|Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides
|Linux/FreeBSD: How to find process start time or running time with PS
|Page 1 of 1|
|Author:||admin [ Wed Jan 21, 2015 12:25 pm ]|
|Post subject:||Linux/FreeBSD: How to find process start time or running time with PS|
All information about a process is kept in the kernel/process table. To query this information, the pseudo filesystem /proc or the PS command can be used (there also other tools, but I will focus on "ps" here).
The PS command can show both the start time and date of a process and the elapsed time since the process has started. The interesting PS options and modifiers are found in the manual:
User-defined format. format is a single argument in the form of a blank-separated or comma-separated list, which offers a way to specify individual output
columns. The recognized keywords are described in the STANDARD FORMAT SPECIFIERS section below. Headers may be renamed (ps -o pid,ruser=RealUser -o comm=Command)
as desired. If all column headers are empty (ps -o pid= -o comm=) then the header line will not be output. Column width will increase as needed for wide headers;
this may be used to widen up columns such as WCHAN (ps -o pid,wchan=WIDE-WCHAN-COLUMN -o comm). Explicit width control (ps opid,wchan:42,cmd) is offered too. The
behavior of ps -o pid=X,comm=Y varies with personality; output may be one column named "X,comm=Y" or two columns named "X" and "Y". Use multiple -o options when
in doubt. Use the PS_FORMAT environment variable to specify a default as desired; DefSysV and DefBSD are macros that may be used to choose the default UNIX or BSD
lstart STARTED time the command started. See also bsdstart, start, start_time, and stime.
etime ELAPSED elapsed time since the process was started, in the form [[DD-]hh:]mm:ss.
etimes ELAPSED elapsed time since the process was started, in seconds.
First, the process ID has to be identified.
Find process ID of specific daemon/script:
Using either PS or PIDOF:
# ps alxw | grep myscript.sh
5 0 7065 1 20 0 20728 2176 - Ss ? 0:00 myscript.sh:
# pidof myscript.sh
So we know know the process id of the script, it's time for next steps.
Find process start time in Linux.
# ps -eo pid,lstart,cmd | grep 7065
7065 Sat Jan 17 16:00:33 2015 myscript.sh
So the above script started on Jan 17th ad 16:00:33 (timezone of the system).
Find process start time in FreeBSD.
FreeBSD does not have the same option modifiers as Linux for the process name: See "cmd" in Linux and "command" in FreeBSD. The rest are the same.
# ps -o pid,lstart,command -ax | grep 1497
1497 Tue Jul 15 23:49:07 2014 /usr/sbin/syslogd -s -4
79085 Wed Jan 21 17:22:03 2015 grep 1497
Find process running time in seconds in Linux.
As in "man ps" quote above, there are two possible modifiers to see the running time of a process in Linux: etime and etimes.
Etime shows the process running time more in human readable format:
# ps -eo pid,etime,cmd | grep 7065
7065 3-19:20:58 myscript.sh
That's 3days, 19h, 20m, 58s
Find process running time in seconds in FreeBSD.
The running time modifiers in FreeBSD are the same as in Linux.
# ps -o pid,etime,command -ax | grep 1497
1497 189-18:37:19 /usr/sbin/syslogd -s -4
That's 189 days .
P.S.: There some other ways to achieve this, but this is the easiest one to remember. Another non-rememberable example is:
# date -d "`ps -p 7065 -o lstart=`" +'%m-%d-%Y:%T'
|Page 1 of 1||All times are UTC - 5 hours [ DST ]|
|Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group