Americas

  • United States
sandra_henrystocker
Unix Dweeb

Sniffing out Unix processes using pgrep

How-To
Feb 27, 20173 mins
Data CenterLinux

The pgrep command is a tool for looking through currently running processes based on a number of different attributes and providing the process IDs (PIDs), but it does a lot of other things as well. The available options won’t necessarily be the same as you move from one system to another, but you’re sure to discover some pgrep commands that will prove very useful when you’re busy looking into what’s running on your systems.

The most basic pgrep command will display the PIDs for whatever command you might be inquiring about. For example, if you want a list of all of the Apache daemons running on a web server, the pgrep httpd command does that easily.

$ pgrep httpd
2854
10596
10597
10598
10599
10600
10601
10602
10603
15142
17559

If you have the -c (count) option available, you can count the processes rather than showing their PIDs.

$ pgrep -c httpd
11

If you don’t have the -c option available, you can do this instead:

$ pgrep -c httpd | wc -l
11

When you want to list PIDs for processes being run by some particular user, try the -u option as shown in this example. This allows you to search by username rather than process names.

$ pgrep -u zorro
17985
17986

Another pgrep option (-l) will allow you to see a user’s process IDs along with the name of each process. The additional information can be extremely handy.

$ pgrep -u xyz
24201
24311
24312
$ pgrep -u xyz -l
24201 bash
24311 bash
24312 vim

You can also look at multiple users at a time if you like, simply by separating their usernames with commas.

$ pgrep -u xyz,apache,zorro -l
10596 httpd
10597 httpd
10598 httpd
10599 httpd
10600 httpd
10601 httpd
10602 httpd
10603 httpd
15142 httpd
17559 httpd
17985 sshd
17986 bash
18194 sshd
18195 bash
24201 bash
24311 bash
24312 vim

You can also do something like this if you want to clarify which user is running which of the listed processes.

$ for user in xyz apache zorro
> do
>   echo $user
>   pgrep -u $user -l
> done
xyz
apache
24201 bash
24311 bash
24312 vim
10596 httpd
10597 httpd
10598 httpd
10599 httpd
10600 httpd
10601 httpd
10602 httpd
10603 httpd
15142 httpd
17559 httpd
zorro
17985 sshd
17986 bash
18194 sshd
18195 bash

And, if you want to display only the oldest or the newest of the processes being run by some particular users, use the -n (newest) or the -o (oldest) option.

$ pgrep -u root -o -l
1 init
$ pgrep -u root -n -l
18192 sshd

You can also list process IDs for processes being run on some particular terminal.

$ pgrep -t pts/0
17986
$ pgrep -t pts/0 -l
17986 bash

If pgrep can be said to have a “partner in crime,” that partner is pkill — the command that makes terminating processes easier because you don’t have to look up the process IDs before issuing the needed kill commands. In fact, these two commands — pgrep and pkill — share nearly all of their options — with only a few exceptions. These two commands are generally, if not always, a lot more than friends. A quick check can determine that they’re the same executable. In the command below, we can see that the commands use the same executable (same inodes).

$ ls -i /usr/bin/pgrep /usr/bin/pkill
3257815 /usr/bin/pgrep  3257815 /usr/bin/pkill

More on pkill soon!

sandra_henrystocker
Unix Dweeb

Sandra Henry-Stocker has been administering Unix systems for more than 30 years. She describes herself as "USL" (Unix as a second language) but remembers enough English to write books and buy groceries. She lives in the mountains in Virginia where, when not working with or writing about Unix, she's chasing the bears away from her bird feeders.

The opinions expressed in this blog are those of Sandra Henry-Stocker and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.