”) process, terminated but not reaped by its parent |
| < | high-priority (not nice to other users) |
| N | low-priority (nice to other users) |
| L | has pages locked into memory (for real-time and custom IO) |
| s | is a session leader |
| l | is multi-threaded (using CLONE_THREAD, like NPTL pthreads do) |
| + | is in the foreground process group |
Checking Process Activity
Once you have a process to investigate, we will need to find out if the process is alive/active.
We can run an strace command for a certain amount of time for this.
The command below runs strace for 3 seconds and then terminates the command. Replace 1234 with the PID number you are investigating:
timeout 3 strace -p 1234
process_investigation.1453973362.txt.gz · Last modified: 2024/05/23 07:26 (external edit)