Saturday, May 30, 2015


Hello everyone,
Today, I would like to talk about a very interesting tool called "whowatch". According to manpage, Whowatch is an console, interactive users and process monitoring tool. It displays information about the users currently logged on to the machine, in real-time. Besides  standard information (login name, tty, host, user's process), the type of the connection (ie. telnet or ssh) is shown. Display of users command line can be switch to tty idle time. Certain user can be selected and his processes tree may be viewed as well as tree of all system processes. Tree may be displayed with additional column that shows owner of each process. In the process tree mode SIGINT and SIGKILL signals can be sent to the selected process. Killing processes is just as simple and fun as deleting lines on the screen.

Whowatch has no command line options or configuration file. All actions are performed in real time.

You can install it with yum command:
yum install whowatch

Now, let's take a look to few examples. Just run whowatch on the command line:

                                                                               Figure 1 

A bunch of useful information are right there in the first page such as who has logged in, what daemon that user is using, what's ip address of remote user, a brief info in first line, and a menu on the bottom of page.
If you press d, you will see all info for that user:

                                                                               Figure 2 

If you press s, you will see all system info, almost everything, right there such as Boot time, CPU, Memory, Used Files, Used Nodes, Max Files, Max Inodes, Stat, Loaded Modules, File Systems, Partitions, Devices, and Block Devices. YOu must press Z to see all other information. It's really cool and handy.

                                                                                 Figure 3 

                                                                                   Figure 4

                                                                                    Figure 5 

If you press t, you will see a tree of all processes and related commands under user processes. For example, user khosro has logged in to machine via ssh and sshd daemon that is running on the machine and got access to bash and user is running top command right now.

                                                                                    Figure 6 
The same info just for a specific user can be find in Figure 1 if you press enter on the username, then you will see the same info (Figure 7). Those numbers are process id

                                                                                 Figure 7

Here, if you press d for details, you will see the details for that process. For example, highlight top (Figure 8) and then press d:

                                                                                    Figure 8 

If you press o, it shows you all owner of current processes:

                                                                                Figure 9

If You press l, it shows you the line numbers which is useful if you list lots of information.

                                                                                 Figure 10

If you press Control+K when you highlighted a process, it will kill that process. I press Control+K on "top" process for user khosro who has logged in via ssh in this example and Figure 11 shows the terminal for user khosro.

                                                                                  Figure 11 

Another useful command is "/" . Press / and you can search for anything. Here I searched for postgres and Figure 12 shows the output:

                                                                             Figure 12

and press Esc to exit whowatch. It is really a handy tool for system admins and it has decent info and also it's easy to work with it.
Hope you enjoyed.
Khosro Taraghi


  1. Nice article. I will try that whowatch() command later.

  2. Nice article. I will try that whowatch() command later.