[CONTACT]

[ABOUT]

[POLICY]

This is a only version

Found at: raymii.org:70/Procfs_tips_and_tricks.txt

This is a text-only version of the following page on https://raymii.org:
---
Title       : 	Exploring /proc/ - tips and tricks for the procfs
Author      : 	Remy van Elst
Date        : 	28-01-2013
URL         : 	https://raymii.org/s/snippets/Procfs_tips_and_tricks.html
Format      : 	Markdown/HTML
---
> procfs (or the proc filesystem) is a special filesystem in UNIX-like operating
systems that presents information about processes and other system information
in a hierarchical file-like structure, providing a more convenient and
standardized method for dynamically accessing process data held in the kernel
than traditional tracing methods or direct access to kernel memory. Typically,
it is mapped to a mount point named /proc at boot time.
Note that most /proc/ entries are separated by null characters, and there may be
a null character at the end. Where applicable the `tr` command is used to
replace these.

I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!

Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.

You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $100 credit for 60 days.

### Processes
Inside the `/proc` directory every process has a folder, named after its process
ID. For example, my `nagios3` program has the following process ID:
    
    
    ps aux | grep [n]agios3 | awk '{ print $2 }'
    3363
    
So it has its own special folder: `/proc/3363`. Every process has a folder like
`/proc/$PID` where $PID is its process ID.
I'll cover a few specific files of a process folder below.
#### exe
This is a symlink to the process binary:
    
    
    sudo ls -l /proc/3363/exe
    lrwxrwxrwx 1 root root 0 2013-01-26 15:18 /proc/3363/exe -> /usr/sbin/nagios3
    
#### cmdline
This shows the command which started the process:
    
    
    (sudo cat /proc/3363/cmdline; echo) | tr "\000" " "
    /usr/sbin/nagios3 -d /etc/nagios3/nagios.cfg
    
#### cwd
This is a symlink to the process current working directory:
    
    
    sudo ls -la /proc/3363/cwd
    lrwxrwxrwx 1 root root 0 2013-01-26 15:18 /proc/3363/cwd -> /
    
#### environ
This gives us the environment of the command (your `env`) which also shows us
all the user variables and such:
    
    
    (sudo cat /proc/3363/environ; echo) | tr "\000" "\n"
    [output truncated]
    
#### status
This gives us a `ps` like information overview for the process:
    
    
    cat /proc/3363/status
    Name:   nagios3
    State:  S (sleeping)
    Tgid:   3363
    Pid:    3363
    PPid:   1
    TracerPid:      0    
    [output truncated]
    
#### limits
This gives the limits the process has, which can be set and tweaked using
`ulimit`:
    
    
    sudo cat /proc/3363/limits
    Limit                     Soft Limit           Hard Limit           Units     
    Max cpu time              unlimited            unlimited            seconds   
    Max file size             unlimited            unlimited            bytes     
    Max data size             unlimited            unlimited            bytes     
    Max stack size            8388608              unlimited            bytes     
    Max core file size        0                    unlimited            bytes     
    Max resident set          unlimited            unlimited            bytes     
    Max processes             unlimited            unlimited            processes 
    [output truncated]
    
### Non Processes
There are also a lot of "general" files which give you system information.
#### /proc/filesystems
This gives a list of all the filesystems supported by the current kernel:
    
    
    cat /proc/filesystems 
    nodev   sysfs
    nodev   rootfs
    nodev   bdev
    nodev   proc
    nodev   cgroup
    
When it has `nodev` before it, it means it is a non-physical filesystems such as
network filesystems and proc.
#### /proc/cpuinfo
This return a lot of info about the processor(s).
    
    
    cat /proc/cpuinfo
    processor       : 0
    vendor_id       : GenuineIntel
    cpu family      : 15
    model           : 3
    model name      : Intel(R) Xeon(TM) CPU 2.60GHz
    stepping        : 9
    
#### /proc/uptime
This returns the uptime as two decimal values in seconds, separated by a space,
the amount of time since the kernel was started and the amount of time that the
kernel has been idle.
    
    
    cat /proc/uptime
    3121129.58 4100521.65
    
#### /proc/cmdline
This gives the current command line passed to the running kernel (by GRUB/lilo):
    
    
    cat /proc/cmdline
    BOOT_IMAGE=/boot/vmlinuz-2.6.18-21-generic-pae root=UUID=[...] ro quiet
    
#### /proc/version
This gives very detailed kernel version information. More than with `uname -a`,
see the comparison:
    
    
    cat /proc/version
    Linux version 2.6.18-21-custom-pae-bfs (remy@solaris3) (gcc version 4.4.3 (Ubuntu 4.2-ubuntu5.1) ) #101-Ubuntu SMP Mon Dec 3 15:56:38 UTC 2012
    
    uname -a
    Linux solaris3 2.6.18-21-custom-pae-bfs #101-Ubuntu SMP Mon Dec 3 15:56:38 UTC 2012 i686 GNU/Linux
    
(Note that this is a custom kernel, hence the `remy@solaris3`).
#### /proc/modules
This returns a list of currently loaded kernel modules:
    
    
    cat /proc/modules
    btrfs 462393 0 - Live 0xf908d000
    zlib_deflate 19568 1 btrfs, Live 0xf87e9000
    crc32c 2519 1 - Live 0xf8410000
    
#### /proc/scsi/scsi
This gives information on the attached SCSI devices (handy on servers, also does
SAS):
    
    
    cat /proc/scsi/scsi 
    Attached devices:
    Host: scsi1 Channel: 00 Id: 00 Lun: 00
      Vendor: TEAC     Model: CD-224E          Rev: K.9A
      Type:   CD-ROM                           ANSI  SCSI revision: 05
    
#### /proc/uptime
This gives the same result as the `uptime` command, with two extra's. The fourth
field consists of two numbers separated by a slash, the first one represents the
number of currently executing processes/threads. This number will not exceed the
number of processors cores the system has.The second number (the one after the
slash) represents the number of processes/threads currently existing on the
system. The fifth field has the most reced PID created (probably of the `cat`
command you just did.)
    
    
    cat /proc/loadavg 
    1.02 1.43 1.40 1/132 16254
    
### The /proc/net folder
This folder has information about the network stack.
#### /proc/net/route
This is the systems routing table, in HEX format:
    
    
    cat /proc/net/route
    Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT                                                       
    eth0    0EF1D9C2        00000000        0001    0       0       0       00FFFFFF        0       0       0                                                                               
    eth0    00000000        0EF1D9C2        0003    0       0       100     00000000        0       0       0  
    
#### /proc/net/arp
This has the system ARP table, also in HEX format. Using the `arp -a` command
gives more readable output.
    
    
    cat /proc/net/arp
    IP address       HW type     Flags       HW address            Mask     Device
    10.0.20.3        0x1         0x2         00:11:22:33:44:55     *        eth0
    10.0.20.4        0x1         0x2         00:11:11:11:44:55     *        eth0
    
#### /proc/net/dev
This has information about sent and received packages for all interfaces.
`ifconfig` gives a more readable output.
    
    
    cat /proc/net/dev
    Inter-|   Receive                                                     |Transmit
     face |bytes    packets      errs drop fifo frame compressed multicast|bytes      packets    errs drop fifo colls carrier compressed
        lo:775661077  998843        0    0    0     0          0         0 775661077  998843       0    0    0     0       0          0
      eth0:2914473149 1605253769    1    0    0     1          0         0 3861718441 884372746    0    0    0     0       0          0
    
### /proc/sys
#### /proc/sys/vm/swappiness
This value controls how willing the kernel will be to swap memory. If you raise
this number, the kernel will want to swap more often, while lowering it will
decrease his tendency to swap.
    
    
    cat /proc/sys/vm/swappiness 
    60
    
#### /proc/sys/kernel/threads-max
This value is the maximum number of processes/threads that can exist at any
given time on the system.
    
    
    cat /proc/sys/kernel/threads-max
    32068
    
#### /proc/sys/net/ipv4/conf/default/forwarding
This file controls if the kernel forwards packets. If your system is not acting
as a router or firewall this should be off (0). You can change it by `echo 1 >
/proc/sys/net/ipv4/conf/default/forwarding` or by setting it in
`/etc/sysctl.conf`.
    
    
    cat /proc/sys/net/ipv4/conf/default/forwarding
    0
    
#### /proc/sys/vm/drop_caches
Writing to this file causes the kernel to drop clean caches, dentries and inodes
from memory, causing that memory to become free. To free pagecache, dentries and
inodes, use `echo 3 > /proc/sys/vm/drop_caches`. Because this is a
nondestructive operation and dirty objects are not freeable, you should run
`sync` first!
#### /proc/sysrq-trigger
Writing a character to this file triggers the SysRq function sent by the key.
This file is only writable by root.
If you don't know what sysreq is, [read the wikipedia page to find out more.][2]
#### /proc/sys/net/ipv4/ip _local_ port_range
This controls the ports locally available for opening. If you use for example an
apache or nginx proxy, that service will have to open two connections for each
request (one to the client, one to the backend). Setting this value higher will
in heavy load environments give a performance boost.
    
    
    cat /proc/sys/net/ipv4/ip_local_port_range 
    32768   61000
    
   [1]: https://www.digitalocean.com/?refcode=7435ae6b8212
   [2]: https://en.wikipedia.org/wiki/Magic_SysRq_key
---
License:
All the text on this website is free as in freedom unless stated otherwise. 
This means you can use it in any way you want, you can copy it, change it 
the way you like and republish it, as long as you release the (modified) 
content under the same license to give others the same freedoms you've got 
and place my name and a link to this site with the article as source.
This site uses Google Analytics for statistics and Google Adwords for 
advertisements. You are tracked and Google knows everything about you. 
Use an adblocker like ublock-origin if you don't want it.
All the code on this website is licensed under the GNU GPL v3 license 
unless already licensed under a license which does not allows this form 
of licensing or if another license is stated on that page / in that software:
    This program is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with this program.  If not, see .
Just to be clear, the information on this website is for meant for educational 
purposes and you use it at your own risk. I do not take responsibility if you 
screw something up. Use common sense, do not 'rm -rf /' as root for example. 
If you have any questions then do not hesitate to contact me.
See https://raymii.org/s/static/About.html for details.


AD: