This is my first post! I'm still figuring out the formatting here, but as a first intro to what I hope to post: Here's a little explanation of how to find the swap usage of each process on a system using bash.
Here we'll make use of the /proc file system, so we need that available - Note that some kernels do not make this available for security reasons, but we'll assume it's there for our purposes.
Within proc for each PID there's a file called status, this contains an entry called 'VmSwap' which is the currently allocated swap for that PID.
Here are 10 entries from a random host:
This is a good first start, but I want more relevant information to me, I'd like to add the process start date, the executable name and the current working directory to help identify which processes these are. For that I've created this loop which will go through the status files for each process and:
And it's output looks like this:
Excellent! Exactly what I wanted. With this I can then sort the output by usage or start date to find any processes which might be causing an issue.
Here we'll make use of the /proc file system, so we need that available - Note that some kernels do not make this available for security reasons, but we'll assume it's there for our purposes.
Within proc for each PID there's a file called status, this contains an entry called 'VmSwap' which is the currently allocated swap for that PID.
Here are 10 entries from a random host:
[root@randomhost ryanbeales]$grep "VmSwap" /proc/*/status | head /proc/10023/status:VmSwap: 644 kB /proc/10031/status:VmSwap: 636 kB /proc/10036/status:VmSwap: 0 kB /proc/10062/status:VmSwap: 640 kB /proc/10862/status:VmSwap: 644 kB /proc/1098/status:VmSwap: 628 kB /proc/1131/status:VmSwap: 548 kB /proc/11347/status:VmSwap: 640 kB /proc/11355/status:VmSwap: 468 kB /proc/11390/status:VmSwap: 0 kB
This is a good first start, but I want more relevant information to me, I'd like to add the process start date, the executable name and the current working directory to help identify which processes these are. For that I've created this loop which will go through the status files for each process and:
- If the swap variable is empty, ignore the PID as it isn't relevant
- If the swap space is less than 100kb, then I'm not concerned, ignore it
- Collect the start time of the process from ps - implication here is if there is a lot of swap usage in a short living PID then I'll want to focus on it more.
- Get the executable and working directory from proc
function get_swap_space() {
# Print column headers:
printf "PID kBSwap StartDate EXE CWD\n"
# Loop through all pids:
for file in /proc/*/status
do
# Get the PID and SWAP values from the status file
read PID SWAP <<< $(awk ' /VmSwap|^Pid/ {printf $2 " "} END{print ""}' $file 2>/dev/null)
# If the swap variable is empty, skip to the next one
if [ -z "$SWAP" ]; then continue; fi
# If less than 100kb of swap used, not significant, skip on.
if [ "$SWAP" -lt "100" ]; then continue; fi
START_TIME=$(ps -p $PID -o lstart= |tr ' ' '-')
CWD=$(readlink /proc/${PID}/cwd)
EXE=$(readlink /proc/${PID}/exe)
echo $PID $SWAP $START_TIME $EXE $CWD
done
}
[root@randomhost ryanbeales]$get_swap_space | column -t | head PID kBSwap StartDate EXE CWD 10023 644 Tue-Jan-24-23:13:41-2017 /usr/bin/ssh-agent / 10031 636 Tue-Jan-31-20:25:14-2017 /usr/bin/ssh-agent / 10062 640 Mon-Jan-23-23:36:33-2017 /usr/bin/ssh-agent / 10862 644 Fri-Jan-27-06:00:13-2017 /usr/bin/ssh-agent / 1098 628 Thu-Feb--2-08:07:22-2017 /usr/bin/ssh-agent / 1131 548 Sun-Jan-22-02:11:43-2017 /usr/lib/vmware-tools/sbin/vmtoolsd / 11347 640 Tue-Jan-31-01:12:45-2017 /usr/bin/ssh-agent / 11355 468 Fri-Feb-10-01:27:32-2017 /usr/sbin/ntpd / 1155 640 Thu-Feb--2-01:49:10-2017 /usr/bin/ssh-agent /
Excellent! Exactly what I wanted. With this I can then sort the output by usage or start date to find any processes which might be causing an issue.
No comments:
Post a Comment