Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
process accounting 1
- Thread starter w1nn3r
- Start date
You'll need to use a combination of "ps" to list processes, and "grep" to parse the ones you want (or skip the ones you don't care about). What do you have thus far?
Once you find users who are running too many processes, what action(s) do you plan to take?
"Proof that there is intelligent life in Oregon. Well, Life anyway.
Once you find users who are running too many processes, what action(s) do you plan to take?
"Proof that there is intelligent life in Oregon. Well, Life anyway.
- Thread starter
- #3
Yea, I know if I do ps aux | grep -v root | grep -v _pflog | grep -v smmsp that'll show all processes not belonging to _pflog, root and the sendmail daemon. But I'm a little foggy on the rest. Ultimately I'd like to be able to write the script so that if the script is run, and it exempts all those usernames, any other user it encounters it does a ps aux | grep <username> > /tmp/<username>-ps && wc -l /tmp/<username>-ps so that when it polls the whole OS it only does process counts for users currently running a process. Then I'd be able to fine tune it to exclude gcc, make/gmake or cc. Any help would be appreciated on how to do this.
- Thread starter
- #4
So far I have:
ps aux | awk {'print $1'} | grep -v _pflogd | grep -v smmsp | grep -v root | grep -v USER
which prints me off a list of usernames based on how many processes they're running, I can add grep -v lines before the awk but after ps aux to exclude gcc/make/gmake/cc etc processes, but how to I take that and turn it into something that can give me realtime counts of user processes?
ps aux | awk {'print $1'} | grep -v _pflogd | grep -v smmsp | grep -v root | grep -v USER
which prints me off a list of usernames based on how many processes they're running, I can add grep -v lines before the awk but after ps aux to exclude gcc/make/gmake/cc etc processes, but how to I take that and turn it into something that can give me realtime counts of user processes?
A way of doing this could go something like:
1. remove all processes you don't want included:
(ps aux | grep -v "^root" | egrep -v "gcc|make|cc" .... # I think is better that using the 'awk'
2. pipe it through a sort (on the first column):
... | sort -k1 | ...
3. pipe it through a 'while read line' do loop
4. count each occurrence of each username (in column 1)
5. display username and number of processes count
6. end of 'while read line' do loop
Alternatively an 'awk script' could probably exclude certain processes and then save users names and associated processes count.
As a useful scripting exercise, it might be a good idea to try both (and see which you like the best).
I hope that helps.
Mike
1. remove all processes you don't want included:
(ps aux | grep -v "^root" | egrep -v "gcc|make|cc" .... # I think is better that using the 'awk'
2. pipe it through a sort (on the first column):
... | sort -k1 | ...
3. pipe it through a 'while read line' do loop
4. count each occurrence of each username (in column 1)
5. display username and number of processes count
6. end of 'while read line' do loop
Alternatively an 'awk script' could probably exclude certain processes and then save users names and associated processes count.
As a useful scripting exercise, it might be a good idea to try both (and see which you like the best).
I hope that helps.
Mike
-
1
- #6
- Thread starter
- #7
Thanks sam, I've made a change to show 100 instead of 25, and I might eventually move this back to 200. This is what happens:
[root@staff ~]# ps -auxw | grep -v "^root" | egrep -v "gcc|make|cc|USER" | awk '{print $1}' | sort | uniq -c | sort -rn | head -100
2 xone
1 smmsp
1 _pflogd
[root@staff ~]#
How can I take the proc count on the left, and the username on the right and make a if else then statement so that if the proc count > 2 then it kills all processes by that username?
[root@staff ~]# ps -auxw | grep -v "^root" | egrep -v "gcc|make|cc|USER" | awk '{print $1}' | sort | uniq -c | sort -rn | head -100
2 xone
1 smmsp
1 _pflogd
[root@staff ~]#
How can I take the proc count on the left, and the username on the right and make a if else then statement so that if the proc count > 2 then it kills all processes by that username?
Something like this maybe...
Just uncomment the "[tt]pkill[/tt]" when you're ready to let it go a killin'.
Keep in mind this is very dangerous code. You might want to build in an exclusion list so you don't kill system valid processes. Or skip users who's UID is less than a certain value (assuming users you want to kill are above a certain number). Or only kill processes in a certain group (i.e. the group "users", and not "root", or "admin", or "bin", or "daemon", etc).
Code:
#!/bin/ksh
MAX=2
ps -auxw | \
egrep -v "^root|^daemon|^bin" | \
egrep -v "gcc|make|cc|USER" | \
awk '{print $1}' | \
sort | uniq -c | sort -rn | \
while read COUNT USER
do
if (( COUNT > MAX ))
then
print "Killing User ${USER}, ${COUNT} processes!"
#pkill -U ${USER}
fi
doneKeep in mind this is very dangerous code. You might want to build in an exclusion list so you don't kill system valid processes. Or skip users who's UID is less than a certain value (assuming users you want to kill are above a certain number). Or only kill processes in a certain group (i.e. the group "users", and not "root", or "admin", or "bin", or "daemon", etc).
stefanwagner
Programmer
How many users do you have? Did you consider using -u (or -U)
gives me all processes run by stefan.
don't visit my homepage:
Code:
ps -U stefandon't visit my homepage:
- Status
Similar threads
