I've got Ubuntu 20.04.2 on good hardware with Mate and all updated packages.
The process identifiers (pid's) are in the 800,000's after only 7 days of uptime.
how do I determine which process is launching so frequently to cause PIDs to get so large?
The output of dump-acct indicates thousands of occurrences of file and occasionally ping commands.
What's going on and how can I figure out what's launching so many processes?
What system process needs to run file and why?
the open source system monitor glances executes the /usr/bin/file command every N seconds for it's update. that was the source of thousands of file occurrences in the system accounting log.
this was verified quite clearly by running glances for 4 update cycles and verifying with the resulting output from dump-acct /var/log/account/pacct
with this explanation, there was likely no nefarious source of all those file entries.
this issue has caused me to monitor process number increase rate. this is a simple bash script to monitor pid rate:
loop_cnt=0
loop_cnt_max=10000
sleep_time=60 #5 # (seconds)
ppl=2 # ppl--> processes per loop from this script; remove this many new processes in the rate estimate
pid_cnt=sysctl -n kernel.ns_last_pid
let pid_cnt=$pid_cnt-1 # 1st loop only
while [ "$loop_cnt" -le "$loop_cnt_max" ];
do
pid_cnt_last=$pid_cnt
pid_cnt=sysctl -n kernel.ns_last_pid
let delta_pid=($pid_cnt - $pid_cnt_last - $ppl) # get pid delta over the last loop interval
let pid_rate=$delta_pid/$sleep_time
pid_rate=bc <<< "scale=2; $delta_pid/$sleep_time" # floating point arithmetic
echo 'pid_cnt=' $pid_cnt ', an increase of' $delta_pid,' over the last' $sleep_time, ' seconds, pid_rate=' $pid_rate '(pid/s), cnt = ' $loop_cnt ', and cnt_max = ' $loop_cnt_max
let loop_cnt=loop_cnt+1
sleep $sleep_time
done