Processes & System Monitoring

Learn how Linux processes work, how to monitor system activity, and how to manage running applications.

Learn how Linux runs applications, manages processes, allocates system resources, and monitors everything happening inside the operating system.

Difficulty: Beginner
Estimated reading time: 50 min

Introduction

Every application running on Linux eventually becomes:

A process.

When you open:

  • a terminal
  • a web server
  • Docker
  • a database
  • a Python script

Linux creates one or more processes to execute those programs.

Processes are one of the most fundamental parts of the operating system.

Without them:

  • applications could not run
  • multitasking would not exist
  • servers could not handle requests
  • modern operating systems would be impossible

Understanding processes is critical for:

  • Linux administration
  • DevOps
  • Docker
  • Kubernetes
  • debugging
  • performance analysis
  • server management

What Is a Process?

A process is:

A running instance of a program.

Example:

Program Running Process
bash Shell process
nginx Web server process
python Python interpreter
docker Docker daemon

When you execute:

python app.py

Linux creates a process for the Python interpreter.

That process receives:

  • memory
  • CPU time
  • system resources
  • a process ID

Program vs Process

This distinction is important.

Program Process
Static file on disk Running instance in memory
Example: /usr/bin/python Example: active Python execution

A program becomes a process only after execution.

How Linux Executes a Process

Simplified flow:

Command
Shell interprets command
Kernel creates process
Memory is allocated
CPU schedules execution
Process runs

The Linux kernel is responsible for process management.

Every Command Creates a Process

Even simple commands create processes.

Example:

ls

Linux:

  1. locates the executable
  2. creates a process
  3. executes the command
  4. returns output
  5. destroys the process

This entire lifecycle usually happens extremely fast.

Process IDs (PID)

Every process receives a unique number called:

PID (Process ID)

Example:

2314

The kernel uses PIDs to track and manage processes.

Viewing Running Processes

One of the most important Linux commands:

ps

Basic usage:

ps

More commonly:

ps aux

Example output:

USER       PID %CPU %MEM COMMAND
root         1  0.0  0.1 systemd
john      2031  0.1  0.3 bash
john      4312  1.2  2.0 firefox

Understanding ps aux

Column Meaning
USER Process owner
PID Process ID
%CPU CPU usage
%MEM Memory usage
COMMAND Executed command

This command gives a snapshot of running processes.

The Special PID 1

On modern Linux systems:

PID 1

is usually:

systemd

This is the first userspace process started during boot.

PID 1 is extremely important because it becomes the parent of many other processes.

If PID 1 dies:

The system usually crashes or shuts down.

Parent and Child Processes

Linux processes form a hierarchy.

Example:

systemd
 └── bash
      └── python

When one process launches another process:

  • the original becomes the parent
  • the new process becomes the child

This relationship matters for:

  • permissions
  • signals
  • resource management

Viewing Process Trees

Useful command:

pstree

Example:

systemd─┬─docker
        ├─nginx
        └─sshd───bash

This visualizes process relationships.

Very useful for debugging systems.

Real-Time Monitoring with top

One of the most important Linux monitoring tools:

top

This displays real-time system activity.

Example information:

  • CPU usage
  • memory usage
  • running processes
  • load averages
  • process states

Understanding top

Example section:

PID USER  %CPU %MEM COMMAND
4312 john  15.2  3.1 firefox

This means:

  • Firefox uses 15.2% CPU
  • Firefox uses 3.1% memory

Processes constantly compete for system resources.

The kernel schedules CPU time between them.

htop

A more modern alternative:

htop

Usually easier to read.

Features:

  • colored interface
  • interactive controls
  • process searching
  • easier navigation

Install:

sudo apt install htop

Many Linux administrators prefer htop.

Understanding CPU Usage

The CPU executes instructions for processes.

High CPU usage usually means:

  • heavy computation
  • inefficient code
  • infinite loops
  • overloaded servers

Example:

Process uses 100% CPU

This often indicates a runaway process.

Understanding Memory Usage

Processes also consume RAM.

If memory usage becomes too high:

  • systems slow down
  • swapping may occur
  • applications may crash

Linux constantly manages memory allocation dynamically.

What Is Swapping?

When RAM becomes full:

Linux may move inactive memory pages to disk.

This is called:

Swap.

Disk storage is much slower than RAM.

Heavy swapping usually causes severe performance degradation.

Understanding Process States

Processes can exist in different states.

Common states:

State Meaning
Running Currently executing
Sleeping Waiting for event/input
Stopped Paused
Zombie Finished but not cleaned up

Zombie Processes

A zombie process has already finished execution.

But its parent process has not yet collected the exit status.

Zombie processes usually consume very little memory.

However, excessive zombies may indicate application problems.

Foreground vs Background Processes

By default, commands run in the foreground.

Example:

python app.py

The terminal becomes occupied until the process finishes.

Running Processes in Background

Add &:

python app.py &

Now the process runs in the background.

The terminal remains usable.

Viewing Background Jobs

jobs

Example:

[1]+ Running python app.py &

Bringing Jobs to Foreground

fg

Bring specific job:

fg 1

This moves the background process back into the foreground.

Stopping Processes

Press:

Ctrl + C

This sends a signal to the process.

Usually:

SIGINT

The process may terminate gracefully.

What Is a Signal?

Signals are communication mechanisms between processes.

Linux uses signals to:

  • stop processes
  • pause processes
  • reload applications
  • notify events

Signals are extremely important in Unix systems.

The kill Command

Despite its name:

kill

does not always “kill” processes.

It sends signals.

Example:

kill 4312

This usually sends:

SIGTERM

which politely asks the process to terminate.

SIGTERM vs SIGKILL

This distinction is critical.

SIGTERM

Default signal:

SIGTERM

Behavior:

  • asks process to stop gracefully
  • allows cleanup
  • allows saving data

Preferred whenever possible.

SIGKILL

Forceful termination:

kill -9 4312

This sends:

SIGKILL

The kernel immediately destroys the process.

The process cannot ignore this signal.

This is powerful but dangerous.

Applications may lose unsaved data.

Finding Processes by Name

Use:

pgrep nginx

Or:

pkill nginx

This kills processes by name.

Useful for scripting and automation.

Monitoring Memory Usage

Useful command:

free -h

Example:

Mem: 16Gi used: 5Gi free: 8Gi

The -h flag means:

human readable

Monitoring Disk Usage

Processes constantly read and write data.

Useful commands:

df -h
du -sh

Understanding Load Average

Linux systems track load averages.

Example from top:

load average: 0.50, 0.75, 1.20

These values represent system workload over time.

Simplified:

Value Meaning
Low System idle
Moderate Normal activity
Very high Potential overload

Load average becomes extremely important on servers.

Real-World Example: Debugging a Slow Server

Imagine a production server becomes slow.

Typical workflow:

Check CPU Usage

top

Find high CPU process.

Check Memory

free -h

Look for RAM exhaustion.

Inspect Processes

ps aux

Find suspicious applications.

Monitor Logs

tail -f /var/log/syslog

Check for errors.

Restart Broken Process

sudo systemctl restart nginx

This is real Linux troubleshooting.

Why Process Knowledge Matters for DevOps

Modern infrastructure revolves around processes.

Examples:

Technology Process-Based?
Docker Yes
Kubernetes Yes
Nginx Yes
Databases Yes
CI/CD runners Yes

Containers themselves are ultimately isolated Linux processes.

Understanding Linux processes makes containerization much easier to understand later.

Linux as a Living System

One of the most important mindset shifts:

Linux is not static.

It is constantly:

  • creating processes
  • scheduling CPU tasks
  • allocating memory
  • managing I/O
  • handling networking
  • responding to signals

The operating system is alive with activity.

System monitoring tools simply expose what is already happening internally.

The Bigger Picture

Once you understand processes, Linux starts making much more sense.

You begin understanding:

  • how applications run
  • how services operate
  • why systems become overloaded
  • how Docker containers work
  • how Linux manages multitasking

Processes are one of the core building blocks of modern computing.

What Comes Next

In the next chapter, we will explore:

  • Linux services
  • daemons
  • startup systems
  • systemd
  • service management
  • boot processes
  • journal logs

This is where Linux infrastructure starts feeling truly professional.