Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
https://forum.ivorde.com/

Linux/FreeBSD: How to find process start time or running time with PS
https://forum.ivorde.com/linux-freebsd-how-to-find-process-start-time-or-running-time-with-ps-t19741.html
Page 1 of 1

Author:  admin [ Wed Jan 21, 2015 12:25 pm ]
Post subject:  Linux/FreeBSD: How to find process start time or running time with PS

All information about a process is kept in the kernel/process table. To query this information, the pseudo filesystem /proc or the PS command can be used (there also other tools, but I will focus on "ps" here).

The PS command can show both the start time and date of a process and the elapsed time since the process has started. The interesting PS options and modifiers are found in the manual:

Quote:
-o format
User-defined format. format is a single argument in the form of a blank-separated or comma-separated list, which offers a way to specify individual output
columns. The recognized keywords are described in the STANDARD FORMAT SPECIFIERS section below. Headers may be renamed (ps -o pid,ruser=RealUser -o comm=Command)
as desired. If all column headers are empty (ps -o pid= -o comm=) then the header line will not be output. Column width will increase as needed for wide headers;
this may be used to widen up columns such as WCHAN (ps -o pid,wchan=WIDE-WCHAN-COLUMN -o comm). Explicit width control (ps opid,wchan:42,cmd) is offered too. The
behavior of ps -o pid=X,comm=Y varies with personality; output may be one column named "X,comm=Y" or two columns named "X" and "Y". Use multiple -o options when
in doubt. Use the PS_FORMAT environment variable to specify a default as desired; DefSysV and DefBSD are macros that may be used to choose the default UNIX or BSD
columns.

lstart STARTED time the command started. See also bsdstart, start, start_time, and stime.

etime ELAPSED elapsed time since the process was started, in the form [[DD-]hh:]mm:ss.

etimes ELAPSED elapsed time since the process was started, in seconds.


First, the process ID has to be identified.

Find process ID of specific daemon/script:


Using either PS or PIDOF:
Code:
# ps alxw | grep myscript.sh
5     0  7065     1  20   0  20728  2176 -      Ss   ?          0:00 myscript.sh:
# pidof myscript.sh
13134 7065


So we know know the process id of the script, it's time for next steps.

Find process start time in Linux.


Code:
# ps -eo pid,lstart,cmd | grep 7065
7065 Sat Jan 17 16:00:33 2015 myscript.sh


So the above script started on Jan 17th ad 16:00:33 (timezone of the system).

Find process start time in FreeBSD.


FreeBSD does not have the same option modifiers as Linux for the process name: See "cmd" in Linux and "command" in FreeBSD. The rest are the same.
Code:
# ps -o pid,lstart,command -ax | grep 1497
1497 Tue Jul 15 23:49:07 2014 /usr/sbin/syslogd -s -4
79085 Wed Jan 21 17:22:03 2015 grep 1497


Find process running time in seconds in Linux.


As in "man ps" quote above, there are two possible modifiers to see the running time of a process in Linux: etime and etimes.
Etime shows the process running time more in human readable format:
Code:
# ps -eo pid,etime,cmd | grep 7065
7065  3-19:20:58 myscript.sh

That's 3days, 19h, 20m, 58s

Find process running time in seconds in FreeBSD.


The running time modifiers in FreeBSD are the same as in Linux.
Code:
# ps -o pid,etime,command -ax | grep 1497     
1497 189-18:37:19 /usr/sbin/syslogd -s -4

That's 189 days :).

P.S.: There some other ways to achieve this, but this is the easiest one to remember. Another non-rememberable example is:
Code:
# date -d "`ps -p 7065 -o lstart=`" +'%m-%d-%Y:%T'
01-17-2015:16:00:33

Page 1 of 1 All times are UTC - 5 hours [ DST ]
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/