Loading ...
Sorry, an error occurred while loading the content.

Re: How to find out what/who started a certain process?

Expand Messages
  • thad_floryan
    ... Hi Pascal, You re already received several replies with determining how clamav may have been started. Ed s suggestion using pstree will show the present
    Message 1 of 15 , Jul 27, 2013
    View Source
    • 0 Attachment
      --- In linux@yahoogroups.com, "Pascal" <pascal.bernhard@...> wrote:
      > [...]
      > So I checked the process and what did I find: Clamav was running
      > and like all anti-virus software under Windows using way too much
      > resources! I'm aware that I can renice the process or better still
      > set a CPU limit. What I want to know is:
      > 1: What/Who launched this process? Is Skype the culprit, or rather
      > some of Linux' security feature, since, well Skype nowadays comes
      > from that certain company, you know. I assume Linux regards it as
      > malware in principle :-)
      > How can I find an answer to that question what started Clamav?
      >
      > 2: This being a Ubuntu-derived distribution Bodhi-Linux uses APT
      > (apt-get) for package management, how can I determine what caused
      > clamav to be in the first place?

      Hi Pascal,

      You're already received several replies with determining how clamav may
      have been started. Ed's suggestion using 'pstree' will show the present
      process hierarchy.

      Googling just "skype and clamav" shows a very incestuous relationship
      between Skypa and ClamAV and Bodhi-Linux.

      Googling simply "how does clamav get invoked" finds these on the 1st
      page:

      http://www.clamav.net/doc/latest/clamdoc.pdf 263kB 48 pages

      http://weldon.whipple.org/sendmail/clamav-milter.html

      https://en.wikipedia.org/wiki/Clam_AntiVirus

      http://superuser.com/questions/43098/how-can-i-tell-if-clamav-is-running

      I don't run clamav on anything on my home LAN; I pay NTT-Japan/-Verio
      to operate my email/website and clamav is one of the components and the
      5, 10 and 15 minute load averages are usually all 0.0 so clamav should
      be quiescent until it's needed to process incoming email so that means
      it's in the "chain" after qmail along with procmail et al before email
      is moved to the directories for Dovecot's IMAP which interacts with an
      instance of Thunderbird on my end. It'd take a while to track the full
      chain so hopefully some of 4 URLs I cited about will help.
      placed

      Thad
    • ed
      ... Chris, Which version of apt-get are you looking at? Debian has had --purge for several releases, certainly in sarge and possibly etch. man apt-get, line
      Message 2 of 15 , Jul 28, 2013
      View Source
      • 0 Attachment
        On Sat, Jul 27, 2013 at 05:36:03PM -0500, C. Beck wrote:
        > On Sat, Jul 27, 2013 at 1:19 PM, ed <ed@...> wrote:
        > > [...]
        > > Perhaps the easiest, is to run
        > >
        > > # apt-get remove --purge clamav
        > >
        > > That will show you the dependencies and hopefully what requires it.
        >
        > I think '--purge' is dpkg... a quick check of the apt-get man pages
        > did not reveal that option. Did you mean '--simulate' maybe?

        Chris,

        Which version of apt-get are you looking at? Debian has had --purge for
        several releases, certainly in sarge and possibly etch.

        man apt-get, line 345:
        --purge
        Use purge instead of remove for anything that would be removed. An
        asterisk ("*") will be displayed next to packages which are
        scheduled to be purged. remove --purge is equivalent to the purge
        command. Configuration Item: APT::Get::Purge.

        --purge is technically superfluous above, since it's not required just
        to check dependencies but is helpful if the user wishes to follow
        through with the removal threat.

        --
        Best regards,
        Ed http://www.s5h.net/
      • Pascal
        ... for ... first ... Apparently clamav was not installed in order to fulfill dependency requirements:
        Message 3 of 15 , Jul 29, 2013
        View Source
        • 0 Attachment
          --- In linux@yahoogroups.com, ed <ed@...> wrote:
          >
          > On Sat, Jul 27, 2013 at 05:38:53PM -0000, Pascal wrote:
          > > Hi all,
          > >
          > > here again another 'Linux problem':
          > >
          > > I installed 'Skype' yesterday on my Bodhi-Linux (Works well actually also in
          > > conjunction with Pidgin and OTR, which hadn't been the case in the past on
          > > other distributions). Alas, I realized that my system was even slower
          > > (Intel(R) Celeron(R) CPU 2.50GHz Bogomips: 4996.23) than usually (And by now
          > > I can say that I'm somewhat hardened by dreadful experiences!!!)
          > > So I checked the process and what did I find: Clamav was running and
          > > like all anti-virus software under Windows using way too much resources!
          > > I'm aware that I can renice the process or better still set a CPU limit.
          > > What I want to know is:
          >
          > Is it really CPU that is in contention or is it IO? If IO then
          >
          > # ionice -c 3 -p $( pgrep clamd)
          >
          > may help.
          >
          > > 1: What/Who launched this process? Is Skype the culprit, or rather some of
          > > Linux' security feature, since, well Skype nowadays comes from that certain
          > > company, you know. I assume Linux regards it as malware in principle :-)
          > > How can I find an answer to that question what started Clamav?
          >
          > One thing you can try is to run
          >
          > $ pstree -capl $( pgrep clamd )
          >
          > This should give you a tree output of the process. However, if memory
          > serves clamd deamonizes, whilst clamscan (IIRC) is the client part which
          > communicates with the daemon so save loading large footprints.
          >
          > So this may not yield the answer.
          >
          > You can try
          >
          > $ grep clam /etc/cron* /etc/cro*/*
          >
          > Could be one of the crontabs is starting it. Perhaps an rc file too,
          >
          > $ grep clam /etc/init.d/*
          >
          > > 2: This being a Ubuntu-derived distribution Bodhi-Linux uses APT (apt-get)
          for
          > > package management, how can I determine what caused clamav to be in the
          first
          > > place?
          >
          > Perhaps the easiest way, is to run
          >
          > # apt-get remove --purge clamav
          >
          > That will show you the dependencies and hopefully what requires it.
          >

          Apparently clamav was not installed in order to fulfill dependency requirements:

          ________________________________________________________________________________

          root@Bodhi-Mobile:~# apt-get remove clamav
          Reading package lists... Done
          Building dependency tree
          Reading state information... Done
          The following packages will be REMOVED:
          clamav
          0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
          After this operation, 578 kB disk space will be freed.


          I asked in the Bodhi-Linux forum and was told that clamav does not come by
          default with a neww installation of Bodhi. So I still do not know how it
          arrived on my system.
          There was no cron job invoking clamav but some stuff in /etc/init.d:

          ________________________________________________________________________________

          pascal@Bodhi-Mobile:~$ grep clam /etc/init.d/*
          /etc/init.d/clamav-freshclam:# Provides: clamav-freshclam
          /etc/init.d/clamav-freshclam:# Should-Start: clamav-daemon
          /etc/init.d/clamav-freshclam:DAEMON=/usr/bin/freshclam
          /etc/init.d/clamav-freshclam:NAME=freshclam
          /etc/init.d/clamav-freshclam:CLAMAV_CONF_FILE=/etc/clamav/clamd.conf
          /etc/init.d/clamav-freshclam:FRESHCLAM_CONF_FILE=/etc/clamav/freshclam.conf
          /etc/init.d/clamav-freshclam:PIDFILE=/var/run/clamav/freshclam.pid
          /etc/init.d/clamav-freshclam:[ -f /var/lib/clamav/interface ] && INTERFACE=`cat
          /var/lib/clamav/interface`
          /etc/init.d/clamav-freshclam: [ -n "$User" ] || User=clamav
          /etc/init.d/clamav-freshclam: db_input critical clamav-base/numinfo || true
          /etc/init.d/clamav-freshclam:[ -n "$DataBaseDirectory" ] ||
          DataBaseDirectory=/var/run/clamav
          /etc/init.d/clamav-freshclam:[ -z "$UpdateLogFile" ] &&
          UpdateLogFile=/var/log/clamav/freshclam.log
          /etc/init.d/clamav-freshclam:[ -z "$DatabaseDirectory" ] &&
          DatabaseDirectory=/var/lib/clamav/
          /etc/init.d/clamav-freshclam:[ -n "$DatabaseOwner" ] || DatabaseOwner=clamav
          /etc/init.d/clamav-freshclam: su "$DatabaseOwner" -p -s /bin/sh -c "freshclam
          -l $UpdateLogFile --datadir $DatabaseDirectory"
          /etc/init.d/clamav-freshclam: if [ -f /etc/cron.d/clamav-freshclam ]; then
          /etc/init.d/postfix:# Should-Start: postgresql mysql clamav-daemon postgrey
          spamassassin saslauthd dovecot
          /etc/init.d/postfix:# Should-Stop: postgresql mysql clamav-daemon postgrey
          spamassassin saslauthd dovecot
          ________________________________________________________________________________

          It could an I/O issue, but how would I check that? More precisely is there a way
          to determine what is causing such a high system load? As far as I have
          understood the concept, the factor is (exclusively/mainly?) generated by the
          degree CPU, RAM and hard drives are in demand thus a higher value means more
          resources are used up. As a rule of thumb the computer wil get noticeably
          slower as soon as the factor is above the number of CPU cores available,
          although is does not only depend on the power of the processor. Am I correct in
          this regard?

          Thanks for your help
        • C. Beck
          ... I should have saved that message as a draft and checked when I had time to read more carefully. Had I been using my brain, I would have just typed man
          Message 4 of 15 , Jul 29, 2013
          View Source
          • 0 Attachment
            On Sun, Jul 28, 2013 at 9:32 AM, ed <ed@...> wrote:
            >
            >
            >
            > On Sat, Jul 27, 2013 at 05:36:03PM -0500, C. Beck wrote:
            > > On Sat, Jul 27, 2013 at 1:19 PM, ed <ed@...> wrote:
            > > > [...]
            >
            > > > Perhaps the easiest, is to run
            > > >
            > > > # apt-get remove --purge clamav
            > > >
            > > > That will show you the dependencies and hopefully what requires it.
            > >
            > > I think '--purge' is dpkg... a quick check of the apt-get man pages
            > > did not reveal that option. Did you mean '--simulate' maybe?
            >
            > Chris,
            >
            > Which version of apt-get are you looking at? Debian has had --purge for
            > several releases, certainly in sarge and possibly etch.
            >
            > man apt-get, line 345:
            > --purge
            > Use purge instead of remove for anything that would be removed. An
            > asterisk ("*") will be displayed next to packages which are
            > scheduled to be purged. remove --purge is equivalent to the purge
            > command. Configuration Item: APT::Get::Purge.
            >

            I should have saved that message as a draft and checked when I had
            time to read more carefully. Had I been using my brain, I would have
            just typed "man apt-get | grep purge". Using the previous command
            shows me that purge is present as a command "apt-get purge" (which
            I've used in the past) and also as an option "--purge", which I didn't
            realize existed.

            My messup started when I checked the differences with and without the
            --purge (assuming the intention wasn't to uninstall in the first
            place), and I got an error on purge. Checking bash history shows
            that I spelled purge as "pruge" - demonstrating the second time in a
            short period that the old the brain shut down. Clearly it was time
            for a nap!

            > --purge is technically superfluous above, since it's not required just
            > to check dependencies but is helpful if the user wishes to follow
            > through with the removal threat.

            That makes sense now. But will it only purge if the dependency is not
            in use by something else?

            So my updated understanding is that 'apt-get remove --purge <package>'
            will show any other packages/libraries getting removed that depend on
            clamav. But if a separate package installed ClamAV to make use of one
            or more of its libraries, my thought is that APT will quietly remove
            ClamAV while ignoring anything flagged as in-use by another program...
            Is that right? I can't think of a good example to test this, and don't
            have access to the internet on my linux machine here anyway... Any
            ideas on that?

            fwiw; apt-cache has the options 'depends' and 'rdepends', which could
            be another way to go in tracking down libraries installed with clamAV
            that could then be checked individually by "apt-get purge
            <package>"... or rdepends, maybe.

            ---apt-cache manual excerpt---
            depends pkg(s)
            depends shows a listing of each dependency a package has and all
            the possible other packages that can fulfill that dependency.
            rdepends pkg(s)
            rdepends shows a listing of each reverse dependency a package has.
            ---end---

            In any case, thanks for teaching me how to read! I'll stick with grep
            next time. :)

            Best,
            Chris
          • ed
            ... Not a problem. ... If clamav requires something in its depends, then it will be installed first. If you later choose to remove clamav then the dependencies
            Message 5 of 15 , Jul 29, 2013
            View Source
            • 0 Attachment
              On Mon, Jul 29, 2013 at 12:14:14PM -0500, C. Beck wrote:
              > I should have saved that message as a draft and checked when I had
              > time to read more carefully. Had I been using my brain, I would have
              > just typed "man apt-get | grep purge". Using the previous command
              > shows me that purge is present as a command "apt-get purge" (which
              > I've used in the past) and also as an option "--purge", which I didn't
              > realize existed.
              >
              > My messup started when I checked the differences with and without the
              > --purge (assuming the intention wasn't to uninstall in the first
              > place), and I got an error on purge. Checking bash history shows
              > that I spelled purge as "pruge" - demonstrating the second time in a
              > short period that the old the brain shut down. Clearly it was time
              > for a nap!

              Not a problem.

              > > --purge is technically superfluous above, since it's not required just
              > > to check dependencies but is helpful if the user wishes to follow
              > > through with the removal threat.
              >
              > That makes sense now. But will it only purge if the dependency is not
              > in use by something else?
              >
              > So my updated understanding is that 'apt-get remove --purge <package>'
              > will show any other packages/libraries getting removed that depend on
              > clamav. But if a separate package installed ClamAV to make use of one
              > or more of its libraries, my thought is that APT will quietly remove
              > ClamAV while ignoring anything flagged as in-use by another program...
              > Is that right? I can't think of a good example to test this, and don't
              > have access to the internet on my linux machine here anyway... Any
              > ideas on that?

              If clamav requires something in its depends, then it will be installed
              first. If you later choose to remove clamav then the dependencies will
              remain, but will be suggested to you for removal.

              Not entirely sure, if the separate program didn't get installed through
              deb package management then there's nothing to tell deb that a library
              is still required.

              > fwiw; apt-cache has the options 'depends' and 'rdepends', which could
              > be another way to go in tracking down libraries installed with clamAV
              > that could then be checked individually by "apt-get purge
              > <package>"... or rdepends, maybe.
              >
              > ---apt-cache manual excerpt---
              > depends pkg(s)
              > depends shows a listing of each dependency a package has and all
              > the possible other packages that can fulfill that dependency.
              > rdepends pkg(s)
              > rdepends shows a listing of each reverse dependency a package has.
              > ---end---
              >
              > In any case, thanks for teaching me how to read! I'll stick with grep
              > next time. :)

              Here's something cool that you may like to play around with:

              # apt-get install graphviz
              $ apt-cache dotty build-essential > /tmp/build-essential \
              && dot -Tps /tmp/build-essential > /tmp/build-essential.ps \
              && evince /tmp/build-essential.ps

              This should give you a nice dependency diagram :)

              (not sure what the different symbols are, I'll have to do some reading
              myself).

              --
              Best regards,
              Ed http://www.s5h.net/
            • ed
              ... Well at least that s nice and clean :) ... Looks like freshclam is provided by clamav-freshclam. Might be worth doing: # apt-get remove --purge
              Message 6 of 15 , Jul 29, 2013
              View Source
              • 0 Attachment
                On Mon, Jul 29, 2013 at 03:07:02PM -0000, Pascal wrote:
                > [...]
                > Apparently clamav was not installed in order to fulfill dependency requirements:
                >
                > ________________________________________________________________________________
                >
                > root@Bodhi-Mobile:~# apt-get remove clamav
                > Reading package lists... Done
                > Building dependency tree
                > Reading state information... Done
                > The following packages will be REMOVED:
                > clamav
                > 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
                > After this operation, 578 kB disk space will be freed.

                Well at least that's nice and clean :)

                > I asked in the Bodhi-Linux forum and was told that clamav does not come by
                > default with a neww installation of Bodhi. So I still do not know how it
                > arrived on my system.
                > There was no cron job invoking clamav but some stuff in /etc/init.d:

                > pascal@Bodhi-Mobile:~$ grep clam /etc/init.d/*
                > /etc/init.d/clamav-freshclam:# Provides: clamav-freshclam
                > /etc/init.d/clamav-freshclam:# Should-Start: clamav-daemon

                Looks like freshclam is provided by clamav-freshclam.

                Might be worth doing:

                # apt-get remove --purge clamav-freshclam clamav-daemon

                There might be some dependencies here.

                > It could an I/O issue, but how would I check that? More precisely is there a way
                > to determine what is causing such a high system load? As far as I have
                > understood the concept, the factor is (exclusively/mainly?) generated by the
                > degree CPU, RAM and hard drives are in demand thus a higher value means more
                > resources are used up. As a rule of thumb the computer wil get noticeably
                > slower as soon as the factor is above the number of CPU cores available,
                > although is does not only depend on the power of the processor. Am I correct in
                > this regard?

                I've found dstat to be wonderfully helpful here. It shows you IO load.
                Doesn't show you what's using it but it's a nice screen scroller. If you
                want process level stats take a look at /proc/$$/stat.

                There's also iotop.

                --
                Best regards,
                Ed http://www.s5h.net/
              • thad_floryan
                ... Hi Ed, And let s not forget ntop [network top]: http://sourceforge.net/projects/ntop/ I m surprised there isn t a ramtop program, but there is GKrellM
                Message 7 of 15 , Jul 29, 2013
                View Source
                • 0 Attachment
                  --- In linux@yahoogroups.com, ed <ed@...> wrote:
                  > [...]
                  > There's also iotop.

                  Hi Ed,

                  And let's not forget ntop [network top]:

                  http://sourceforge.net/projects/ntop/

                  I'm surprised there isn't a ramtop program, but there is GKrellM which
                  is a graphical monitor of all things on the system:

                  http://en.wikipedia.org/wiki/GKrellM see screenshot there

                  GKrellM (GNU Krell Monitors) is a computer program based on
                  the GTK+ toolkit that creates a single process stack of system
                  monitors. It can be used to monitor the status of CPUs, main
                  memory, hard disks, network interfaces, local and remote
                  mailboxes, and many other things. Plugins are available for a
                  multitude of tasks, e.g. controlling the XMMS media player or a
                  SETI@home client from within the stacked monitor.

                  Released under the terms of the GNU General Public License,
                  GKrellM is free software.

                  GKrellM is the closest thing for Linux to the Process Explorer for
                  Windows systems which is free (see screenshot at 1st URL below):

                  http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx

                  http://download.sysinternals.com/Files/ProcessExplorer.zip

                  Another good one for Windows is System Explorer which is also free:

                  http://www.systemexplorer.net see screenshot there

                  http://systemexplorer.net/download.php

                  Thad
                • Pascal
                  ... Didn t know about GKrellM, looks like a more polished version of conky. ... Nice to get tipps for windows on a Linux list! :-p Please do not take issue,
                  Message 8 of 15 , Aug 1, 2013
                  View Source
                  • 0 Attachment
                    --- In linux@yahoogroups.com, "thad_floryan" <thad@...> wrote:

                    > I'm surprised there isn't a ramtop program, but there is GKrellM which
                    > is a graphical monitor of all things on the system:
                    >
                    > http://en.wikipedia.org/wiki/GKrellM see screenshot there
                    >
                    > GKrellM (GNU Krell Monitors) is a computer program based on
                    > the GTK+ toolkit that creates a single process stack of system
                    > monitors. It can be used to monitor the status of CPUs, main
                    > memory, hard disks, network interfaces, local and remote
                    > mailboxes, and many other things. Plugins are available for a
                    > multitude of tasks, e.g. controlling the XMMS media player or a
                    > SETI@home client from within the stacked monitor.
                    >
                    > Released under the terms of the GNU General Public License,
                    > GKrellM is free software.
                    >

                    Didn't know about GKrellM, looks like a more polished version of conky.

                    > GKrellM is the closest thing for Linux to the Process Explorer for
                    > Windows systems which is free (see screenshot at 1st URL below):
                    >
                    > http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
                    >
                    > http://download.sysinternals.com/Files/ProcessExplorer.zip
                    >
                    > Another good one for Windows is System Explorer which is also free:
                    >
                    > http://www.systemexplorer.net see screenshot there
                    >
                    > http://systemexplorer.net/download.php

                    Nice to get tipps for windows on a Linux list! :-p
                    Please do not take issue, Thad....

                    Then I have another question:

                    Is there a way to find out for which processes data have been transferred from physical RAM to SWAP?

                    Another one:

                    In a forum thread about "correct" partitioning for a Linux system, there was some discussion on the necessity of a SWAP partition for modern computers with 4GB RAM and more. And one guy argued that having several SWAP files with each a size of maximum 2GB (instead of a SWAP partition) would increase performance as data could be read more quickly due to the limited file size. What are your thoughts about that? Does it make sense or is that rather drivel by a not-so-knowledgeable person?

                    Pascal
                  • ed
                    ... Something like this may be what you re after: $ ps -eo user,sess,pgrp,ppid,pid,pcpu,rss,vsz,comm vsz is the amount of virtual memory, rss is the amount of
                    Message 9 of 15 , Aug 1, 2013
                    View Source
                    • 0 Attachment
                      On Thu, Aug 01, 2013 at 05:49:31PM -0000, Pascal wrote:
                      > [...]
                      > Is there a way to find out for which processes data have been
                      > transferred from physical RAM to SWAP?

                      Something like this may be what you're after:

                      $ ps -eo user,sess,pgrp,ppid,pid,pcpu,rss,vsz,comm

                      vsz is the amount of virtual memory, rss is the amount of memory in RAM.
                      So if RSS is smaller than VSZ then you have memory in swap.

                      > Another one:
                      >
                      > In a forum thread about "correct" partitioning for a Linux system,
                      > there was some discussion on the necessity of a SWAP partition for
                      > modern computers with 4GB RAM and more. And one guy argued that having
                      > several SWAP files with each a size of maximum 2GB (instead of a SWAP
                      > partition) would increase performance as data could be read more
                      > quickly due to the limited file size. What are your thoughts about
                      > that? Does it make sense or is that rather drivel by a
                      > not-so-knowledgeable person?

                      Well, on a 32Bit OS there could possibly be some truth in that,
                      possibly, in that addressing >4GB requires number computations outside
                      of 32bit int. Otherwise, no, I can't see a benefit. Remember, the
                      longest time would be spent in transferring data from disk and into RAM,
                      compared to working in plain RAM, this is an eternity.

                      As for two swap files, there is some benefit but only if those are
                      different physical disks. Some of our systems have swap on mirrors,
                      which has some benefit compared to single spinning disks.

                      --
                      Best regards,
                      Ed http://www.s5h.net/
                    • thad_floryan
                      ... Hi Pascal, I haven t heard of conky before. ... No problemo! :-) A number of companies have a mix of systems with Windows typically being used by the
                      Message 10 of 15 , Aug 1, 2013
                      View Source
                      • 0 Attachment
                        --- In linux@yahoogroups.com, "Pascal" <pascal.bernhard@...> wrote:
                        > --- In linux@yahoogroups.com, "thad_floryan" <thad@> wrote:
                        > > [...]
                        > > http://en.wikipedia.org/wiki/GKrellM see screenshot there
                        > > [...]
                        >
                        > Didn't know about GKrellM, looks like a more polished version of
                        > conky.

                        Hi Pascal,

                        I haven't heard of 'conky' before.

                        > > [...[
                        > > GKrellM is the closest thing for Linux to the Process Explorer for
                        > > Windows systems which is free (see screenshot at 1st URL below):
                        > >
                        > > http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
                        > > http://download.sysinternals.com/Files/ProcessExplorer.zip
                        > > [...]
                        > > http://www.systemexplorer.net see screenshot there
                        > > http://systemexplorer.net/download.php
                        >
                        > Nice to get tipps for windows on a Linux list! :-p
                        > Please do not take issue, Thad....

                        No problemo! :-) A number of companies have a mix of systems with
                        Windows typically being used by the execs, marketing and sales people
                        and linux by the techies. I was really surprised when I started at
                        Levanta (formerly Linuxcare) and noted they had more Windows systems
                        than Linux systems; the Windows systems were, as I wrote above, being
                        used by all the execs except the CEO and the CTO who both were using
                        Linux, and all the other exec and marketing and sales people were also
                        using Windows. I supported both the Linux and Windows people and the
                        entire infrastructure both at HQ and at the colo center which included
                        all the web servers, asterisk server, email server, printers, etc --
                        essentially everything including rebuilding and upgrading the door
                        access and all other security facilities. It was really a surprise to
                        me to receive an early morning phone call on 31-March-2008 to come in
                        and close down the company after a board meeting the day before (which
                        was a Sunday) due to actions by Novell the previous week which totally
                        disrupted the company's arrangements with 5 other companies.

                        > Then I have another question:
                        >
                        > Is there a way to find out for which processes data have been
                        > transferred from physical RAM to SWAP?

                        Ed already replied much as I would have done.

                        > Another one:
                        >
                        > In a forum thread about "correct" partitioning for a Linux system,
                        > there was some discussion on the necessity of a SWAP partition for
                        > modern computers with 4GB RAM and more. And one guy argued that
                        > having several SWAP files with each a size of maximum 2GB (instead
                        > of a SWAP partition) would increase performance as data could be
                        > read more quickly due to the limited file size. What are your
                        > thoughts about that? Does it make sense or is that rather drivel by
                        > a not-so-knowledgeable person?

                        Ed replied with some really good points.

                        Back in the old days when disks didn't have as much capacity, it was
                        common to have a small [SCSI] disk for swapping only so the main HDs
                        wouldn't be having as much arm motion (which takes time and also tends
                        to hasten a disk's EOL due to wear-and-tear).

                        I still allocate swap space a wee bit larger than actual RAM on a
                        single-disk install more out of habit than anything else.

                        HOWEVER, there is a VERY important consideration for those who use
                        laptops and want to hibernate or suspend: you'll need a swap space
                        larger than RAM because both RAM and a lot of context (e.g., which
                        programs, etc.) need to be saved there for a hibernate/suspend. I
                        don't use my laptops that way but many do and I'm sure there are some
                        guidelines that can be found by searching the 'Net. Here's what I
                        just searched for and it found what appears to be very good advice:

                        how much swap space for linux to allow hibernate or suspend

                        Hmmm, I may have erred using the term "suspend [to RAM]"; "sleep"
                        seems to be the situation using the swap area per glancing over the
                        précis of each hit from the above search.

                        Thad
                      • J
                        ... Yep... suspend is the S3 sleep state which is a low-power state that essentially shuts down all but the most critical components providing enough power to
                        Message 11 of 15 , Aug 2, 2013
                        View Source
                        • 0 Attachment
                          On Thu, Aug 1, 2013 at 11:08 PM, thad_floryan <thad@...> wrote:

                          > HOWEVER, there is a VERY important consideration for those who use
                          > laptops and want to hibernate or suspend: you'll need a swap space
                          > larger than RAM because both RAM and a lot of context (e.g., which
                          > programs, etc.) need to be saved there for a hibernate/suspend. I
                          > don't use my laptops that way but many do and I'm sure there are some
                          > guidelines that can be found by searching the 'Net. Here's what I
                          > just searched for and it found what appears to be very good advice:
                          >
                          > how much swap space for linux to allow hibernate or suspend
                          >
                          > Hmmm, I may have erred using the term "suspend [to RAM]"; "sleep"
                          > seems to be the situation using the swap area per glancing over the
                          > précis of each hit from the above search.

                          Yep... suspend is the S3 sleep state which is a low-power state that
                          essentially shuts down all but the most critical components providing
                          enough power to keep the RAM state and be able to revive the system on
                          a pre-defined event like a lid-open or RTC alarm or button press.
                          AFAIK, the disk is never touched when doing an S3 sleep unless the
                          system just happened to be doing a write to disk when S3 was
                          initiated, but swap shouldn't come into it.

                          S4, or Hibernate, writes the contents of RAM and then some to disk, as
                          Thad explained. My general recommendation for laptops is 1.5xRAM...
                          so a 4GB laptop would be perfectly safe with a 6GB swap partition.
                          But YMMV and Use Common Sense... becuase on an 8GB Laptop, you really
                          don't need 12GB of Swap, unless you want it.

                          My view on swap in general is that if you are at a point where you
                          need swap, you need more RAM and you need to run less stuff (or you've
                          got something with a nasty memory leak).

                          That said, my server type machines all have 1GB swap files just to
                          provide a little buffer, though it's never hit because I don't run
                          them hard enough to need disk swapping of memory pages.
                        • thad_floryan
                          ... Right. I have a swap area setup more out of habit (over the years) than any perceived real need. I will regularly have 20 instances of Firefox up and
                          Message 12 of 15 , Aug 3, 2013
                          View Source
                          • 0 Attachment
                            --- In linux@yahoogroups.com, J <dreadpiratejeff@...> wrote:
                            > [...]
                            > My view on swap in general is that if you are at a point where you
                            > need swap, you need more RAM and you need to run less stuff (or you've
                            > got something with a nasty memory leak).
                            >
                            > That said, my server type machines all have 1GB swap files just to
                            > provide a little buffer, though it's never hit because I don't run
                            > them hard enough to need disk swapping of memory pages.

                            Right. I have a swap area setup more out of habit (over the years) than
                            any perceived real need. I will regularly have >20 instances of
                            Firefox up and running (since I grab pages before they disappear on
                            news sites) even on systems with only 4GB RAM and no problems at all;
                            for the curious, I don't like tabbed browsing since it complicates
                            how one backs up to the beginning, so clicking a URL while holding the
                            shift key down brings up a new FF with the clicked-on URL page. It's
                            fast and I see neither any inefficiencies nor swap usage.

                            With a few exceptions, due to my budget most of my "new" computer
                            purchases of the past 6 years have been refurbs which I quickly max
                            out with RAM and HD, often upgrading the CPUs (AMD and Intel) to the
                            "fastest" supported by the BIOS and motherboard, and replacing stock PSUs with newer "green" PSUs capable of higher power demands and they
                            actually use less power thanks also to CPU scaling. For example, see
                            this screenshot:

                            http://thadlabs.com/PIX/CentOS_6.2_desktop.jpg 122kB

                            noting both CPU monitors at the top are showing "1GHz" -- those scale
                            up to 2.3GHz (and up to 2.6GHz on my second dc5850) when I really do
                            some number crunching or compiling.

                            Weirdest thing is the new PSUs must be doing something "funny" to the
                            power lines because [up to a point] the more systems I power up the
                            less electrical power is being charged that day (I have a Time-of-Use
                            SmartMeter). I generally average 15-18kW/day usage (except on laundry
                            days) and when running 4-5 computers more than usual the billable
                            usage will drop to around 14kW -- I have no explanation for this and
                            I'm not complaining as it must be some phasing interactions since the
                            incoming power is 3-phase 240VAC which is split to single-phase 120VAC
                            for all circuits except the stove, main oven, and clothes dryer which
                            operate on 240VAC. Here's the power meter:

                            http://thadlabs.com/PIX/Thad_TOU_power_meter.jpg 148kB

                            Thad
                          Your message has been successfully submitted and would be delivered to recipients shortly.