Complete Guide to Bash ps Command

Table of Contents

Introduction to ps Command

The ps (process status) command is one of the most fundamental tools for monitoring and managing processes in Unix/Linux systems. It provides a snapshot of current processes, displaying information like process IDs, resource usage, and execution status. Understanding ps is essential for system administration, debugging, and performance monitoring.

Key Concepts

Process ID (PID): Unique identifier for each process
Parent Process ID (PPID): PID of the process that created this process
TTY: Terminal associated with the process
STAT: Process state code (R-running, S-sleeping, Z-zombie, etc.)
CPU/MEM Usage: Resource consumption metrics
Command: The command that started the process

1. Basic ps Syntax

Command Structure

# Basic syntax
ps [OPTIONS]
# Common option styles
ps aux                    # BSD style (no dash)
ps -ef                    # Unix/Linux style (with dash)
ps --pid 1234             # GNU style (long options)
# Mixing styles (avoid when possible)
ps aux --forest           # Generally works but not recommended

Simple Examples

# Show processes in current shell
ps
#   PID TTY          TIME CMD
# 12345 pts/0    00:00:00 bash
# 12346 pts/0    00:00:00 ps
# Show all processes
ps -e
ps -A                      # Same as -e
# Show processes with full format
ps -f
# UID        PID  PPID  C STIME TTY          TIME CMD
# user     12345 12344  0 10:30 pts/0    00:00:00 bash
# user     12346 12345  0 10:31 pts/0    00:00:00 ps -f

2. Common ps Options

BSD Style (aux)

# Most common: show all processes with details
ps aux
# Output explanation
# USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
# root         1  0.0  0.1 225536  9384 ?        Ss   Mar10   0:03 /sbin/init
# user     12345  0.0  0.0  23768  5120 pts/0    Ss   10:30   0:00 bash
# Show all processes for current user
ps aux | grep "^$USER"
# Show all processes with full command line
ps auxww
# Show processes without header
ps aux | tail -n +2
# Sort by CPU usage
ps aux --sort=-%cpu | head -10
# Sort by memory usage
ps aux --sort=-%mem | head -10

Unix/Linux Style (-ef)

# Standard Unix format
ps -ef
# Output
# UID        PID  PPID  C STIME TTY          TIME CMD
# root         1     0  0 Mar10 ?        00:00:03 /sbin/init
# user     12345 12344  0 10:30 pts/0    00:00:00 bash
# Full format with additional info
ps -efl                    # Long format
ps -efj                    # Job format
ps -eF                     # Extra full format
# Custom format
ps -e -o pid,ppid,cmd

GNU Style (--options)

# Using long options
ps --pid 1234
ps --ppid 1
ps --user root
# Combine with formatting
ps --pid 1234 --format pid,ppid,cmd
# Show process tree
ps --forest
ps -e --forest
# Show threads
ps -eLf
ps aux -L

3. Process Information Fields

Common Output Fields

# Understanding ps columns
ps aux | head -1
# USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
# Field descriptions:
# USER      - Owner of the process
# PID       - Process ID
# %CPU      - CPU usage percentage
# %MEM      - Memory usage percentage
# VSZ       - Virtual memory size (KB)
# RSS       - Resident Set Size (physical memory in KB)
# TTY       - Controlling terminal
# STAT      - Process state
# START     - Start time
# TIME      - Cumulative CPU time
# COMMAND   - Command with arguments
# Get specific fields
ps -e -o pid,user,pcpu,pmem,comm

Custom Output Format

# Define custom output columns
ps -e -o pid,ppid,user,pcpu,pmem,etime,cmd
# Available column specifiers
ps -e -o pid,user,group,comm          # Basic info
ps -e -o pid,pcpu,pmem,vsz,rss         # Resource usage
ps -e -o pid,stat,start,etime          # Time and state
ps -e -o pid,tty,args                   # Command line
# With headers
ps -e -o pid=,user=,cmd=                # No headers
ps -e -o "pid=PID,user=USER,cmd=COMMAND"  # Custom headers
# Calculate total memory usage
ps -e -o rss --no-headers | awk '{sum+=$1} END {print sum " KB"}'
# Format as CSV
ps -e -o pid,user,pcpu,comm --no-headers | tr -s ' ' ','

4. Process Selection

By PID

# Select specific processes by PID
ps -p 1234
ps -p 1234,5678,9012
# Using process groups
ps -g 1234
# Select by PID range
ps -p {1000..1010} 2>/dev/null
# Interactive PID selection
ps -p $(pgrep firefox)

By User

# Processes for specific user
ps -u username
ps -U root                     # Real user ID
ps -u 1000                     # By UID
# Processes for multiple users
ps -u root,www-data,postgres
# All processes except user
ps -N -u root
# Combine with other filters
ps -u username -o pid,pcpu,comm --sort=-pcpu | head -5

By Terminal

# Processes by terminal
ps -t pts/0
ps -t pts/0,pts/1
# All terminal processes
ps -a
# Processes without terminal (daemons)
ps -e | grep " ? "
# Using tty command
ps -t $(tty | cut -d'/' -f3-)

By Command Name

# Search by command name
ps -C bash
ps -C nginx,apache2
# Case-insensitive search
ps -C bash | grep -i "bash"
# Using pgrep with ps
pgrep -l firefox | while read pid cmd; do
ps -p $pid -o pid,pcpu,pmem,cmd
done

5. Process States (STAT)

State Codes

# Common process states
# R - Running or runnable
# S - Sleeping (interruptible)
# D - Uninterruptible sleep (usually I/O)
# T - Stopped (by job control signal)
# t - Stopped (by debugger)
# Z - Zombie (defunct)
# X - Dead (should never be seen)
# Additional flags
# < - High-priority (not nice to others)
# N - Low-priority (nice to others)
# L - Has pages locked in memory
# s - Session leader
# l - Multi-threaded
# + - In foreground process group
# Find zombie processes
ps aux | grep Z
ps -e -o pid,stat,cmd | grep "^ *[0-9]\+ Z"
# Find stopped processes
ps -e -o pid,stat,cmd | grep T
# Count processes by state
ps -e -o stat --no-headers | sort | uniq -c

Understanding STAT Examples

# Running process in foreground
ps -o pid,stat,cmd -p $$
#  PID STAT CMD
# 1234 Ss   bash
# Multi-threaded process
ps -eLf | grep firefox
# UID   PID  LWP  C  NLWP  SZ  COMMAND
# user  5678 5678  0    10  123 firefox
# user  5678 5679  0    10  123 firefox
# Zombie process
ps aux | grep defunct
# user  9999  0.0  0.0      0     0 ?        Z    Mar10   0:00 [defunct]

6. Process Tree and Hierarchy

Display Process Tree

# Show process tree
ps -e --forest
ps axjf                     # BSD forest format
ps -e -o pid,ppid,cmd --forest
# Tree for specific process
ps -e --forest | grep -B 10 -A 5 "PID"
# Using pstree (more visual)
pstree
pstree -p                    # Show PIDs
pstree -u                    # Show user names
pstree username               # Tree for specific user
# Show process ancestry
ps -o pid,ppid,cmd -p 1
ps -o pid,ppid,cmd -p $(ps -o ppid -p $$ --no-headers)

Parent-Child Relationships

# Find child processes
ps --ppid 1
ps -o pid,cmd --ppid 1
# Show all descendants
descendants() {
local pid=$1
echo "$pid"
for child in $(ps --ppid $pid -o pid --no-headers); do
descendants $child
done
}
# Find orphaned processes (PPID 1)
ps -o pid,ppid,cmd --ppid 1 | grep -v "init\|systemd"
# Process hierarchy viewer
watch -n 1 'ps -e -o pid,ppid,user,pcpu,cmd --forest'

7. Resource Usage Information

CPU Usage

# Sort by CPU usage
ps aux --sort=-%cpu | head -10
ps -e -o pid,pcpu,comm --sort=-pcpu | head -10
# CPU usage with cumulative time
ps -e -o pid,pcpu,time,comm --sort=-pcpu | head -10
# CPU usage per core (requires mpstat)
mpstat -P ALL 1 1 | grep -A 10 "CPU"
# Find processes using more than 50% CPU
ps -e -o pid,pcpu,comm --no-headers | awk '$2 > 50'
# Calculate total CPU usage
ps -e -o pcpu --no-headers | awk '{sum+=$1} END {print sum "%"}'

Memory Usage

# Sort by memory usage
ps aux --sort=-%mem | head -10
ps -e -o pid,pmem,rss,vsz,comm --sort=-pmem | head -10
# Memory in human-readable format
ps -e -o pid,pmem,rss:8,comm --sort=-pmem | \
awk '{printf "%s\t%s\t%.2f MB\t%s\n", $1, $2, $3/1024, $4}'
# Find processes using more than 100MB
ps -e -o pid,rss,comm --no-headers | awk '$2 > 102400'
# Total memory by process
ps -e -o comm,rss --no-headers | \
awk '{arr[$1]+=$2} END {for(i in arr) printf "%s: %.2f MB\n", i, arr[i]/1024}' | \
sort -k2 -rn | head -10

I/O and Other Resources

# I/O statistics (requires iotop)
sudo iotop -o
# Open files (requires lsof)
lsof -p PID
# Thread count per process
ps -eL -o pid,nlwp,comm | awk '$2 > 1' | head -10
# Context switches (requires pidstat)
pidstat -w 1 5
# Memory maps
pmap PID
# Process limits
cat /proc/PID/limits

8. Real-Time Monitoring with ps

Watch Commands

# Update every second
watch -n 1 'ps aux --sort=-%cpu | head -20'
# Custom watch with highlighting
watch -d -n 1 'ps -e -o pid,pcpu,pmem,comm --sort=-pcpu | head -15'
# Watch specific user processes
watch -n 2 "ps -u $USER -o pid,pcpu,pmem,comm --sort=-pcpu | head -10"
# Monitor process growth
watch -n 1 'ps -p PID -o pid,rss,vsz,pcpu'

Combining with Other Tools

# Top-like display with ps
while true; do 
clear
date
ps -e -o pid,user,pcpu,pmem,comm --sort=-pcpu | head -15
sleep 2
done
# Log process activity
while true; do
ps -e -o pid,pcpu,pmem,comm --no-headers >> process.log
sleep 60
done
# Alert on high CPU
while true; do
high_cpu=$(ps -e -o pcpu --no-headers | awk '{if($1>80) print $1}')
if [ -n "$high_cpu" ]; then
echo "High CPU detected at $(date)" | mail -s "CPU Alert" admin
fi
sleep 30
done

9. Process Grepping and Filtering

Finding Specific Processes

# Find process by name
ps aux | grep firefox
ps -e | grep firefox
# Exact match
ps -C firefox
# Case-insensitive
ps aux | grep -i "firefox"
# Exclude grep itself
ps aux | grep [f]irefox
# Find and kill
pkill -f "python script.py"
kill -9 $(pgrep -f "firefox")
# Using pidof
pidof firefox
kill -9 $(pidof firefox)

Complex Filters

# Processes by multiple criteria
ps -u root -o pid,pcpu,comm --sort=-pcpu | grep -v "systemd\|kernel"
# Processes running longer than 1 hour
ps -e -o pid,etime,comm --no-headers | awk -F: '{if($1 > 60) print}'
# Processes with specific state
ps -e -o pid,stat,comm --no-headers | grep "^ *[0-9]\+ R"
# Users with most processes
ps -e -o user --no-headers | sort | uniq -c | sort -nr | head -5
# Processes by session
ps -e -o sess,pid,comm --sort=sess | head -20

10. Advanced ps Techniques

Custom Output Scripts

#!/bin/bash
# Process monitor script
monitor_processes() {
local interval=${1:-2}
local count=${2:-0}
local iterations=0
while [ $count -eq 0 ] || [ $iterations -lt $count ]; do
clear
echo "=== Process Monitor ==="
echo "Time: $(date)"
echo "Load: $(uptime | awk -F'load average:' '{print $2}')"
echo
echo "Top 10 CPU Processes:"
ps -e -o pid,user,pcpu,pmem,comm --sort=-pcpu | head -11
echo
echo "Top 10 Memory Processes:"
ps -e -o pid,user,pcpu,pmem,comm --sort=-pmem | head -11
if [ $count -ne 0 ]; then
((iterations++))
echo -e "\nRefresh in $interval seconds (Iteration $iterations/$count)"
fi
sleep $interval
done
}
# Process summary
process_summary() {
echo "=== Process Summary ==="
echo "Total processes: $(ps -e --no-headers | wc -l)"
echo "Running: $(ps -e -o stat --no-headers | grep -c "^ *R")"
echo "Sleeping: $(ps -e -o stat --no-headers | grep -c "^ *S")"
echo "Zombie: $(ps -e -o stat --no-headers | grep -c "^ *Z")"
echo
echo "CPU usage: $(ps -e -o pcpu --no-headers | awk '{sum+=$1} END {print sum}')%"
echo "Memory usage: $(ps -e -o pmem --no-headers | awk '{sum+=$1} END {print sum}')%"
}
# Usage
monitor_processes 5 10
process_summary

Formatting and Exporting

# Export to CSV
ps -e -o pid,user,pcpu,pmem,comm --no-headers | \
tr -s ' ' ',' > processes.csv
# Export to JSON
ps -e -o pid,user,pcpu,pmem,comm --no-headers | \
awk 'BEGIN {print "["} 
{printf "{\"pid\":%s,\"user\":\"%s\",\"cpu\":%s,\"mem\":%s,\"cmd\":\"%s\"},\n", $1,$2,$3,$4,$5} 
END {print "]"}' | \
sed '$ s/},/}/' > processes.json
# Format as HTML table
{
echo "<table border='1'>"
echo "<tr><th>PID</th><th>User</th><th>CPU%</th><th>MEM%</th><th>Command</th></tr>"
ps -e -o pid,user,pcpu,pmem,comm --no-headers | \
while read pid user cpu mem cmd; do
echo "<tr><td>$pid</td><td>$user</td><td>$cpu</td><td>$mem</td><td>$cmd</td></tr>"
done
echo "</table>"
} > processes.html

Historical Analysis

#!/bin/bash
# Process history logger
LOG_DIR="/var/log/process_history"
mkdir -p "$LOG_DIR"
log_process_snapshot() {
local timestamp=$(date +%Y%m%d_%H%M%S)
local logfile="$LOG_DIR/processes_$timestamp.log"
{
echo "=== Process Snapshot: $(date) ==="
echo "Total: $(ps -e --no-headers | wc -l)"
echo
echo "--- Top CPU ---"
ps -e -o pid,pcpu,pmem,comm --sort=-pcpu | head -20
echo
echo "--- Top MEM ---"
ps -e -o pid,pmem,pcpu,comm --sort=-pmem | head -20
} > "$logfile"
# Rotate logs (keep last 24)
ls -t "$LOG_DIR"/processes_*.log | tail -n +25 | xargs -r rm
}
# Analyze historical data
analyze_trends() {
echo "=== CPU Usage Trend ==="
for log in "$LOG_DIR"/processes_*.log; do
date=$(basename "$log" | sed 's/processes_\(.*\).log/\1/')
cpu=$(grep "CPU usage" "$log" | awk '{print $3}' | sed 's/%//')
echo "$date: $cpu%"
done
}
# Monitor continuously
while true; do
log_process_snapshot
sleep 300  # 5 minutes
done

11. Performance Analysis

Identifying Bottlenecks

# Find CPU hogs
ps -e -o pid,pcpu,comm --sort=-pcpu | head -5
# Find memory leaks (watch RSS growth)
watch -n 5 'ps -p PID -o pid,rss,pcpu,comm'
# Find I/O bound processes
ps -e -o pid,stat,wchan,comm | grep D
# Find processes in uninterruptible sleep
ps -e -o pid,stat,comm | grep "^ *[0-9]\+ D"
# Context switch rate
pidstat -w 1 5
# System call count
strace -c -p PID

Resource Usage Reports

#!/bin/bash
# Generate resource usage report
generate_report() {
local report_file="resource_report_$(date +%Y%m%d).txt"
{
echo "=== System Resource Report ==="
echo "Generated: $(date)"
echo
echo "=== System Overview ==="
uptime
echo
free -h
echo
df -h
echo
echo "=== Top 10 CPU Processes ==="
ps -e -o pid,user,pcpu,pmem,comm --sort=-pcpu | head -11
echo
echo "=== Top 10 Memory Processes ==="
ps -e -o pid,user,pcpu,pmem,comm --sort=-pmem | head -11
echo
echo "=== Process Count by User ==="
ps -e -o user --no-headers | sort | uniq -c | sort -nr
echo
echo "=== Zombie Processes ==="
ps -e -o pid,stat,comm | grep Z || echo "None"
echo
} > "$report_file"
echo "Report generated: $report_file"
}
# Usage
generate_report

12. Security and Auditing

Process Security Checks

# Find processes running as root
ps -U root -o pid,user,comm
# Find processes with open network ports
lsof -i -P -n | grep LISTEN
# Find suspicious processes
ps -e -o pid,user,comm | grep -v -f /etc/whitelist
# Check for hidden processes (comparing with /proc)
comm -23 <(ls /proc | grep -E '^[0-9]+$' | sort) <(ps -e -o pid --no-headers | sort)
# Find processes with unusual names
ps -e -o comm --no-headers | sort | uniq -c | sort -nr
# Check process environment for sensitive info
cat /proc/PID/environ | tr '\0' '\n' | grep -i "pass\|key\|token"

Process Monitoring for Security

#!/bin/bash
# Security monitor script
SECURITY_LOG="/var/log/security_monitor.log"
monitor_new_processes() {
local known_processes="/tmp/known_processes.txt"
# Create baseline
if [ ! -f "$known_processes" ]; then
ps -e -o comm --no-headers | sort -u > "$known_processes"
echo "Baseline created"
return
fi
# Check for new processes
comm -13 "$known_processes" <(ps -e -o comm --no-headers | sort -u) | \
while read new_proc; do
echo "$(date): New process detected: $new_proc" >> "$SECURITY_LOG"
# Get details
ps -e -o pid,user,comm | grep "$new_proc" >> "$SECURITY_LOG"
done
}
# Monitor high-risk commands
monitor_high_risk() {
local risky_commands="nc|ncat|netcat|socat|nmap|nikto|hydra|john"
ps -e -o pid,user,comm --no-headers | grep -E "$risky_commands" | \
while read line; do
echo "$(date): High-risk command detected: $line" >> "$SECURITY_LOG"
done
}
# Check for privilege escalation
check_privilege_escalation() {
ps -e -o pid,uid,euid,suid,comm --no-headers | \
awk '$2 != $3 {print $0}' | \
while read line; do
echo "$(date): Privilege escalation attempt: $line" >> "$SECURITY_LOG"
done
}
# Continuous monitoring
while true; do
monitor_new_processes
monitor_high_risk
check_privilege_escalation
sleep 60
done

13. Process Control with ps

Killing Processes

# Find and kill by name
kill -9 $(pgrep firefox)
# Kill all processes for user
pkill -u username
# Kill by PPID (parent)
pkill -P 1234
# Graceful termination
kill -15 PID
kill -TERM PID
# Force kill
kill -9 PID
kill -KILL PID
# Kill process tree
kill -9 -$(ps -o pgid= -p PID | tr -d ' ')

Process Priorities

# View nice values
ps -e -o pid,ni,comm | head -10
ps -l                   # Show nice values for current shell
# Find low priority processes
ps -e -o pid,ni,comm --no-headers | awk '$2 > 0'
# Find high priority processes
ps -e -o pid,ni,comm --no-headers | awk '$2 < 0'
# Change priority
renice +5 -p PID        # Lower priority
renice -5 -p PID        # Higher priority (requires root)

14. Integration with Other Commands

With grep

# Classic pattern
ps aux | grep firefox
ps -ef | grep -v grep | grep firefox
# Case-insensitive
ps aux | grep -i "apache"
# Exact match
ps aux | grep -w "bash"
# Multiple patterns
ps aux | grep -E "firefox|chrome|opera"
# Exclude patterns
ps aux | grep -v "systemd\|kernel"

With awk

# Process awk for calculations
ps aux | awk '$3 > 50 {print $2, $3, $11}'  # CPU > 50%
# Average CPU
ps aux | awk 'NR>1 {sum+=$3} END {print "Average CPU:", sum/(NR-1)}'
# Total memory used by user
ps aux | awk 'NR>1 {user[$1] += $4} END {for(u in user) print u, user[u] "%"}'
# Format output
ps aux | awk '{printf "%-8s %-6s %-4s %s\n", $1, $2, $3, $11}'

With sort and head

# Top CPU consumers
ps aux --sort=-%cpu | head -11
# Top memory consumers
ps aux --sort=-%mem | head -11
# Oldest processes
ps aux --sort=start_time | head -11
# Newest processes
ps aux --sort=-start_time | head -11
# Sort by PID
ps aux --sort=pid | head -20

With watch

# Real-time monitoring
watch -n 1 'ps aux | grep firefox'
watch -n 2 'ps -e -o pid,pcpu,pmem,comm --sort=-pcpu | head -15'
# Color-coded watch
watch -d -n 1 'ps -C firefox -o pid,pcpu,pmem'
# Watch with custom format
watch -n 5 'ps -e -o pid,user,pcpu,pmem,etime,comm | head -20'

15. Troubleshooting and Debugging

Common Issues

# Zombie processes
# Causes: parent not waiting for child
# Solution: kill parent or reboot
# Find zombies
ps aux | grep Z
# Identify parent
ps -o ppid= -p ZOMBIE_PID
# Check parent
ps -p PARENT_PID -o cmd
# High CPU process
# Check what it's doing
strace -p PID
gdb -p PID
lsof -p PID
# Memory leak
# Monitor over time
watch -n 10 'ps -p PID -o pid,rss,vsz,pcpu,pmem'

Debugging Tools

# Process stack trace
pstack PID
cat /proc/PID/stack
# Open files
lsof -p PID
# Memory maps
pmap -x PID
# System calls
strace -p PID
strace -f -p PID          # Follow forks
# Process environment
cat /proc/PID/environ | tr '\0' '\n'
# Process limits
cat /proc/PID/limits
# Process cgroup
cat /proc/PID/cgroup

16. Script Examples

Process Manager

#!/bin/bash
# Simple process manager
PROCESS_MANAGER_DIR="/tmp/process_manager"
mkdir -p "$PROCESS_MANAGER_DIR"
start_process() {
local name="$1"
local cmd="$2"
if [ -f "$PROCESS_MANAGER_DIR/$name.pid" ]; then
echo "Process $name already running"
return 1
fi
eval "$cmd" &
echo $! > "$PROCESS_MANAGER_DIR/$name.pid"
echo "Started $name with PID $!"
}
stop_process() {
local name="$1"
local pid_file="$PROCESS_MANAGER_DIR/$name.pid"
if [ ! -f "$pid_file" ]; then
echo "Process $name not running"
return 1
fi
local pid=$(cat "$pid_file")
kill -15 "$pid" 2>/dev/null
rm "$pid_file"
echo "Stopped $name"
}
status_process() {
local name="$1"
local pid_file="$PROCESS_MANAGER_DIR/$name.pid"
if [ ! -f "$pid_file" ]; then
echo "$name: STOPPED"
return
fi
local pid=$(cat "$pid_file")
if ps -p "$pid" > /dev/null 2>&1; then
echo "$name: RUNNING (PID: $pid)"
ps -p "$pid" -o pid,pcpu,pmem,etime,cmd
else
echo "$name: STOPPED (stale PID file)"
rm "$pid_file"
fi
}
list_processes() {
echo "Managed Processes:"
for pid_file in "$PROCESS_MANAGER_DIR"/*.pid; do
[ -f "$pid_file" ] || continue
name=$(basename "$pid_file" .pid)
status_process "$name"
echo
done
}
# Usage
case "$1" in
start)
start_process "$2" "$3"
;;
stop)
stop_process "$2"
;;
status)
[ -n "$2" ] && status_process "$2" || list_processes
;;
*)
echo "Usage: $0 {start|stop|status} [name] [command]"
;;
esac

Process Watcher

#!/bin/bash
# Watch specific process and alert
WATCH_PID="$1"
THRESHOLD_CPU=80
THRESHOLD_MEM=50
ALERT_EMAIL="[email protected]"
watch_process() {
local pid=$1
if ! ps -p "$pid" > /dev/null 2>&1; then
echo "Process $pid not found"
return 1
fi
while ps -p "$pid" > /dev/null 2>&1; do
# Get process stats
stats=$(ps -p "$pid" -o pcpu=,pmem=,rss=,vsz= --no-headers 2>/dev/null)
if [ -n "$stats" ]; then
cpu=$(echo "$stats" | awk '{print $1}')
mem=$(echo "$stats" | awk '{print $2}')
rss=$(echo "$stats" | awk '{print $3}')
vsz=$(echo "$stats" | awk '{print $4}')
# Check thresholds
if (( $(echo "$cpu > $THRESHOLD_CPU" | bc -l) )); then
echo "High CPU alert: $cpu%" | mail -s "Process Alert" "$ALERT_EMAIL"
fi
if (( $(echo "$mem > $THRESHOLD_MEM" | bc -l) )); then
echo "High Memory alert: $mem%" | mail -s "Process Alert" "$ALERT_EMAIL"
fi
# Log stats
echo "$(date): CPU=$cpu% MEM=$mem% RSS=$rss VSZ=$vsz" >> "process_$pid.log"
fi
sleep 5
done
echo "Process $pid terminated at $(date)" >> "process_$pid.log"
}
# Usage
if [ -z "$WATCH_PID" ]; then
echo "Usage: $0 <PID>"
exit 1
fi
watch_process "$WATCH_PID"

Conclusion

The ps command is an essential tool for process management and system monitoring:

Key Takeaways

Process Information: PID, PPID, user, CPU, memory, command
Process States: Running, sleeping, stopped, zombie
Resource Usage: CPU percentage, memory usage, virtual memory
Process Hierarchy: Parent-child relationships, process trees
Filtering: By user, terminal, command, state
Custom Formatting: Select specific fields for output
Real-time Monitoring: Combine with watch for live updates

Common Use Cases

Task	Command
List all processes	`ps aux` or `ps -ef`
Find process by name	`ps aux \| grep name`
Sort by CPU	`ps aux --sort=-%cpu`
Sort by memory	`ps aux --sort=-%mem`
Show process tree	`ps axjf`
Check process state	`ps -o pid,stat,cmd`
Monitor specific PID	`watch -n 1 'ps -p PID -o pid,pcpu,pmem'`

Best Practices

Use ps aux for most comprehensive view
Combine with grep for finding specific processes
Sort with --sort for identifying resource hogs
Use watch for real-time monitoring
Create custom formats with -o for specific needs
Check for zombie processes regularly
Monitor system resources to prevent overload

The ps command is fundamental for system administration and debugging. Master it for effective process management!