Is there an option for the Linux top command where I can filter processes by name and write the CPU usage of that process every second to a log file?
top & pgrep
To filter the output of top by process name, you can use pgrep to get a list of PIDs by process name then pass them to the -p option of top.
For example:
top -p $(pgrep -d',' http)
Note: the -d',' option delimits the PIDs with commas, which is what is expected by the top -p.
Note 2: top will return a failure message if there are no running processes that match the name you specify in pgrep.
To write the results of top to a file, use the -n 1 option (only one iteration) and redirect the output to your log file.
top -p $(pgrep -d',' http) -n 1 >> your_log_file
To do that every second, perhaps a while loop with a sleep would do?
while :; do top -p $(pgrep -d',' http) -n 1 >> your_log_file; sleep 1; done
To timestamp each entry, you can append the output of date. E.g.
while :; do top -p $(pgrep -d',' http) -n 1 >> log.txt; date >> log.txt; sleep 1; done
Another option is:
top -b -d 1 -p $(pgrep -d',' java) -n 120 > log.txt
The option -d allows to set the frequency used by top to refresh the
data.
The option -b means that the traditional interface of top is
not used. Instead, it sends everything to the standard output and then you can use a pipe (|) or a redirection (>).
The option -n informs about the number of iterations top should execute.
After that you can type:
cat log.txt | grep USER_OF_PROCESS
You will see the execution time of the process and also %CPU, Memory and all that.
#You can run following script as ./cpurecorder.sh pid filename
#It will generate output file with memory usage and cpu utilisation.
#You can log other variable by searching man for ps.
`enter code here`filepath=/home/rtcsadm # modify as desired
interval=20 # reports per minute
timelimit=6000 # how long to run, in seconds
mydate=`date "+%H:%M:%S"` # the timestamp
freq=$((60/$interval)) # for sleep function
while [ "$SECONDS" -le "$timelimit" ] ; do
ps -p$1 -opid -opcpu -opmem -ocomm -c | grep $1 | sed "s/^/$mydate /" >> $filepath/$2.txt
sleep 3
mydate=`date "+%H:%M:%S"`
done
By using the linux command "top"...
Then press the 'o' or 'O' to activate filter prompt. It will show a line indicating the filter format like this -
add filter #1 (ignoring case) as: [!]FLD?VAL
Then enter a filter like this and hit Enter.
COMMAND=<pattern>
Now top will show only those processes whose COMMAND field contains the "<pattern>" value
(Solution taken from ... https://techantidote.com/filter-top-using-process-name-in-linux/ )
Related
So I've been trying to run the following command to check the consumption by the firefox process.
top -b | grep "firefox"
Now I can see the desired output in terminal for it. But now when I try to export it to a file, I'm not able to.
The command I'm running is:
top -b | grep "firefox" >> filename or top -b | grep "firefox" > filename
Please help.
You need the -n parm for top. For example,
top -b -n 1 | grep "firefox" >> firefox.out
Without -n 1 top will keep processing and will never make it to grep..
From the man page for top:
-n :Number-of-iterations limit as: -n number
Specifies the maximum number of iterations, or frames, top
should produce before ending.
Updated code with a while loop. It will loop forever unless you use
something like cntr variable. Remove the cntr code if you want
continuous monitoring:
#!/bin/sh
#
not_done=1
cntr=0
# Look for process firefox every 1 seconds
while [ "$not_done" -eq 1 ]
do
top -b -n 1 | grep "firefox" >> /tmp/firefox.out
sleep 1
((cntr=cntr+1))
# Addition logic to break out of loop after 10 iterations
if [ "$cntr" -eq 10 ]
then
not_done=0
fi
echo "cntr=$cntr"
done
You have to add in the command the flag -n
Change the number of processes to show. You will be prompted to enter the number.
To take a snapshot of a specific process in top utility, execute command with the PID (-p) flag.
Also i recommed if you want to take snapshots for the process one (PID), and get taking three snapshots of the PID:
top -p 678 -b -n3 > monitoring.out
I'm using "strace -f -T -tt -o foo.txt -p 1234" to print the time spent in system calls. This makes the output file huge, is there a way to just print the system calls that took greater than 1second. I can grep it out from the file later, but is there a better way?
If we simply omit the -o foo.txt argument, the output goes to standard output. We can pipe it through grep and redirect to the file:
strace -f -T -tt -p 1234 | grep pattern > foo.txt
To watch the output at the same time:
strace -f -T -tt -p 1234 | grep pattern | tee foo.txt
If a command prints only to a file that is passed as an argument, and we want to filter/redirect its output, the first step is to check whether it implements the dash convention: can you specify standard input or output using - as a filename argument:
some_command - | our_pipe > file.txt
If not, then the recourse is to use Bash process substitution substitution syntax: >(output command) and <(input command):
some_command >(our_pipe > file.txt)
The process substitution syntax expands into a token that is suitable as a filename argument for a command or function. When the program opens that token, it gets a file descriptor to the command's input or output, depending on direction.
With process substitution, we can redirect the input or output of stubborn programs which work only with files passed as by name as arguments, and which do not support any convention for requesting that standard input or output be used in place of a file.
The token used by process substitution is platform-dependent; we can see what it is using echo. For instance on GNU/Linux, Bash takes advantage of the /dev/fd operating system feature:
$ echo <(ls -l)
/dev/fd/63
You can use the following command:
strace -T command 2>&1 >/dev/null | awk '{gsub(/[<>]/,"",$NF)}$NF+.0>1.0'
Explanation:
strace -T adds the time spent in the syscall end the end of the line, enclosed in <...>
2>&1 >/dev/null | awk pipes stderr to awk. (strace writes it's output to stderr!)
The awk command removes the <> from the last field $NF and prints lines where the time spent is higher than a second.
Probably you'll also want to pass the threshold as a variable to the awk command:
strace -T command 2>&1 >/dev/null \
| awk -v thres=0.001 '{gsub(/[<>]/,"",$NF)}$NF+.0>thres+.0'
I am currently doing an exercise that requires me to write a script that kills the "sleep" process based on the nice value of it. So in one terminal, a sleep command of 100 (with the default niceness value of 0) would be terminated immediately when I run my script in another terminal. However, I'm having trouble writing the script for it. Here is what I have so far:
#!/usr/local/bin/bash
nice="$(ps eo pid,user,nice,command | grep sleep)"
if nice <= 4
then
kill -9 sleep
fi
My question is: How do I get the nice value from a command into a simple variable that I can run through my if statement?
Also, I'm running into trouble running my scripts. When I have a sleep command run in one terminal, and try to input sh kill_sleep.sh, it insists that it can't open it. What could be going wrong?
The command below kills all sleep processes with niceness <= 4:
ps -o pid= -o nice= -C sleep | awk '$2<=4{system("kill " $1)}'
The option -C sleep tells ps to select only sleep commands.
The options -o pid= -o nice= specify that ps should output the process ID and the nice value while omitting the header.
In the awk command, $2<=4 selects only those lines that have nice less than or equal to 4. (Since nice is the second value on each line of ps output, awk refers to it as $2.)
For those selected lines, the awk command system("kill " $1) is run. This runs the shell command kill on the pid. (Since PID is the first value on each line of ps output, awk referes to it as $1.)
The kill pid command sends the process the default signal which is TERM. This signal allows the process to shut down properly. kill -9 should almost always be avoided.
You can also do it simply even without awk:
read pid nice < <(ps -C sleep ho pid,nice)
if (( $nice <= 4 ))
then kill $pid
fi
-C filters only sleep commands in ps output
h in ps -C sleep ho suppresses output of names of columns (header)
read assigns the according values to variables pid and nice
kill might be with -9 if you prefer
<(...) construct is process substitution, it allows to read from process output as if it was a file
If you want to reflect the possibility of several running sleep instances (and kill all which are not nice), you can read ps output in while loop:
while read pid nice; do
if (($nice <= 4))
then kill $pid;
fi
done < <(ps -C sleep ho pid,nice)
You can use awk to match one column and return another column:
sleep=$(ps eo pid,nice,command | awk '$3 == "sleep" && $2 <= 4 {print $1}')
if [ "$sleep" ]
then kill $sleep
fi
I am using a bash script that calls multiple processes which have to start up in a particular order, and certain actions have to be completed (they then print out certain messages to the logs) before the next one can be started. The bash script has the following code which works really well for most cases:
tail -Fn +1 "$log_file" | while read line; do
if echo "$line" | grep -qEi "$search_text"; then
echo "[INFO] $process_name process started up successfully"
pkill -9 -P $$ tail
return 0
elif echo "$line" | grep -qEi '^error\b'; then
echo "[INFO] ERROR or Exception is thrown listed below. $process_name process startup aborted"
echo " ($line) "
echo "[INFO] Please check $process_name process log file=$log_file for problems"
pkill -9 -P $$ tail
return 1
fi
done
However, when we set the processes to print logging in DEBUG mode, they print so much logging that this script cannot keep up, and it takes about 15 minutes after the process is complete for the bash script to catch up. Is there a way of optimizing this, like changing 'while read line' to 'while read 100 lines', or something like that?
How about not forking up to two grep processes per log line?
tail -Fn +1 "$log_file" | grep -Ei "$search_text|^error\b" | while read line; do
So one long running grep process shall do preprocessing if you will.
Edit: As noted in the comments, it is safer to add --line-buffered to the grep invocation.
Some tips relevant for this script:
Checking that the service is doing its job is a much better check for daemon startup than looking at the log output
You can use grep ... <<<"$line" to execute fewer echos.
You can use tail -f | grep -q ... to avoid the while loop by stopping as soon as there's a matching line.
If you can avoid -i on grep it might be significantly faster to process the input.
Thou shalt not kill -9.
I've been trying to display the type of terminal being used as the name only. For instance if I was using konsole it would display konsole. So far I've been using this command.
pstree -A -s $$
That outputs this.
systemd---konsole---bash---pstree
I have the following that can extract konsole from that line
pstree -A -s $$ | sed 's/systemd---//g;s/---.*//g' | head -1
and that outputs konsole properly. But some people have output from just the pstree command that can look like this.
systemd---kdeinit4---terminator---bash---pstree
or this
systemd---kdeinit4---lxterminal---bash---pstree
and then when I add the sed command it extracts kdeinit4 instead of terminator. I can think of a couple scenarios to extract the type of terminal but none that don't contain conditional statements to check for specific types of terminals. The problem I'm having is I can't accurately predict how many non or non-relative things may be infront or behind of the terminal name or what they will be nor can I accurately predict what the terminal name will be. Does anyone have any ideas on a solution to this?
You could use
ps -p "$PPID" -o comm=
Or
ps -p "$PPID" -o fname=
If your shell does not have PPID variable set you could get it with
ps -p "$(ps -p "$$" -o ppid= | sed 's|\s\+||')" -o fname=
Another theory is that the parent process of the current shell that doesn't belong to the same tty as the shell could actually be the one that produces the virtual terminal, so we could find it like this as well:
#!/bin/bash
shopt -s extglob
SHELLTTY=$(exec ps -p "$$" -o tty=)
P=$$
while read P < <(exec ps -p "$P" -o ppid=) && [[ $P == +([[:digit:]]) ]]; do
if read T < <(exec ps -p "$P" -o tty=) && [[ $T != "$SHELLTTY" ]]; then
ps -p "$P" -o comm=
break
fi
done
I don't know how to isolate the terminal name on your system, but as a parsing exercise, and assuming the terminal is directly running your bash you could pipe the pstree output through:
awk -F"---bash---" ' NF == 2 { count = split( $1, arr, "---" ); print arr [count]; }'
This will find the word prior to the "---bash---" which in your examples is
konsole
terminator
lxterminal
If you want different shell types, you could expand the field separator to include them like:
awk -F"---(bash|csh)---" ' NF == 2 { count = split( $1, arr, "---" ); print arr[count]; }'
Considering an imaginary line like:
systemd---imaginary---monkey---csh---pstree
the awk would find "monkey" as the terminal name as well as anything from your test set.
No guarantees here, but I think this will work most of the time, on linux:
ps -ocomm= $(lsof -tl /proc/$$/fd/0 | grep -Fxf <(lsof -t /dev/ptmx))
A little explanation is probably in order, but see man ps, man lsof and (especially) man pts for information.
/dev/ptmx is a pseudo-tty master (on modern linux systems, and some other unix(-like) systems). A program will have one of these open if it is a terminal emulator, a telnet/ssh daemon, or some other program which needs a captive terminal (screen, for example). The emulator writes to the pseudo-tty master what it wants to "type", and reads the result from the pseudo-tty slave.
/proc/$$/fd/0 is stdin of process $$ (i.e. the shell in which the command is executed). If stdin has not been redirected, this will be a symlink to some slave pseudotty, /dev/pts/#. That is the other side of the /dev/ptmx device, and consequently all of the programs listed above which have /dev/ptmx open will also have some /dev/pts/# slave open as well. (You might think that you could use /dev/stdin or /dev/fd/0 instead of /proc/$$/fd/0, but those would be opened by lsof itself, and consequently would be its stdin; because of the way lsof is implemented, that won't work.) The -l option to lsof causes it to follow symlinks, so that will cause it to show the process which have the same pts open as the current shell.
The -t option to lsof causes it to produce "terse" output, consisting only of pids, one per line. The -Fx options to grep cause it to match strings, rather than regex, and to force a full line match; the -f FILE option causes it to accept the strings to match from FILE (which in this case is a process substitution), one per line.
Finally, ps -ocomm= prints out the "command" (chopped, by default, to 8 characters) corresponding to a pid.
In short, the command finds a list of terminal emulators and other master similar programs which have a master pseudo-tty, and a list of processes which use the pseudo-tty slave; finds the intersection between the two, and then looks up the command name for whatever results.
curTerm=$(update-alternatives --query x-terminal-emulator | grep '^Best:')
curTerm=${curTerm##*/}
printf "%s\n" "$curTerm"
And the result is
terminator
Of course it can be different.
Now you can use $curTerm variable in your sed command.
But I am not sure if this is going to work properly with symlinks.