Proc File System to Monitor Your Linux System – Introduction
In Linux, the /proc file system is a virtual file system that offers comprehensive details on the hardware, processes, and other runtime data of the system. Processes can read and write data about themselves and other processes on this dynamically constructed file system, which only resides in memory.
The virtual file system (VFS) in Linux is an overlay layer that provides a common interface for interfacing with different file systems. It offers a mechanism for many file systems to coexist on the same system without needing application developers to concern themselves with the particulars of each file system.
Usage of Proc
Use the mount command and the proc search to locate the location of the /proc file system. You can see that the proc directory is mounted here.
$ mount | grep proc
the proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=26,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=9506)
nfsd on /proc/fs/nfsd type nfsd (rw,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,relatime)
$
Moving to the /proc directory will reveal numerous folders with numbers in them; these numbers are just the process IDs (PIDs) for the processes that are now operating; the files with names are system-wide, generic files that are not tied to any specific process; and finally, there will be multiple files with names in the /proc directory:
$ cd /proc/
$ pwd
/proc
$ ls
1 157 22827 33 3413 3618 384 4709 512 5571 66 741 798 88 consoles keys scsi
10 15868 23 3340 3414 362 385 4768 513 5581 6723 742 799 880 cpuinfo key-users self
101 15900 23323 3341 3415 3622 39 4769 514 56 68 7466 8 891 crypto kmsg slabinfo
1033 16 23370 3342 346 363 392 4770 515 5637 69 747 80 9 devices kpagecount softirqs
104 17 23380 3343 3467 364 394 48 516 5652 7 75 800 906 diskstats kpageflags stat
10416 17580 23383 3344 347 365 4 4804 517 57 70 76 8367 928 dma loadavg swaps
105 18 23469 3346 349 37 40 4805 518 58 7071 77 839 96 driver locks sys
106 19 23491 3365 35 374 4094 4807 519 59 71 78 840 98 execdomains mdstat sysrq-trigger
107 2 23524 3366 351 375 4096 482 52 6 7199 783 842 9838 fb meminfo sysvipc
11 20767 23527 3392 352 376 41 483 53 601 72 784 8446 99 filesystems misc timer_list
11412 21 24 3397 3523 377 4180 49 5347 61 73 785 85 993 fs modules timer_stats
12 21014 26 3398 358 378 42 494 5348 62 735 786 86 994 interrupts mounts tty
120 21035 27 34 359 379 428 495 54 624 736 79 869 9970 iomem mtrr uptime
1263 21059 28 3408 36 38 43 508 5421 625 737 793 87 acpi ioports net version
1265 21083 29 3409 360 380 44 509 5463 63 738 794 870 buddyinfo ipmi pagetypeinfo vmallocinfo
1272 22 30 3410 3602 381 45 51 5464 636 739 795 874 bus irq partitions vmstat
13 22055 31 3411 3603 382 46 510 5500 64 74 796 878 cgroups kallsyms sched_debug zoneinfo
14 22074 32 3412 361 383 47 511 5519 65 740 797 879 cmdline kcore schedstat
$
Start by taking a look at some generic system files. The /proc/cpuinfo command, for instance, provides information on the system’s CPU, such as its make, model, number of cores, speed, CPU flags, etc.
$ cat /proc/cpuinfo
Similar information is available via /proc/meminfo on the system’s RAM or main memory. Additional statistics are also provided, such as the amount of free and utilized memory:
$ cat /proc/meminfo
Check the /proc/modules file to see all the loaded kernel modules:
$ cat /proc/modules
Look at /proc/filesystems to view all of the filesystems that are supported by your system:
$ cat /proc/filesystems
Look at the per-process files after that. Take systemd, for instance, which has a PID of 1:
$ ps aux | grep -i systemd | head -1
root 1 0.0 0.0 195976 9088 ? Ss Mar03 0:06 /usr/lib/systemd/systemd --switched-root --system --deserialize 22
$
Check out what is in /proc’s directory 1 by moving there. There are several files here, and their names kind of explain themselves:
$ cd /proc/1
$ pwd
/proc/1
$
$ ls
attr cmdline environ io mem ns pagemap sched stack task
autogroup comm exe limits mountinfo numa_maps patch_state schedstat stat timers
auxv coredump_filter fd loginuid mounts oom_adj personality sessionid statm uid_map
cgroup cpuset fdinfo map_files mountstats oom_score projid_map setgroups status wchan
clear_refs cwd gid_map maps net oom_score_adj root smaps syscall
$
Choose the current shell ID to see if these files are available for each of the processes. Run an echo to obtain that information. A unique variable called $$. $$ stores the PID of the current shell.
Cd into the directory at /proc that matches the PID’s number. The files resemble those for PID 1 o/r systemd nearly exactly:
$ echo $$
21059
$
$ cd /proc/21059
$ pwd
/proc/21059
$
$ ls
attr cmdline environ io mem ns pagemap sched stack task
autogroup comm exe limits mountinfo numa_maps patch_state schedstat stat timers
auxv coredump_filter fd loginuid mounts oom_adj personality sessionid statm uid_map
cgroup cpuset fdinfo map_files mountstats oom_score projid_map setgroups status wchan
clear_refs cwd gid_map maps net oom_score_adj root smaps syscall
$
Run a lengthy process to see what these files contain. Use the tty command to determine which terminal is currently open. then enter after typing the cat command. Before executing, this command will wait for your input:
$ tty
/dev/pts/2
$
$ cat
Find the PID of a cat on a different terminal by using the pgrep command:
$ pgrep cat
24335
$
Examine cmdline, the very first per-process file, now. This document displays the command line’s execution, including any options that are utilized, etc.
$ cat /proc/24335/cmdline
cat$
Examining the directory called cwd, which serves as a type of symbolic link (symlink) to the directory where the cat command was used in this case, which is /root, is the next step:
$ ls -l /proc/24335/cwd
lrwxrwxrwx. 1 root root 0 Mar 4 03:35 /proc/24335/cwd -> /root
$
When a binary is run, a process is launched, and by default, a few files are opened. It typically opens three standard ports: stdin, stdout, and stderr for standard input and output, respectively. You can see that it gives three symbolic links, all of which refer to the terminal (pts2) that was used to run the command, when you list the fd directory under /proc/ and then the PID:
$ ls -l /proc/24335/fd/
total 0
lrwx——. 1 root root 64 Mar 4 03:35 0 -> /dev/pts/2
lrwx——. 1 root root 64 Mar 4 03:35 1 -> /dev/pts/2
lrwx------. 1 root root 64 Mar 4 03:35 2 -> /dev/pts/2
$
Exe, a symlink referring to the exact location of the program that was executed, is another significant file. It is the cat command’s route in this instance:
$ ls -l /proc/24335/exe
lrwxrwxrwx. 1 root root 0 Mar 4 03:35 /proc/24335/exe -> /usr/bin/cat
$
Similar to this, you can inspect every environment variable set for the cat process by cat’ing the environ per-process file:
$ cat /proc/24335/environ
Use the following command to view the status of the process with PID 31154.
ls -ltr /proc/31154/status
To View the memory usage of the process with PID 1628, we can use the following command.
ls -ltr /proc/1628/statm
By reading the contents of the /proc/meminfo file, we may inspect the system memory. The command below can be used.
cat /proc/meminfo
Final Thoughts
System administrators who desire an easy, non-command method of accessing raw system information can find a wealth of useful data in the /proc directory. There are alternative ways to display the data in /proc, as I previously said.
Additionally, you wouldn’t want to use all of the information in /proc for system evaluation. Instead of reading one of the various /proc files, utilize tools like vmstat or iostat to acquire a better understanding of system performance.