Find the process monopolizing the CPU without using “top”

Lets say you are on a system where top is not available (or other tools similar to it). Sound incomprehensible but believe me. There are systems which do not have any of those great tools available. So how do you find the process eating up most CPU? The humble ps command provides pcpu which is CPU percentage used by a process. Here is how.

ps -eo pcpu,pid,ruser,args | sort -r -k1 | less

This will give in reverse sort order the “pid” that is taking up most of pcpu and the ruser (real user) with args. So there you have it.

snmp : find network information of a system centrally

Anyone can login to a system and run ifconfig or netstat or other similar commands to find the network information of a system. But what will be even better? Do it remotely without logging in to each and every system. How? Using snmpwalk one can retrieve all this information provided that subject has both snmpd running, snmpd supporting network information and the querying host is allowed to make SNMP queries. Lets see how.

Interface table is covered by basic SNMP (just like system information, udp, tcp  socket information, address translation and snmp stats etc). Here is how to query the interface table to get the IP address and Subnet mask information.

unixite@sanbox:~/ > snmpwalk -v1 -c public sandboxS:161 1.3.6.1.2.1.4.20.1.1
iso.3.6.1.2.1.4.20.1.1.1.2.3.4 = IpAddress: 1.2.3.4
iso.3.6.1.2.1.4.20.1.1.127.0.0.1 = IpAddress: 127.0.0.1
iso.3.6.1.2.1.4.20.1.1.192.168.1.10 = IpAddress: 192.168.1.10
iso.3.6.1.2.1.4.20.1.1.10.0.0.2 = IpAddress: 10.0.0.2
unixite@sanbox:~/ > snmpwalk -v1 -c public sandboxS:161 1.3.6.1.2.1.4.20.1.3
iso.3.6.1.2.1.4.20.1.3.1.2.3.4 = IpAddress: 255.0.0.0
iso.3.6.1.2.1.4.20.1.3.127.0.0.1 = IpAddress: 255.0.0.0
iso.3.6.1.2.1.4.20.1.3.192.168.1.10 = IpAddress: 255.255.255.0
iso.3.6.1.2.1.4.20.1.3.10.0.0.2 = IpAddress: 255.255.0.0

First one here retrieves the IP addresses on the system while second one get the subnet masks. -c public has to be changed to right community string and also the version if your supports a different one. My system name here is sandboxS and snmpd is listening on default port 161. If not then you can change the port to match yours.

Howto rollover a file when size exceeds using unix find

Here is a one liner to rollover a file to file.old when it exceeds the size using find command. Lets say we have a script in cron that runs and prints messages in a log file. Overtime the log file will grow and we would want to rollover the log file to log.old. Many solutions exist by finding the size and comparing it. Here is one elegant solution in one liner. Thanks to my colleague Vlad who gave the idea for using find and exec, and I added the automatic substitution or brace expansion from my knowledge-base. Happy sharing of knowledge.

find /var/log/ -name myapp.log -size +1M -exec mv {}{,.old} ;

Continue reading

find broken symlinks

If you have a big project with multiple shared libraries, there is a chance to run into soft links that are no longer pointing anywhere. Here are couple of ways to find those dangling soft links that no longer point to any real file using the Unix find command.

These are in preferred order.

find /path/to/search -type l | (while read FN ; do /usr/bin/test -e "$FN" || echo "$FN"; done)
find /path/to/search -type l ! -exec /usr/bin/test -r {} ; -print
find -L /path/to/search -type l

So here is how these can be used to clean out those dangling soft links (again in preferred order). We use rm to ensure that any aliases don’t kick in. First one is the best way which is portable to most Unix platforms.

find /path/to/search -type l | (while read FN ; do /usr/bin/test -e "$FN" || rm -f "$FN"; done)
find -L /path/to/search -type l -exec rm -f {} ;
find -L /path/to/search -type l -delete

Note: When using in script, make sure to escape the properly.

Interoperability Issues between SunOS and Linux

-delete is not supported on SunOS find. It is available on GNU findutils. So using -exec to invoke rm command would be portable. As well as the test for existence /usr/bin/test -e is portable. Make sure to use /usr/bin/test instead of shell built in test because on sh the flag -e is not available.

Update (2011-08-12) : /usr/bin/test should be used for interoperability.

bash : run command on find results

Unix find command allows user to execute a command on the results by using -exec command. For example see below. {} get replaced by filename, Make sure to escape {} and ;.

find . -type f -exec ls -l {} ;

This triggers ls -l on all the files that were found. I used this with -maxdepth (how deep directory structure to examine) and -mtime (last modified time) to cleanup old files as below.

find /var/log -type f -mtime +30 -maxdepth 0 -exec rm -f {} ;

Continue reading

bash : brace expansion for automatic substitution

Bash expands a list of strings separated by commas with in braces to a list of strings separated by spaces. For example

[unixite@theunixtips:~/> echo 111-{aa,bb,cc}+{xx,yy,zz}-222
111-aa+xx-222 111-aa+yy-222 111-aa+zz-222 111-bb+xx-222 111-bb+yy-222 111-bb+zz-222 111-cc+xx-222 111-cc+yy-222 111-cc+zz-222
unixite@theunixtips:~/>

There should not be any space between suffix/prefix and the start/end bracket. Otherwise it is considered as a separate list. Now coming to a real world example where you can make use of this.

mv process.log{,.old} #This will move process.log to process.log.old
mv process.log.{old,oldest} #This will move process.log.old to process.log.oldest