Investigate system slowness by inspecting running processes with multiple ps output styles and filters. Produce targeted evidence for suspicious or high-cost processes, including a process tree view.
A developer reports that the system is running slowly. You need fast, CLI-only visibility into what is running, what is consuming resources, and whether any service-related process (like SSH) is behaving unexpectedly. Your job is to gather process evidence using multiple ps views and filters.
This is the first pass before you jump into deeper tooling
like top, htop, or per-service logs.
If you can’t explain what’s running, you can’t explain why
the host is slow.
ps -ef.
ps
variants.
ps aux.
ps piped to
grep.
ps -ejH or ps f).
ps -ef
ps -ef provides a broad view of everything
running, including parent/child relationships via PPID. This
is the fastest “what exists on the box right now” snapshot
using a predictable column layout.
UID PID PPID C STIME TTY TIME CMD
root 1 0 0 Jul18 ? 00:00:05 /sbin/init
syslog 313 1 0 Jul18 ? 00:00:02 /usr/sbin/rsyslogd
user1 1783 1234 1 11:10 pts/0 00:00:00 topps
A plain ps commonly shows what is attached to
your current TTY. This is useful when you are trying to
verify what you launched in the current session (and whether
something is stuck).
PID TTY TIME CMD
1783 pts/0 00:00:00 bash
1802 pts/0 00:00:00 psps aux
ps aux is a popular “resource view” because it
includes CPU and memory columns. It’s a quick way to spot
obvious offenders when someone says “the system is slow.”
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.1 22520 3364 ? Ss Jul18 0:05 /sbin/init
daemon 912 0.1 0.2 42636 4820 ? Ss 11:05 0:00 /usr/sbin/cron
user1 1801 0.5 1.5 102344 15432 pts/0 S 11:15 0:02 ./build.shps aux | grep sshd
# OR
ps -ef | grep sshdFiltering process lists is how you quickly isolate service daemons and their per-user sessions. This is also where you start noticing duplicate daemons, unexpected arguments, or runaway child processes.
root 1437 1 0 Jul18 ? 00:00:06 /usr/sbin/sshd -D
user1 1805 1437 0 11:16 ? 00:00:00 sshd: user1@pts/0ps -ejH
# OR
ps fA process tree helps you explain relationships. When a system is slow, you often find that a “small” parent process has a large set of children, or a daemon is spawning sessions unexpectedly.
PID PGID SID TTY TPGID STAT UID TIME COMMAND
1 1 1 ? -1 Ss 0 0:05 /sbin/init
91 91 91 ? -1 Ss 0 0:00 \_ /lib/systemd/systemd-journald
1437 1437 1437 ? -1 Ss 0 0:06 \_ /usr/sbin/sshd -D
1805 1805 1805 pts/0 1805 Ss 1000 0:00 \_ sshd: user1@pts/0ps -ef
: Full-format process listing (SysV style) showing PID, PPID,
and the full command line.
ps
: Shows processes associated with the current terminal by
default (useful for session-level inspection).
ps aux
: BSD-style process listing that includes CPU and memory
usage columns.
ps aux | grep <pattern>
: Quick filtering pattern to isolate processes by name or
argument.
ps -ejH
: Displays a process hierarchy (tree) view using indentation.
ps f
: Alternative tree-style display format.