Hello everyone,
Today, I would like to talk about a very interesting tool called
"whowatch". According to manpage, Whowatch is an console, interactive
users and process monitoring tool. It displays information about the users
currently logged on to the machine, in real-time. Besides standard information (login name, tty, host,
user's process), the type of the connection (ie. telnet or ssh) is shown.
Display of users command line can be switch to tty idle time. Certain user can
be selected and his processes tree may be viewed as well as tree of all system
processes. Tree may be displayed with additional column that shows owner of
each process. In the process tree mode SIGINT and SIGKILL signals can be sent
to the selected process. Killing processes is just as simple and fun as
deleting lines on the screen.
Whowatch has no command line options or configuration file. All
actions are performed in real time.
You can install it with yum command:
yum install whowatch
Now, let's take a look to few examples. Just run whowatch on
the command line:
Figure 1
A bunch of useful information are right there in the first page
such as who has logged in, what daemon that user is using, what's ip address of
remote user, a brief info in first line, and a menu on the bottom of page.
If you press d, you will see all info for that user:
Figure 2
If you press s, you will see all system info, almost
everything, right there such as Boot time, CPU, Memory, Used Files, Used Nodes,
Max Files, Max Inodes, Stat, Loaded Modules, File Systems, Partitions, Devices,
and Block Devices. YOu must press Z to see all other information. It's really
cool and handy.
Figure 3
Figure 4
Figure 5
If you press t, you will see a tree of all processes and
related commands under user processes. For example, user khosro has logged in
to machine via ssh and sshd daemon that is running on the machine and got
access to bash and user is running top command right now.
Figure 6
The same info just for a specific user can be find in Figure 1
if you press enter on the username, then you will see the same info (Figure 7).
Those numbers are process id
Figure 7
Here, if you press d for details, you will see the details for
that process. For example, highlight top (Figure 8) and then press d:
Figure 8
If you press o, it shows you all owner of current processes:
Figure 9
If You press l, it shows you the line numbers which is useful
if you list lots of information.
Figure 10
If you press Control+K when you highlighted a process, it will
kill that process. I press Control+K on "top" process for user khosro
who has logged in via ssh in this example and Figure 11 shows the terminal for
user khosro.
Figure 11
Another useful command is "/" . Press / and you can
search for anything. Here I searched for postgres and Figure 12 shows the
output:
Figure 12
and press Esc to exit whowatch. It is really a handy tool for
system admins and it has decent info and also it's easy to work with it.
Hope you enjoyed.
Khosro Taraghi