0

I have checked the sar report and found that CPU & Memory is getting utilized much more at particular time (for ex. day ago).

Is it possible to find which process was taking much CPU & Mem? How do we found which process were consuming that Memory & CPU.

Improve this question
3
  • What interval you are looking for ? Commented Mar 25, 2019 at 14:08
  • Suppose we had an incident on 25th of Feb and we got to know on 26th morning? Commented Mar 26, 2019 at 8:48
  • Well, From my understanding there is no was that you will be able to see history as by default it's not logged but you can script is to output in the file to look back! I would say it's better to run it every 2 mins as it will only create text file and then purge it every 5 days. Commented Mar 26, 2019 at 12:51

4 Answers 4

Reset to default
2

No.

Unless you have set some (complex) monitoring you won't be able to find out which process used CPU once process has exited.

there is no such "standard" thing as a table with

exec path;exec name;stime,etime,%sys,%io,%wait,%idle,...

you must catch the process during exec time.

Improve this answer
1

crontab -e

# min hr day month day_of_week

# every minute run :
1 * * * *   /root/watch_processes.sh

one time do manually: mkdir /root/process_watch

create simple script /root/watch_processes.sh

#!/bin/bash

#       %cpu    pid   command    args

ps -eo   "%C %P %U %c %a" > /root/process_watch/`date +%Y%m%d_%H%M`

The above will create a text file, every minute, having only the date as the filename but they will all be under the given folder which in the example above is /mkdir/process_watch. Adjust accordingly.

http://linuxcommand.org/lc3_man_pages/ps1.html

tweak the output as needed of ps -eo for every process, using %C %P %U %c %a will result in these 5 columns of data

  1. cpu %
  2. process id
  3. user name
  4. command running
  5. arguments given to command running

In each file you will get a lot of listing with 0.0 in the first column. Someone good with awk or sed can maybe add syntax to the above to filter out the 0% cpu processes.

like was said you have to catch the process when it happens, once the process finishes there is no record of pid# having taken %cpu when. You will have to do a process watch like this then go back and find the offenders.

Improve this answer
1
  • Is this the best Practice to have this kind of steps on Production Machines? Commented Mar 26, 2019 at 8:43
1

It's possible to look at CPU/Memory/Disk/Network state in the past with help atop -r. Then press t or T in order to go back or forward.

Improve this answer
0

This can be achieved by saving the output of top command in file:

Script:

NOW=`date "%y%m%d_%H%M%S"` ## to print the time.

echo "$NOW"
top > <PATH_TO_FILE>
exit 0

Once done you can put this script in cron to run at specific internal!!

Improve this answer
1
  • because top runs repeatedly in the terminal until q is pressed, generally updating every second or every 3 seconds, it will make a heck of a mess redirected into any output file. As well as never quit, so your exit 0 will never happen. Commented Mar 25, 2019 at 19:35

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.