Methods and Technical Analysis for Retrieving Start Time of Long-running Linux Processes

Overview of Linux Process Start Time Retrieval Techniques

In Linux system administration and performance monitoring, accurately retrieving process start times is a common yet crucial requirement. Particularly for long-running service processes, knowing their exact start timestamps is essential for troubleshooting, performance analysis, and system monitoring.

Formatting Output Capabilities of the ps Command

The ps command in Linux systems provides rich formatting options to display process information. Using the -eo parameter allows specifying custom output formats, where the lstart formatter can display the complete start time of a process, including date and time information.

Basic syntax is as follows:

ps -eo pid,lstart,cmd

This command outputs the PID, full start time, and executed command for all processes. Example output:

  PID CMD                                          STARTED
    1 Tue Jun  7 01:29:38 2016 /sbin/init                  
    2 Tue Jun  7 01:29:38 2016 [kthreadd]                  
    3 Tue Jun  7 01:29:38 2016 [ksoftirqd/0]               
    5 Tue Jun  7 01:29:38 2016 [kworker/0:0H]              
    7 Tue Jun  7 01:29:38 2016 [rcu_sched]                 
    8 Tue Jun  7 01:29:38 2016 [rcu_bh]                    
    9 Tue Jun  7 01:29:38 2016 [migration/0]               
   10 Tue Jun  7 01:29:38 2016 [kdevtmpfs]                 
   11 Tue Jun  7 01:29:38 2016 [netns]                     
  277 Tue Jun  7 01:29:38 2016 [writeback]                 
  279 Tue Jun  7 01:29:38 2016 [crypto]                    

Methods for Obtaining Process Runtime Duration

Beyond retrieving specific start timestamps, practical applications often require knowing how long a process has been running. The ps command provides two formatters, etime and etimes, to meet this need.

Basic command to get runtime duration for a specified process:

ps -o etime= -p "$$"

Here, $$ represents the current shell's PID and can be replaced with any target process's PID. The output format is [[dd-]hh:]mm:ss, e.g., 01-12:30:45 indicates the process has run for 1 day, 12 hours, 30 minutes, and 45 seconds.

For scripting and automated processing, the etimes formatter is recommended:

ps -o etimes= -p "$$"

This command directly returns the process runtime in seconds, making it more suitable for numerical calculations and comparisons in scripts.

Underlying Implementation via the /proc Filesystem

The Linux ps command actually retrieves process information from the /proc filesystem. The /proc/$$/stat file contains detailed process status information, where the 22nd field records the process start time.

This information can be directly read using the awk command:

awk '{print "CPU time: " $14+$15; print "start time: " $22}' /proc/$$/stat

It is important to note that the time values recorded in the /proc filesystem are based on jiffies (kernel time units) relative to system boot time. Converting these to actual timestamps requires knowing the system boot time and the conversion ratio between jiffies and seconds.

Combining Process Search with Time Information

In practical applications, we often need to find start time information based on process names. This can be achieved by piping multiple commands together:

Find and display start time by process name:

ps -eo pid,comm,cmd,start,etime | grep -i "process_name" | grep -v grep

Get detailed information when PID is known:

ps -o pid,comm,cmd,start,etime -p <PID>

Time Format Conversion and Calculation

For scenarios requiring further processing of time information, other tools can be combined for format conversion and calculation. Below is a practical bash function example to convert etime output to runtime in minutes:

function running_time (){
    p=$1
    i=$(ps -o etime= $p)
    i=$(echo $i)
    len=${#i}
    [[ $len == 5 ]] && i="00-00:$i"
    [[ $len == 8 ]] && i="00-$i"
    [[ $len == 10 ]] && i="0$i"
    mins=$(echo ${i:0:2}*24*60+${i:3:2}*60+${i:6:2}|bc)
    echo $mins
}

For scenarios requiring second-level precision, more complex conversion logic can be used:

runtime=$(ps -o etime= -p <pid>)
runtime=$(date -d "1970-01-01 $((10#${runtime: -8: 2})):$((10#${runtime: -5: 2})):$((10#${runtime: -2: 2}))Z + $((10#$(echo "$runtime" | grep -oP "[0-9]+(?=-)"))) days" +%s)

Cross-Platform Compatibility Considerations

It is important to note that different Unix-like systems have variations in their implementation of the ps command. In FreeBSD systems, the command keyword must be used instead of comm:

ps x -o etime,command | grep -e sshd -e syslogd -e cron

The output format remains consistent as [days-][hours:]minutes:seconds, ensuring command portability across different systems.

Best Practice Recommendations

Based on different usage scenarios, the following best practices are recommended:

• Interactive Use: Use ps -eo pid,lstart,cmd to obtain complete start time information
• Script Programming: Use ps -o etimes= -p <PID> to get runtime in seconds for easier numerical calculations
• Monitoring Systems: Combine with the /proc filesystem to directly read process status information
• Cross-Platform Deployment: Prefer POSIX-standard etime formatter

By appropriately selecting different methods and tools, one can efficiently and accurately retrieve and manage time information for long-running processes in Linux systems, providing reliable data support for system monitoring and performance optimization.