Sniffing out Unix processes using pgrep

sniffing out martingreffe
Credit: Martingreffe

The pgrep command is a tool for looking through currently running processes based on a number of different attributes and providing the process IDs (PIDs), but it does a lot of other things as well. The available options won't necessarily be the same as you move from one system to another, but you're sure to discover some pgrep commands that will prove very useful when you're busy looking into what's running on your systems.

The most basic pgrep command will display the PIDs for whatever command you might be inquiring about. For example, if you want a list of all of the Apache daemons running on a web server, the pgrep httpd command does that easily.

$ pgrep httpd
2854
10596
10597
10598
10599
10600
10601
10602
10603
15142
17559

If you have the -c (count) option available, you can count the processes rather than showing their PIDs.

$ pgrep -c httpd
11

If you don't have the -c option available, you can do this instead:

$ pgrep -c httpd | wc -l
11

When you want to list PIDs for processes being run by some particular user, try the -u option as shown in this example. This allows you to search by username rather than process names.

$ pgrep -u zorro
17985
17986

Another pgrep option (-l) will allow you to see a user's process IDs along with the name of each process. The additional information can be extremely handy.

$ pgrep -u xyz
24201
24311
24312
$ pgrep -u xyz -l
24201 bash
24311 bash
24312 vim

You can also look at multiple users at a time if you like, simply by separating their usernames with commas.

$ pgrep -u xyz,apache,zorro -l
10596 httpd
10597 httpd
10598 httpd
10599 httpd
10600 httpd
10601 httpd
10602 httpd
10603 httpd
15142 httpd
17559 httpd
17985 sshd
17986 bash
18194 sshd
18195 bash
24201 bash
24311 bash
24312 vim

You can also do something like this if you want to clarify which user is running which of the listed processes.

$ for user in xyz apache zorro
> do
>   echo $user
>   pgrep -u $user -l
> done
xyz
apache
24201 bash
24311 bash
24312 vim
10596 httpd
10597 httpd
10598 httpd
10599 httpd
10600 httpd
10601 httpd
10602 httpd
10603 httpd
15142 httpd
17559 httpd
zorro
17985 sshd
17986 bash
18194 sshd
18195 bash

And, if you want to display only the oldest or the newest of the processes being run by some particular users, use the -n (newest) or the -o (oldest) option.

$ pgrep -u root -o -l
1 init
$ pgrep -u root -n -l
18192 sshd

You can also list process IDs for processes being run on some particular terminal.

$ pgrep -t pts/0
17986
$ pgrep -t pts/0 -l
17986 bash

If pgrep can be said to have a "partner in crime," that partner is pkill -- the command that makes terminating processes easier because you don't have to look up the process IDs before issuing the needed kill commands. In fact, these two commands -- pgrep and pkill -- share nearly all of their options -- with only a few exceptions. These two commands are generally, if not always, a lot more than friends. A quick check can determine that they're the same executable. In the command below, we can see that the commands use the same executable (same inodes).

$ ls -i /usr/bin/pgrep /usr/bin/pkill
3257815 /usr/bin/pgrep  3257815 /usr/bin/pkill

More on pkill soon!

This article is published as part of the IDG Contributor Network. Want to Join?

To express your thoughts on Computerworld content, visit Computerworld's Facebook page, LinkedIn page and Twitter stream.
Related:
Fix Windows 10 problems with these free Microsoft tools
Shop Tech Products at Amazon