Try using the top command like a skilled engineer

Hello.
I'm Mandai, in charge of Wild on the development team.

It is said that when so-called hackers log in to a server by bypassing various monitoring and blocking systems, the first command they use is the "w" command. The command to hit is probably the "ps" command or the "top" command.

This time, I'll take a more serious look at how to use the top command, which will set you apart from others.

Before you start

When you run the top command, it is divided into two areas: an upper summary area that displays the resources of the entire system, and a lower task area that displays running processes.

Many of the functions we will introduce from now on will affect one of these, and we will use them in the explanation, so please keep this in mind.

 

How to hit the top command

It might be a bit sudden, but after logging in via ssh, I think it's a bit of an amateurish method to lean forward a bit and say "top".

The top command can have arguments just like other commands, so there is no reason not to use this.
It's better to have the time to think about what arguments you need while you're logged in.

For example, to display the complete command being executed:

top -c

 

Let's say.

Also, if you want to change the default 3 seconds screen refresh

top -d 0.5 # Update the screen every 0.5 seconds

 

Let's say.

To issue the above two at the same time

top -c -d 0.5 # or top -cd 0.5 # The following is stupid top -dc 0.5

 

Let's say.
If you update the screen too quickly, the load will increase unexpectedly, so be sure to do it in moderation.

 

What you can do while running

Switching the display of the summary area

The summary area is divided into three main parts.

• Uptime (startup time) and overall load information (l) surrounded by a red frame
• CPU and task information (t) surrounded by a green frame
• Memory and swap information (m) surrounded by a blue frame

You can display/hide them by pressing the corresponding key (the key in parentheses).

Also, there is an important key, "1". If you press this key, if the CPU is multi-core, the load of each core will be displayed individually.

 

Switching task area display

Although you can see the current system load status on the default top screen, it is also true that there are many items that are not displayed.

If you press "f" while top is running, a list of items that top can display will be displayed, and you can set whether to show or hide them.
On this screen, you can move the cursor up and down, so move the cursor to the item you want to display and press ``d'' or the space key to make it bold, and that item will be displayed.

Swap usage, which is surprisingly difficult to obtain, can be obtained from the top screen.

Furthermore, if you move it up or down and then press the right button, the entire item will be selected, and by moving it up or down in that state, you can adjust the display order of the items.

The video below shows the swap usage displayed and brought to the front of the command.

 

signal transmission

If you are wondering what a signal is, please check wikipedia

Something equivalent to "kill [pid]" can be executed on top.

To do this, press "k" while running top. If you press the wrong key at this point, you can escape with the escape key.

The message "PID to signal/kill" will appear above the task area, so enter the process ID you want to kill.

Next, the message "Send pid [PID] signal [15/sigterm]" will appear, so send the signal name/signal number you want to send.
By default, it sends sigterm(15), so if the process doesn't die with this, try sending sigkill(9).

It is recommended because you can kill processes while looking at the top screen.

 

Split window mode for experts (alternate-display mode)

I don't know why, but top has an (alternate-display mode) that splits the screen into up to 4 parts to view running processes.

split mode (as we call it here, translated versions of man top it's called alternate view mode) and regular full-screen mode, press Shift + a.

The screen configuration at the moment you enter split mode is as follows.

Not the usual top! It's not a bug.
The idea is that the task area can hold up to four types, and you can adjust and switch fields according to the items you want to display.

The default is screen 1, and to move to another screen, press "a" to move forward and "w" to move backward.
Also, if you want to move to a specific page, press "g" and then press numbers 1 to 4, but since there are only 4 pages, you may never use them.

After moving the screen, press "Shift + a" to return to full screen mode.
The display format of the task area will then change and the process will fill the entire screen.

For each screen, you can use "f" to adjust the field and specify the field to be sorted, so you can make adjustments.

Adjustments made in split mode will return to their original state if you exit the program as is, so if you output the settings file described below, you will be able to start up with the settings reflected next time.

 

Predefine the output state at startup

When detecting an anomaly and checking the top, it is often a race against time, so you can consider it a waste of time to run it with arguments every time.
In that case, I think one way is to write it to the configuration file.

The configuration file that defines the display state is normally output to a file called "$HOME/.toprc" for each user.

The setting method is easy; all you have to do is set the display to your liking at the top, then press "W" to exit.
It's an uppercase W, so if you have Caps Lock turned off, enter it with "Shift + w".

The resulting file looks like this:

top's Config File (Linux processes with windows) Id:i, Mode_altscr=0, Mode_irixps=1, Delay_time=3.0, Curwin=0 2 fieldscur=\¨³´»½ÀÄ·º¹Å&')*+,-./012568<> ?ABCFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij winflags=193844, sortindx=18, maxtasks=0, graph_cpus=0, graph_mems=0 summclr=1, msgsclr=1, headclr=3, taskclr=1 Job fieldscur=¥¦¹· º(³´Ä»½@<§Å)*+,-./012568>?ABCFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij winflags=161076, sortindx=0, maxtasks=0, graph_cpus=0, graph_mems=0 summclr= 6, msgsclr=6, headclr=7, taskclr=6 1 fieldscur=\º»<½¾¿ ÀÁMBNÃD34·Å&'()*+,-./0125689FGHIJKLOPQRSTUVWXYZ[\]^_`abcdefghij winflags=193844, sortindx=21, maxtasks=0, graph_cpus=0, graph_mems=0 summclr=5, msgsclr=5, headclr=4 , taskclr=5 Usr fieldscur=\¦§¨ª°¹·ºÄÅ)+,-./1234568;<=>?@ABCFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghij winflags=193844, sortindx=3, maxtasks=0, graph_cpus =0, graph_mems=0 summclr=3, msgsclr=3, headclr=2, taskclr=3 fixed_widest=0, summ_mscale=0, task_mscale=0, Zero_suppress=0

 

Honestly, in this state, I have no idea what's going on (it's not unreadable if you check each one one by one), so I think it's best not to create this file manually.

Conversely, a well-configured file can be applied to other machines simply by copying and pasting, so even when building using chef or ansible, it can be easily reflected.

 

Prepare multiple configuration files for the top command

As you get more involved in configuring the top screen, you will probably want to prepare multiple screen settings and use them according to the situation.
However, the configuration file for top is "$HOME/.toprc", which I wrote earlier.

Actually, this was not the correct explanation.

Correctly, "$HOME/.[top name]rc" is correct.
I tried experimenting to find out what the name top means.

# Check the current top path $ which top /usr/bin/top # Create a symbolic link to /usr/bin/top in /usr/bin/mytop $ sudo ln -s /usr/bin/top /usr /bin/mytop # try running $ mytop

 

This runs correctly and top opens normally.

Now, if you change the fields and display and save it, a file called "$HOME/.mytoprc" will be created.

In this way, you can create symbolic links and write different configuration files.
Since you will be running your own customized top under a different name, it will not affect the normal top.

 

Start in batch mode

It is a big mistake to think that top is a tool that only displays the system status on the screen in real time.It is a big mistake to think that top is a tool that only displays the system status on the screen in real time. It also has a batch mode.
The following command will send the top result to standard output.

top -b -n 5 -d 0.5

 

Start in batch mode with the "-b" option, and specify the number of times to display with "-n".
Furthermore, specify the display interval using the "-d" option.

In this case, the results of the top screen 5 times will be sent to the standard output at 0.5 second intervals.

Of course, you can also pipe it to other commands, but the following commands are often incorrect.

top -b -n 5 -d 0.5 | head -n 5

 

If you try it, you'll understand what I mean.
If you look at the command, you can probably imagine what kind of result you want, but the top command is not suitable for this case.

 

summary

The top command is a useful command that is useful in a variety of situations, but did you know that it can become even more useful by customizing it?

The whole thing looks like this, but it's interesting that you can make it as elaborate as you like depending on your customization policy.

In this way, we monitor our servers 24 hours a day, 365 days a year.

That's it.