Linux命令——ps、pstree
转载请注明出处:https://www.cnblogs.com/kelamoyujuzhen/p/9814883.html
ps
简介
ps(processes status)是Unix / Linux上的一个实用程序,用于查看系统上正在运行的进程的信息。ps命令默认安装,即使最小化安装也会有这个命令。ps命令从/proc文件系统中的虚拟文件中读取信息。 ps命令是系统管理的重要工具之一,专门用于进程监视,以帮助程序开发了解Linux系统上的最新情况。
请注意,ps生成带有标题行的输出,表示每列信息的含义。
用法演示
ps aux
a = show processes for all users 与terminal相关的进程
u = display the process's user/owner
x = also show you (runner of the ps command, root in this case) all processes, not just ones attached to a terminal. This will include processes such as services like crond, upowerd, etc. 除了与终端相关的进程,还显示与terminal无关的进程
由于加上x后输出信息较多,示例没有加x
[root@localhost ~]# ps au USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1414 0.0 0.0 4060 596 tty1 Ss+ 06:05 0:00 /sbin/mingetty /dev/tty1 root 1416 0.0 0.0 4060 596 tty2 Ss+ 06:05 0:00 /sbin/mingetty /dev/tty2 root 1418 0.0 0.0 4060 596 tty3 Ss+ 06:05 0:00 /sbin/mingetty /dev/tty3 root 1420 0.0 0.0 4060 592 tty4 Ss+ 06:05 0:00 /sbin/mingetty /dev/tty4 root 1422 0.0 0.0 4060 588 tty5 Ss+ 06:05 0:00 /sbin/mingetty /dev/tty5 root 1425 0.0 0.0 4060 592 tty6 Ss+ 06:05 0:00 /sbin/mingetty /dev/tty6 root 1431 0.0 0.0 108320 1916 pts/0 Ss 06:06 0:00 -bash root 1535 0.0 0.0 110248 1180 pts/0 R+ 07:11 0:00 ps au
- USER:该 process 属于哪个用户
- PID :该 process 的PID
- %CPU:该 process 使用掉的 CPU 资源百分比;
- %MEM:该 process 所占用的实体内存百分比;
- VSZ :该 process 使用掉的虚拟内存量 (Kbytes)
- RSS :该 process 占用的固定的内存量 (Kbytes)
- TTY :该 process 是在那个终端机上面运行,若与终端机无关则显示 ?,另外, tty1-tty6 是本机上面的登陆者程序,若为 pts/0 等等的,则表示为由网络连接进主机的程序。
- STAT:该程序目前的状态,状态显示与 ps -l 的 S 旗标相同 (R/S/T/Z)
- START:该 process 被触发启动的时间;
R:running
S:interruptable sleeping 可中断睡眠
D: uninterruptable sleeping不可中断睡眠
T: stopped
Z: zombie僵尸进程。通常,造成僵尸程序的成因是因为该程序应该已经运行完毕,或者是因故应该要终止了, 但是该程序的父程序却无法完整的将该程序结束掉,而造成那个程序一直存在内存当中。 如果你发现在某个程序的 CMD 后面还接上 <defunct> 时,就代表该程序是僵尸程序啦,例如:
apache 8683 0.0 0.9 83384 9992 ? Z 14:33 0:00 /usr/sbin/httpd <defunct>
通常僵尸进程交由init或者systemd进程处理,如果init或者systemd也干不死,那只能reboot了。
+: 前台进程
l: 多线程进程
N:低优先级进程
<:高优先级进程
s: session leader
- TIME :该 process 实际使用 CPU 运行的时间。
- COMMAND:该程序的实际命令为何?
ps -f 或者 -F可以多显示几列。其中-F显示的能更多些
[root@localhost ~]# ps -f UID PID PPID C STIME TTY TIME CMD root 4360 1305 0 10:11 pts/1 00:00:00 -bash root 4384 4360 0 10:11 pts/1 00:00:00 ps -f [root@localhost ~]# ps -F UID PID PPID C SZ RSS PSR STIME TTY TIME CMD root 4360 1305 0 28859 2020 0 10:11 pts/1 00:00:00 -bash root 4387 4360 0 38831 1844 1 10:11 pts/1 00:00:00 ps -F
使用-L还可以显示NLWP (number of threads) 和 LWP (thread ID) 列
[root@localhost ~]# ps -L PID LWP TTY TIME CMD 4360 4360 pts/1 00:00:00 bash 4804 4804 pts/1 00:00:00 ps [root@localhost ~]# ps -Lf UID PID PPID LWP C NLWP STIME TTY TIME CMD root 4360 1305 4360 0 1 10:11 pts/1 00:00:00 -bash root 4814 4360 4814 0 1 10:20 pts/1 00:00:00 ps -Lf [root@localhost ~]# ps -LF UID PID PPID LWP C NLWP SZ RSS PSR STIME TTY TIME CMD root 4360 1305 4360 0 1 28859 2024 0 10:11 pts/1 00:00:00 -bash root 4824 4360 4824 0 1 38831 1840 1 10:20 pts/1 00:00:00 ps -LF
显示Linux系统下所有活跃进程
ps -A 或 ps -e
[root@localhost proc]# ps -e PID TTY TIME CMD 1 ? 00:00:01 systemd 2 ? 00:00:00 kthreadd 3 ? 00:00:00 ksoftirqd/0 5 ? 00:00:00 kworker/0:0H 6 ? 00:00:00 kworker/u256:0 7 ? 00:00:00 migration/0 8 ? 00:00:00 rcu_bh 9 ? 00:00:00 rcu_sched 10 ? 00:00:00 lru-add-drain 11 ? 00:00:00 watchdog/0 12 ? 00:00:00 watchdog/1 13 ? 00:00:00 migration/1 14 ? 00:00:00 ksoftirqd/1 16 ? 00:00:00 kworker/1:0H 17 ? 00:00:00 watchdog/2 18 ? 00:00:00 migration/2 19 ? 00:00:00 ksoftirqd/2 21 ? 00:00:00 kworker/2:0H 22 ? 00:00:00 watchdog/3 23 ? 00:00:00 migration/3 24 ? 00:00:00 ksoftirqd/3 26 ? 00:00:00 kworker/3:0H 28 ? 00:00:00 kdevtmpfs 29 ? 00:00:00 netns 30 ? 00:00:00 khungtaskd 31 ? 00:00:00 writeback 32 ? 00:00:00 kintegrityd 33 ? 00:00:00 bioset 34 ? 00:00:00 kblockd 35 ? 00:00:00 md 36 ? 00:00:00 edac-poller 38 ? 00:00:00 kworker/1:1 43 ? 00:00:00 kswapd0 44 ? 00:00:00 ksmd 45 ? 00:00:00 khugepaged 46 ? 00:00:00 crypto 54 ? 00:00:00 kthrotld 56 ? 00:00:00 kmpath_rdacd 57 ? 00:00:00 kaluad 58 ? 00:00:00 kpsmoused 59 ? 00:00:01 kworker/0:2 60 ? 00:00:00 ipv6_addrconf 73 ? 00:00:00 deferwq 105 ? 00:00:00 kauditd 290 ? 00:00:00 mpt_poll_0 292 ? 00:00:00 ata_sff 293 ? 00:00:00 mpt/0 300 ? 00:00:00 scsi_eh_0 301 ? 00:00:00 scsi_tmf_0 302 ? 00:00:00 kworker/u256:2 303 ? 00:00:00 scsi_eh_1 304 ? 00:00:00 scsi_tmf_1 305 ? 00:00:00 scsi_eh_2 306 ? 00:00:00 scsi_tmf_2 309 ? 00:00:00 ttm_swap 310 ? 00:00:00 irq/16-vmwgfx 322 ? 00:00:00 kworker/3:2 330 ? 00:00:00 kworker/1:2 387 ? 00:00:00 kdmflush 388 ? 00:00:00 bioset 398 ? 00:00:00 kdmflush 400 ? 00:00:00 bioset 413 ? 00:00:00 bioset 414 ? 00:00:00 xfsalloc 415 ? 00:00:00 xfs_mru_cache 416 ? 00:00:00 xfs-buf/dm-0 417 ? 00:00:00 xfs-data/dm-0 418 ? 00:00:00 xfs-conv/dm-0 419 ? 00:00:00 xfs-cil/dm-0 420 ? 00:00:00 xfs-reclaim/dm- 421 ? 00:00:00 xfs-log/dm-0 422 ? 00:00:00 xfs-eofblocks/d 423 ? 00:00:00 xfsaild/dm-0 424 ? 00:00:00 kworker/0:1H 493 ? 00:00:00 systemd-journal 520 ? 00:00:00 lvmetad 529 ? 00:00:00 systemd-udevd 548 ? 00:00:00 nfit 613 ? 00:00:00 xfs-buf/sda1 614 ? 00:00:00 xfs-data/sda1 615 ? 00:00:00 xfs-conv/sda1 616 ? 00:00:00 xfs-cil/sda1 617 ? 00:00:00 xfs-reclaim/sda 618 ? 00:00:00 xfs-log/sda1 619 ? 00:00:00 xfs-eofblocks/s 620 ? 00:00:00 xfsaild/sda1 623 ? 00:00:00 kdmflush 624 ? 00:00:00 bioset 631 ? 00:00:00 xfs-buf/dm-2 632 ? 00:00:00 xfs-data/dm-2 633 ? 00:00:00 xfs-conv/dm-2 634 ? 00:00:00 xfs-cil/dm-2 635 ? 00:00:00 xfs-reclaim/dm- 636 ? 00:00:00 xfs-log/dm-2 637 ? 00:00:00 xfs-eofblocks/d 638 ? 00:00:00 xfsaild/dm-2 660 ? 00:00:00 auditd 683 ? 00:00:00 dbus-daemon 686 ? 00:00:00 polkitd 688 ? 00:00:00 irqbalance 689 ? 00:00:00 systemd-logind 693 ? 00:00:00 crond 698 ? 00:00:00 login 705 ? 00:00:00 firewalld 707 ? 00:00:00 NetworkManager 754 ? 00:00:00 kworker/2:1H 826 ? 00:00:00 kworker/3:1H 838 ? 00:00:00 dhclient 1021 ? 00:00:00 tuned 1022 ? 00:00:00 sshd 1023 ? 00:00:00 rsyslogd 1170 ? 00:00:00 master 1176 ? 00:00:00 pickup 1177 ? 00:00:00 qmgr 1284 tty1 00:00:00 bash 1299 ? 00:00:00 kworker/1:1H 1305 ? 00:00:00 sshd 1309 pts/0 00:00:00 bash 1455 ? 00:00:00 kworker/3:3 1477 ? 00:00:00 memcached 2198 ? 00:00:00 kworker/2:0 2321 ? 00:00:00 kworker/0:0 2894 ? 00:00:00 kworker/2:2 3163 ? 00:00:00 kworker/2:1 3331 ? 00:00:00 kworker/0:1 3346 pts/0 00:00:00 ps [root@localhost proc]# ps -A PID TTY TIME CMD 1 ? 00:00:01 systemd 2 ? 00:00:00 kthreadd 3 ? 00:00:00 ksoftirqd/0 5 ? 00:00:00 kworker/0:0H 6 ? 00:00:00 kworker/u256:0 7 ? 00:00:00 migration/0 8 ? 00:00:00 rcu_bh 9 ? 00:00:00 rcu_sched 10 ? 00:00:00 lru-add-drain 11 ? 00:00:00 watchdog/0 12 ? 00:00:00 watchdog/1 13 ? 00:00:00 migration/1 14 ? 00:00:00 ksoftirqd/1 16 ? 00:00:00 kworker/1:0H 17 ? 00:00:00 watchdog/2 18 ? 00:00:00 migration/2 19 ? 00:00:00 ksoftirqd/2 21 ? 00:00:00 kworker/2:0H 22 ? 00:00:00 watchdog/3 23 ? 00:00:00 migration/3 24 ? 00:00:00 ksoftirqd/3 26 ? 00:00:00 kworker/3:0H 28 ? 00:00:00 kdevtmpfs 29 ? 00:00:00 netns 30 ? 00:00:00 khungtaskd 31 ? 00:00:00 writeback 32 ? 00:00:00 kintegrityd 33 ? 00:00:00 bioset 34 ? 00:00:00 kblockd 35 ? 00:00:00 md 36 ? 00:00:00 edac-poller 38 ? 00:00:00 kworker/1:1 43 ? 00:00:00 kswapd0 44 ? 00:00:00 ksmd 45 ? 00:00:00 khugepaged 46 ? 00:00:00 crypto 54 ? 00:00:00 kthrotld 56 ? 00:00:00 kmpath_rdacd 57 ? 00:00:00 kaluad 58 ? 00:00:00 kpsmoused 59 ? 00:00:01 kworker/0:2 60 ? 00:00:00 ipv6_addrconf 73 ? 00:00:00 deferwq 105 ? 00:00:00 kauditd 290 ? 00:00:00 mpt_poll_0 292 ? 00:00:00 ata_sff 293 ? 00:00:00 mpt/0 300 ? 00:00:00 scsi_eh_0 301 ? 00:00:00 scsi_tmf_0 302 ? 00:00:00 kworker/u256:2 303 ? 00:00:00 scsi_eh_1 304 ? 00:00:00 scsi_tmf_1 305 ? 00:00:00 scsi_eh_2 306 ? 00:00:00 scsi_tmf_2 309 ? 00:00:00 ttm_swap 310 ? 00:00:00 irq/16-vmwgfx 322 ? 00:00:00 kworker/3:2 330 ? 00:00:00 kworker/1:2 387 ? 00:00:00 kdmflush 388 ? 00:00:00 bioset 398 ? 00:00:00 kdmflush 400 ? 00:00:00 bioset 413 ? 00:00:00 bioset 414 ? 00:00:00 xfsalloc 415 ? 00:00:00 xfs_mru_cache 416 ? 00:00:00 xfs-buf/dm-0 417 ? 00:00:00 xfs-data/dm-0 418 ? 00:00:00 xfs-conv/dm-0 419 ? 00:00:00 xfs-cil/dm-0 420 ? 00:00:00 xfs-reclaim/dm- 421 ? 00:00:00 xfs-log/dm-0 422 ? 00:00:00 xfs-eofblocks/d 423 ? 00:00:00 xfsaild/dm-0 424 ? 00:00:00 kworker/0:1H 493 ? 00:00:00 systemd-journal 520 ? 00:00:00 lvmetad 529 ? 00:00:00 systemd-udevd 548 ? 00:00:00 nfit 613 ? 00:00:00 xfs-buf/sda1 614 ? 00:00:00 xfs-data/sda1 615 ? 00:00:00 xfs-conv/sda1 616 ? 00:00:00 xfs-cil/sda1 617 ? 00:00:00 xfs-reclaim/sda 618 ? 00:00:00 xfs-log/sda1 619 ? 00:00:00 xfs-eofblocks/s 620 ? 00:00:00 xfsaild/sda1 623 ? 00:00:00 kdmflush 624 ? 00:00:00 bioset 631 ? 00:00:00 xfs-buf/dm-2 632 ? 00:00:00 xfs-data/dm-2 633 ? 00:00:00 xfs-conv/dm-2 634 ? 00:00:00 xfs-cil/dm-2 635 ? 00:00:00 xfs-reclaim/dm- 636 ? 00:00:00 xfs-log/dm-2 637 ? 00:00:00 xfs-eofblocks/d 638 ? 00:00:00 xfsaild/dm-2 660 ? 00:00:00 auditd 683 ? 00:00:00 dbus-daemon 686 ? 00:00:00 polkitd 688 ? 00:00:00 irqbalance 689 ? 00:00:00 systemd-logind 693 ? 00:00:00 crond 698 ? 00:00:00 login 705 ? 00:00:00 firewalld 707 ? 00:00:00 NetworkManager 754 ? 00:00:00 kworker/2:1H 826 ? 00:00:00 kworker/3:1H 838 ? 00:00:00 dhclient 1021 ? 00:00:00 tuned 1022 ? 00:00:00 sshd 1023 ? 00:00:00 rsyslogd 1170 ? 00:00:00 master 1176 ? 00:00:00 pickup 1177 ? 00:00:00 qmgr 1284 tty1 00:00:00 bash 1299 ? 00:00:00 kworker/1:1H 1305 ? 00:00:00 sshd 1309 pts/0 00:00:00 bash 1455 ? 00:00:00 kworker/3:3 1477 ? 00:00:00 memcached 2198 ? 00:00:00 kworker/2:0 2321 ? 00:00:00 kworker/0:0 2894 ? 00:00:00 kworker/2:2 3163 ? 00:00:00 kworker/2:1 3331 ? 00:00:00 kworker/0:1 3350 pts/0 00:00:00 ps
显示某个用户的所有进程
可以根据数值ID找到用户(-u),也可以根据用户名(-U)
这里以root为例。参考:【问题】root账号的UID和GID永远是0吗?
ps -fU root 或 ps -fu 0
输出结果完全一样
显示某个组的所有进程
同上,只不过换成-G
ps -fG 0 或 ps -fG root
根据PID显示进程
-p 或 --pid
[root@localhost home]# ps -fp 698 UID PID PPID C STIME TTY TIME CMD root 698 1 0 09:02 ? 00:00:00 login -- root [root@localhost home]# ps -f --pid 698 UID PID PPID C STIME TTY TIME CMD root 698 1 0 09:02 ? 00:00:00 login -- root
也可以一次显示多个进程
[root@localhost home]# ps -f --pid 698,1309 UID PID PPID C STIME TTY TIME CMD root 698 1 0 09:02 ? 00:00:00 login -- root root 1309 1305 0 09:04 pts/0 00:00:00 -bash [root@localhost home]# ps -fp 698,1309 UID PID PPID C STIME TTY TIME CMD root 698 1 0 09:02 ? 00:00:00 login -- root root 1309 1305 0 09:04 pts/0 00:00:00 -bash
根据tty显示进程
[root@localhost home]# ps -t tty1 PID TTY TIME CMD 1284 tty1 00:00:00 bash [root@localhost home]# ps -ft tty1 UID PID PPID C STIME TTY TIME CMD root 1284 698 0 09:02 tty1 00:00:00 -bash
显示进程树
对于父子进程,如果父亲死了,子进程的的父进程就变成了init或systemd
显示系统上所有进程的进程树
ps -e --forest
显示给定进程的进程树
-C:Select by command name。这个命令会把name指定进程的所有子进程显示出来
[root@localhost home]# ps -f --forest -C sshd UID PID PPID C STIME TTY TIME CMD root 1022 1 0 09:02 ? 00:00:00 /usr/sbin/sshd -D root 1305 1022 0 09:04 ? 00:00:00 \_ sshd: root@pts/0,pts/1,pts/2 [root@localhost home]# ps -ef --forest | grep -v grep | grep sshd root 1022 1 0 09:02 ? 00:00:00 /usr/sbin/sshd -D root 1305 1022 0 09:04 ? 00:00:00 \_ sshd: root@pts/0,pts/1,pts/2
指定查看ps某些列的输出
使用-o选项
ruser,pid,ppid,lwp(线程low weight process),psr(处理器processor),args(用comm也行),etime(elapsed time,自从该进程/线程启动过了多长时间)
[root@localhost home]# ps -o pid,ppid,user,cmd PID PPID USER CMD 4967 1305 root -bash 16053 4967 root ps -o pid,ppid,user,cmd
根据PID查找进程
[root@localhost home]# ps -f --forest -C sshd UID PID PPID C STIME TTY TIME CMD root 1022 1 0 09:02 ? 00:00:00 /usr/sbin/sshd -D root 1305 1022 0 09:04 ? 00:00:00 \_ sshd: root@pts/0,pts/1,pts/2 [root@localhost home]# ps -p 1022 -o comm COMMAND sshd
显示一个进程及其所有子进程的pid
[root@localhost home]# ps -C sshd -o pid PID 1022 1305
显示某一服务执行多长时间
[root@localhost home]# ps -eo comm,etime,user | grep sshd sshd 02:06:51 root sshd 02:04:49 root
查找当前系统下,CPU 或 内存占用率最高的进程
[root@localhost home]# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head PID PPID CMD %MEM %CPU 705 1 /usr/bin/python -Es /usr/sb 0.7 0.0 1021 1 /usr/bin/python -Es /usr/sb 0.4 0.0 686 1 /usr/lib/polkit-1/polkitd - 0.3 0.0 707 1 /usr/sbin/NetworkManager -- 0.2 0.0 1023 1 /usr/sbin/rsyslogd -n 0.2 0.0 1 0 /usr/lib/systemd/systemd -- 0.1 0.0 1305 1022 sshd: root@pts/0,pts/1,pts/ 0.1 0.0 838 707 /sbin/dhclient -d -q -sf /u 0.1 0.0 529 1 /usr/lib/systemd/systemd-ud 0.1 0.0 [root@localhost home]# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head PID PPID CMD %MEM %CPU 1 0 /usr/lib/systemd/systemd -- 0.1 0.0 2 0 [kthreadd] 0.0 0.0 3 2 [ksoftirqd/0] 0.0 0.0 5 2 [kworker/0:0H] 0.0 0.0 6 2 [kworker/u256:0] 0.0 0.0 7 2 [migration/0] 0.0 0.0 8 2 [rcu_bh] 0.0 0.0 9 2 [rcu_sched] 0.0 0.0 10 2 [lru-add-drain] 0.0 0.0
对于那些未响应进程,或占用资源奇高的进程可以找到他并杀死
首先找到该进程,然后杀死该进程
借助watch命令执行实时进程监控
ps命令显示静态信息,可以借助watch命令实时监控进程信息,还能制定监控那些项
watch -n 1 'ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head'
Every 1.0s: ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head Fri Oct 19 11:18:19 2018 PID PPID CMD %MEM %CPU 705 1 /usr/bin/python -Es /usr/sb 0.7 0.0 1021 1 /usr/bin/python -Es /usr/sb 0.4 0.0 686 1 /usr/lib/polkit-1/polkitd - 0.3 0.0 707 1 /usr/sbin/NetworkManager -- 0.2 0.0 1023 1 /usr/sbin/rsyslogd -n 0.2 0.0 1 0 /usr/lib/systemd/systemd -- 0.1 0.0 1305 1022 sshd: root@pts/0,pts/1,pts/ 0.1 0.0 838 707 /sbin/dhclient -d -q -sf /u 0.1 0.0 529 1 /usr/lib/systemd/systemd-ud 0.1 0.0
显示安全信息
尤其对于SELinux,如下命令显示安全信息
ps -eM 或 ps --context
也可以指定输出哪些项,使用选项-o
ps -eo ruser,pid,ppid,lwp(线程low weight process),psr(处理器processor),args(用comm也行),etime(elapsed time,自从该进程/线程启动过了多长时间)
[root@localhost home]# ps -eo euser,ruser,suser,fuser,f,comm,label EUSER RUSER SUSER FUSER F COMMAND LABEL root root root root 4 systemd system_u:system_r:init_t:s0 root root root root 1 kthreadd system_u:system_r:kernel_t:s0 root root root root 1 ksoftirqd/0 system_u:system_r:kernel_t:s0 root root root root 1 kworker/0:0H system_u:system_r:kernel_t:s0 root root root root 1 kworker/u256:0 system_u:system_r:kernel_t:s0 root root root root 1 migration/0 system_u:system_r:kernel_t:s0 root root root root 1 rcu_bh system_u:system_r:kernel_t:s0
与watch搭配使用动态显示进程信息
watch -n 2 'ps -aef | grep firefox'
pstree
ps命令可以显示当前正在运行的那些进程的信息,但是对于它们之间的关系却显示得不够清晰。在Linux系统中,系统调用fork可以创建子进程,通过子shell也可以创建子进程,Linux系统中进程之间的关系天生就是一棵树,树的根就是进程PID为1的init 或 systemd进程。
最小化安装时,默认没有这个命令。需要单独安装yum -y install psmisc
简介
pstree将运行进程显示为树。 如果省略pid,树将以pid或init为根。 如果指定了用户名,则会显示该用户拥有进程的所有进程树。 pstree在视觉上合并相同的分支,方法是将它们放在方括号中,并在前面添加重复计数
用法演示
最简单的做法
不带任何参数
[root@localhost home]# pstree systemd─┬─NetworkManager─┬─dhclient │ └─2*[{NetworkManager}] ├─auditd───{auditd} ├─crond ├─dbus-daemon───{dbus-daemon} ├─firewalld───{firewalld} ├─irqbalance ├─login───bash ├─lvmetad ├─master─┬─pickup │ └─qmgr ├─memcached───5*[{memcached}] ├─polkitd───5*[{polkitd}] ├─rsyslogd───2*[{rsyslogd}] ├─sshd───sshd─┬─bash───man───less │ ├─bash │ └─bash───pstree ├─systemd-journal ├─systemd-logind ├─systemd-udevd └─tuned───4*[{tuned}]
显示命令行参数
使用-a参数
[root@localhost home]# pstree -a systemd --switched-root --system --deserialize 22 ├─NetworkManager --no-daemon │ ├─dhclient -d -q -sf /usr/libexec/nm-dhcp-helper -pf /var/run/dhclient-eth0.pid -lf... │ └─2*[{NetworkManager}] ├─auditd │ └─{auditd} ├─crond -n ├─dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation │ └─{dbus-daemon} ├─firewalld -Es /usr/sbin/firewalld --nofork --nopid │ └─{firewalld} ├─irqbalance --foreground ├─login │ └─bash ├─lvmetad -f ├─master -w │ ├─pickup -l -t unix -u │ └─qmgr -l -t unix -u ├─memcached -d -u root │ └─5*[{memcached}] ├─polkitd --no-debug │ └─5*[{polkitd}] ├─rsyslogd -n │ └─2*[{rsyslogd}] ├─sshd -D │ └─sshd │ ├─bash │ │ └─man ps │ │ └─less -s │ ├─bash │ └─bash │ └─pstree -a ├─systemd-journal ├─systemd-logind ├─systemd-udevd └─tuned -Es /usr/sbin/tuned -l -P └─4*[{tuned}]
强制pstree展开一样的子树
使用-c参数
[root@localhost home]# pstree -c systemd─┬─NetworkManager─┬─dhclient │ ├─{NetworkManager} │ └─{NetworkManager} ├─auditd───{auditd} ├─crond ├─dbus-daemon───{dbus-daemon} ├─firewalld───{firewalld} ├─irqbalance ├─login───bash ├─lvmetad ├─master─┬─pickup │ └─qmgr ├─memcached─┬─{memcached} │ ├─{memcached} │ ├─{memcached} │ ├─{memcached} │ └─{memcached} ├─polkitd─┬─{polkitd} │ ├─{polkitd} │ ├─{polkitd} │ ├─{polkitd} │ └─{polkitd} ├─rsyslogd─┬─{rsyslogd} │ └─{rsyslogd} ├─sshd───sshd─┬─bash───man───less │ ├─bash │ └─bash───pstree ├─systemd-journal ├─systemd-logind ├─systemd-udevd └─tuned─┬─{tuned} ├─{tuned} ├─{tuned} └─{tuned}
对特定进程高亮显示
使用-H参数
pstree -H [PID]
[root@localhost home]# ps PID TTY TIME CMD 4967 pts/2 00:00:00 bash 18153 pts/2 00:00:00 ps [root@localhost home]# pstree -H 4967 systemd─┬─NetworkManager─┬─dhclient │ └─2*[{NetworkManager}] ├─auditd───{auditd} ├─crond ├─dbus-daemon───{dbus-daemon} ├─firewalld───{firewalld} ├─irqbalance ├─login───bash ├─lvmetad ├─master─┬─pickup │ └─qmgr ├─memcached───5*[{memcached}] ├─polkitd───5*[{polkitd}] ├─rsyslogd───2*[{rsyslogd}] ├─sshd───sshd─┬─bash───man───less │ ├─bash │ └─bash───pstree ├─systemd-journal ├─systemd-logind ├─systemd-udevd └─tuned───4*[{tuned}]
显示进程组ID
使用-g参数
[root@localhost home]# pstree -g systemd(1)─┬─NetworkManager(707)─┬─dhclient(838) │ ├─{NetworkManager}(707) │ └─{NetworkManager}(707) ├─auditd(660)───{auditd}(660) ├─crond(693) ├─dbus-daemon(683)───{dbus-daemon}(683) ├─firewalld(705)───{firewalld}(705) ├─irqbalance(688) ├─login(698)───bash(1284) ├─lvmetad(520) ├─master(1170)─┬─pickup(1170) │ └─qmgr(1170) ├─memcached(1477)─┬─{memcached}(1477) │ ├─{memcached}(1477) │ ├─{memcached}(1477) │ ├─{memcached}(1477) │ └─{memcached}(1477) ├─polkitd(686)─┬─{polkitd}(686) │ ├─{polkitd}(686) │ ├─{polkitd}(686) │ ├─{polkitd}(686) │ └─{polkitd}(686) ├─rsyslogd(1023)─┬─{rsyslogd}(1023) │ └─{rsyslogd}(1023) ├─sshd(1022)───sshd(1305)─┬─bash(1309)───man(4261)───less(4261) │ ├─bash(4360) │ └─bash(4967)───pstree(18242) ├─systemd-journal(493) ├─systemd-logind(689) ├─systemd-udevd(529) └─tuned(1021)─┬─{tuned}(1021) ├─{tuned}(1021) ├─{tuned}(1021) └─{tuned}(1021)
根据PID排序输出
默认情况下,pstree对有相同祖先的进程按名字排序。借助-n参数可以按pid排序
[root@localhost home]# pstree -n systemd─┬─systemd-journal ├─lvmetad ├─systemd-udevd ├─auditd───{auditd} ├─dbus-daemon───{dbus-daemon} ├─polkitd───5*[{polkitd}] ├─irqbalance ├─systemd-logind ├─crond ├─login───bash ├─firewalld───{firewalld} ├─NetworkManager─┬─2*[{NetworkManager}] │ └─dhclient ├─tuned───4*[{tuned}] ├─sshd───sshd─┬─bash───man───less │ ├─bash │ └─bash───pstree ├─rsyslogd───2*[{rsyslogd}] ├─master─┬─qmgr │ └─pickup └─memcached───5*[{memcached}]
-p参数可以显示pid
[root@localhost home]# pstree -pn systemd(1)─┬─systemd-journal(493) ├─lvmetad(520) ├─systemd-udevd(529) ├─auditd(660)───{auditd}(661) ├─dbus-daemon(683)───{dbus-daemon}(684) ├─polkitd(686)─┬─{polkitd}(699) │ ├─{polkitd}(700) │ ├─{polkitd}(701) │ ├─{polkitd}(702) │ └─{polkitd}(703) ├─irqbalance(688) ├─systemd-logind(689) ├─crond(693) ├─login(698)───bash(1284) ├─firewalld(705)───{firewalld}(835) ├─NetworkManager(707)─┬─{NetworkManager}(720) │ ├─{NetworkManager}(723) │ └─dhclient(838) ├─tuned(1021)─┬─{tuned}(1261) │ ├─{tuned}(1262) │ ├─{tuned}(1263) │ └─{tuned}(1276) ├─sshd(1022)───sshd(1305)─┬─bash(1309)───man(4261)───less(4272) │ ├─bash(4360) │ └─bash(4967)───pstree(18705) ├─rsyslogd(1023)─┬─{rsyslogd}(1026) │ └─{rsyslogd}(1030) ├─master(1170)─┬─qmgr(1177) │ └─pickup(5963) └─memcached(1477)─┬─{memcached}(1478) ├─{memcached}(1479) ├─{memcached}(1480) ├─{memcached}(1481) └─{memcached}(1482)
显示特定用户下进程的进程树
[root@localhost home]# pstree root systemd─┬─NetworkManager─┬─dhclient │ └─2*[{NetworkManager}] ├─auditd───{auditd} ├─crond ├─dbus-daemon───{dbus-daemon} ├─firewalld───{firewalld} ├─irqbalance ├─login───bash ├─lvmetad ├─master─┬─pickup │ └─qmgr ├─memcached───5*[{memcached}] ├─polkitd───5*[{polkitd}] ├─rsyslogd───2*[{rsyslogd}] ├─sshd───sshd─┬─bash───man───less │ ├─bash │ └─bash───pstree ├─systemd-journal ├─systemd-logind ├─systemd-udevd └─tuned───4*[{tuned}]
只显示具体进程的父子信息
使用-s参数
远程终端链接使用pstree显示乱码
使用-G参数
[root@localhost ~]# pstree -G systemdqwqNetworkManagerqwqdhclient x mq2*[{NetworkManager}] tqagetty tqauditdqqq{auditd} tqcrond tqdbus-daemonqqq{dbus-daemon} tqfirewalldqqq{firewalld} tqirqbalance tqlvmetad tqmasterqwqpickup x mqqmgr tqpolkitdqqq5*[{polkitd}] tqrsyslogdqqq2*[{rsyslogd}] tqsshdqqqsshdqwqbashqqqpstree x mqbashqqqmanqqqless tqsystemd-journal tqsystemd-logind tqsystemd-udevd mqtunedqqq4*[{tuned}]
