Process Monitoring

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey Cybrarians and welcome back to
00:00
the Linux+ course here at Cybrary.
00:00
I'm your instructor Rob Gills.
00:00
In today's lesson, we're going to be
00:00
talking about process monitoring.
00:00
Upon completion of today's lesson,
00:00
you are going to be able to understand the importance
00:00
of processes as well as process monitoring.
00:00
We're going to see how a process ID is
00:00
generated and then a little later on in our demo,
00:00
we're going to get to use the top,
00:00
htop and time commands.
00:00
Process management really is
00:00
so important to managing Linux
00:00
because the performance of a Linux system
00:00
depends not only on hardware and software.
00:00
We don't need to necessarily worry
00:00
all the time about CPU and
00:00
memory and things we talked about in
00:00
the previous lesson, troubleshooting hardware,
00:00
but also on the processes
00:00
that are running on the system at any given time,
00:00
there are at least as equally as
00:00
important as the hardware and software.
00:00
To manage Linux, you really need to
00:00
understand how processes work
00:00
with the OS and since
00:00
processes are so ubiquitous in Linux,
00:00
we need to ensure that we're monitoring
00:00
the processes and we know how to do so.
00:00
But first of all, let's talk
00:00
about some basics of processes.
00:00
In Linux, each running a program is a process,
00:00
and a process can run in the foreground,
00:00
display output to the console,
00:00
or it can just be in the background
00:00
performing work on data behind the scenes.
00:00
Now, Linux assigns each and every process a process ID,
00:00
which is called a PID for short.
00:00
This is used to identify and manage the process.
00:00
Now when Linux first boots it calls
00:00
either the init process or systemd in newer systems.
00:00
Do you remember SysVinit,
00:00
system five init versus systemd.
00:00
Now the init or systemd process
00:00
starts all other processes on the system,
00:00
which means that all of the processes
00:00
are at the end of the day,
00:00
children of init or systemd and therefore,
00:00
init or systemd, that process always has a PID of one.
00:00
Now, all of the processes get
00:00
a randomly assigned PID from the table of
00:00
available PID numbers that is kept by
00:00
the Linux operating system and additionally,
00:00
nominate processes, everything else except for init or
00:00
systemd have parent process IDs or PPIDs,
00:00
and this is just going to be the PID number
00:00
of the processes' parent.
00:00
Now, as I said, all processes are
00:00
children of init at the end of the day,
00:00
but they may have spawned from another process as well.
00:00
They may have an immediate parent and then there are
00:00
grandparent actually ends up being systemd or init.
00:00
To monitor processes in real-time,
00:00
we can use the top command and that's going to display
00:00
that process information and
00:00
continually update as we're looking at it.
00:00
The htop command also
00:00
displays that process information in real time,
00:00
but it just gives you a lot better
00:00
visual identification of what's going
00:00
on with the system and it
00:00
has colors, which is always nice.
00:00
Then finally, we can also use the time command to
00:00
determine how long it takes for a command to run.
00:00
Let's take a look at these three commands
00:00
with some demo time.
00:00
Here we are back in our demo environment.
00:00
Today we're going to be in CentOS and let's go
00:00
ahead right off the bat and run that top command first.
00:00
Now what we'll see here with top is
00:00
that this is going to display our process IDs.
00:00
We can see the PID column here.
00:00
We also see a load average which is up top
00:00
here and we can see the system uptime.
00:00
This has only been up a few minutes because I just
00:00
booted it for the purpose of this demo
00:00
and we see information about memory load and CPU load.
00:00
But more importantly, we can see that this is
00:00
updating every two to three seconds.
00:00
Now, by default,
00:00
top sorts by the highest CPU usage,
00:00
but we can change it to sort by
00:00
the highest memory usage by hitting capital
00:00
M. Shift M on
00:00
your keyboard and now this will sort by memory.
00:00
Now, if we want to change it to sort by CPU instead,
00:00
we can just hit Shift P and now we sort by CPU instead.
00:00
Top has a lot of options.
00:00
There's quite a bit of things that you can do with it
00:00
and if you want to get more involved in it,
00:00
hit the H key and this will bring up the help menu and
00:00
tell you about all of the different options
00:00
you can have when you're working with top.
00:00
But we're going to go ahead and quit out of this.
00:00
We hit Q and we're going to hit Q
00:00
again to actually completely close
00:00
out of top and then I'm going to hit
00:00
Control L on my keyboard to clear the screen.
00:00
Now, let's take a look at the htop command.
00:00
Right away we can see it's a little bit nice to look at.
00:00
We got some coloration here going on.
00:00
A little bit more information at the top,
00:00
little easier to read how things are broken out.
00:00
But beyond that, htop works pretty much the same as top.
00:00
We can see right now it's sorting by CPU by default.
00:00
We can change it to sort by memory by hitting
00:00
Shift M on your keyboard or capital M
00:00
and now we can see that this has
00:00
recolored this column in blue.
00:00
We can see this little tiny upside down arrow
00:00
next to it that indicates that we're sorting by memory.
00:00
Again, like we did before,
00:00
if you want to change that back to sorting by CPU,
00:00
we just do Shift P and now we're sorting by CPU as well.
00:00
Let's go ahead and quit out of htop as well.
00:00
All right, and then what we can do
00:00
now is look at the time command.
00:00
Let's run something that's slightly
00:00
time-intensive, not terrible,
00:00
but a little time-intensive and
00:00
that's the updatedb command.
00:00
We'll run updatedb. It is the only one
00:00
I can think of off the top my head anyway.
00:00
Really what this does is it just updates
00:00
the location database that
00:00
we use when we run the locate command.
00:00
We're just telling the time command
00:00
to tells us how long it takes for us to run
00:00
this command and we're actually going to run
00:00
into sub-shell so that it
00:00
executes and then returns
00:00
that information to the time command.
00:00
We'll hit Enter and then I'll pop in
00:00
my user password to elevate privileges and
00:00
become root temporarily and hit Enter.
00:00
Now, what we get is the overall time
00:00
that this command took the run,
00:00
which is the real and then we also see
00:00
user as this CPU time is taken by the user process,
00:00
and we also see sys,
00:00
which is the CPU time that was
00:00
taken by the system processes.
00:00
With that, we've reached the end of this lesson.
00:00
In this lesson we covered the importance of
00:00
process monitoring and management in Linux.
00:00
We talked about how a process ID is generated
00:00
and then we saw during our demo how to use the top,
00:00
htop and time commands.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next