Process Monitoring in Linux: A Complete Guide to Commands and Tools

Introduction / Why This Matters

Process monitoring is one of the key tasks of Linux system administration. It allows you to:

Diagnose high CPU or memory load.
Find "hung" or resource-intensive processes.
Manage services and user tasks.

After completing this guide, you will be able to confidently use the command line to analyze and manage processes on any Linux server or workstation.

Prerequisites / Preparation

Before you begin, ensure that:

You have terminal access (locally or via SSH).
You have a basic understanding of the command line.
Some operations (terminating other users' processes, viewing all services) require sudo privileges.
It is recommended to install htop (see Step 1), but it is not strictly necessary—the core commands work everywhere.

Step-by-Step Guide

Step 1: Installing Additional Tools (Optional)

By default, most distributions include ps and top. For convenience, install htop—a colorful, interactive monitoring tool.

Ubuntu/Debian:

sudo apt update
sudo apt install htop

CentOS/RHEL/Fedora:

sudo yum install htop  # CentOS 7
sudo dnf install htop  # CentOS 8+/Fedora

Verify the installation: htop --version.

Step 2: Viewing the Process List with `ps`

The ps command outputs a static snapshot of processes. The most common usage is ps aux:

ps aux

Key columns:

USER — process owner.
PID — process ID (needed for management).
%CPU / %MEM — resource usage.
COMMAND — the launched command.

Useful variations:

Sort by memory (top-10):

ps aux --sort=-%mem | head -n 11  # +1 header line

Only PID, name, and CPU usage:

ps -eo pid,comm,%cpu --sort=-%cpu | head

Processes for a specific user:
```
ps -u username
```

Step 3: Real-Time Monitoring with `top`

top is the classic tool for real-time monitoring. Simply type top in the terminal.

Key actions in top:

Sorting: press P (by CPU), M (by memory), T (by time).
Terminate a process: press k, enter the PID, then the signal (default 15 — SIGTERM). For forceful termination, use 9 (SIGKILL).
Quit: q.

Customizing displayed columns:

Press f to add/remove fields (e.g., VIRT — virtual memory, RES — resident memory).
To display paths to executable files: in the setup (f), find COMMAND and switch it to full path mode.

Step 4: Using `htop` for Enhanced Control

htop provides a more user-friendly interface with mouse support (if available) and color-coded indicators.

Launch: simply htop.

Key features:

Scroll through the process list (mouse wheel or arrow keys).
Process tree: F5.
Sorting: F6 → select a column (CPU, MEM, TIME+).
Terminate a process: select a line → F9 → choose a signal (SIGTERM, SIGKILL, etc.).
Filtering: F4 → enter part of a process name.
Search: F3 → enter a query.

Example: to find all processes related to nginx, press F4 and type nginx.

Step 5: Monitoring `systemd` Services

If your system uses systemd (modern distributions), processes are often launched as services.

Check service status:

systemctl status nginx  # replace nginx with the service name

View all active services:

systemctl list-units --type=service --state=running

View service logs in real-time:

journalctl -u nginx -f  # -f — follow, track new entries

Restart/stop a service:

sudo systemctl restart nginx
sudo systemctl stop nginx

Step 6: Automating Data Collection

Create a simple bash script for regular statistics gathering.

Example script monitor_processes.sh:

#!/bin/bash
# Script to periodically output the top 5 processes by CPU and memory

echo "=== $(date) ==="
echo "Top 5 by CPU:"
ps -eo pid,comm,%cpu --sort=-%cpu | head -n 6
echo ""
echo "Top 5 by memory:"
ps -eo pid,comm,%mem --sort=-%mem | head -n 6
echo ""

Make it executable: chmod +x monitor_processes.sh. Run it manually or add it to crontab for periodic execution (e.g., every 5 minutes).

Verification

You have successfully mastered process monitoring if you can:

List processes and sort them by a specific resource.
Find the PID of a specific application (e.g., nginx or python).
Terminate an unnecessary process using kill or via the top/htop interface.
View systemd service logs and understand its status.

Quick check:

Run htop — you should see an updating list.
Find a process with high %CPU and terminate it (e.g., stress-ng if installed) via F9.
Confirm the process disappears from the list.

Troubleshooting

Problem	Solution
`htop` fails to install (package not found)	Use `top` or build from source. It may be missing in very old distributions—consider updating your system.
Processes from other users are not visible (in `ps`/`top`)	Run commands with `sudo` or switch users (`su -`).
`top` lacks a column with command paths	Press `f`, find `COMMAND`, press `d` to edit, select `c` (command line/path).
Process does not terminate even after `kill -9`	The process may be in state `D` (uninterruptible sleep). This usually indicates a filesystem or NFS issue. A reboot is often the only solution.
`systemctl` not found	The system does not use `systemd` (possibly SysVinit). Use `service` or `init.d` scripts.
Sorting in `ps` produces incorrect output	Ensure you are using the correct options. For numeric fields (`%cpu`, `%mem`), use `--sort=-%cpu` (with a minus for descending).

Note: Managing other users' processes almost always requires sudo. Be cautious with kill -9—it forces termination without allowing the process to save data.

F.A.Q.

How to find the process using the most memory?

What to do if a process doesn't terminate with the kill command?

How to monitor process list changes in real-time?

What's the difference between `ps` and `top`?

Hints

Installing additional tools (optional)

Viewing process list with ps

Interactive monitoring with top

Using htop for advanced control

Monitoring systemd services

Automating data collection

Process Monitoring in Linux: A Complete Guide to Commands and Tools

F.A.Q.

Hints

Related