Arista:
# bash
$ ps –ef | grep -i Stp
$ sudo kill PID
CheckPoint:
ps -auxww Report all active processes in the kernel we can see zombi process with this command (z)
You must first identify the parent process of these zombies;
ps -l -p <pid of zombie>
pidof fwd (splat)
pgrep -l sshd Find the PIDs of processes by (part of) name
ps axjf See in tree format also i can see parent pid )
pmap PID Memory map of process (good for hunting memory leaks)
Displaying the top 10 CPU-consuming processes (% of total usage)
ps aux | head -1; ps aux | sort -rn +2 | head -10
Displaying the processes in order of real memory use
ps vx | head -1 ; ps vx | grep -v PID | sort -rn +6 | head -10
Displaying the processes using whatchdog (CPWD) for (CDP,FWM,FWD)
cpwd_admin list
more explanation on this
post******************************************************
Kill a Firewall process
kill -9 (pid of process)
fw kill [-t sig] proc_name
Example:
fw kill -t 9 fwm
Also process can be kill with
top command and just press -k follow by process PID
Cisco:
# show processes cpu sorted
# clear sockets PID
F5
# ps ax | grep -i sshd
# kill -9 PID
Fortinet:
-check version
# fnsysctl cat /proc/version
Linux version 2.4.37 (root@build) #1 Mon Dec 4 20:51:05 UTC 2017
-check running daemon
# fnsysctl ls /var/run
alertmail.pid authd.pid bgpd.pid
cmdbsvr.pid cw_acd.pid daemon.pid
dhcpd.pid dnsproxy.pid eap_proxy.pid
fclicense.pid fcnacd.pid fgfmd.pid
fnbamd.pid foauthd.pid forticldd.pid
forticron.pid fsvrd.pid httpclid.pid
httpd.pid iked.pid imi.pid
init.pid ipsengine.pid ipsmonitor.pid
isisd.pid kmiglogd.pid merged_daemons.pid
miglogd000.pid miglogd001.pid nsm.pid
ntpd.pid ospf6d.pid ospfd.pid
pdmd.pid pim6d.pid pimd.pid
pyfcgid.pid ripd.pid ripngd.pid
snmpd.pid sshd.pid stpd.pid
telnetd.pid updated.pid uploadd.pid
wpad.pid zebos_launcher.pid
-check running PID
# fnsysctl ps
PID UID GID STATE CMD
1 0 0 S /bin/initXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
2 0 0 S [keventd]
3 0 0 S [ksoftirqd_CPU0]
4 0 0 S [kswapd]
5 0 0 S [bdflush]
6 0 0 S [kupdated]
7 0 0 S [memoryd]
8 0 0 S [khubd]
12 0 0 S [usb-storage-0]
13 0 0 S [scsi_eh_0]
31 0 0 S [mvl_link]
32 0 0 S /bin/cmdbsvr
38 0 0 S /bin/zebos_launcher
39 0 0 S /bin/nsm -L 2
40 0 0 S /bin/ripd -L 2
41 0 0 S /bin/ripngd -L 2
42 0 0 S /bin/ospfd -L 3
43 0 0 S /bin/ospf6d -L 2
44 0 0 S /bin/bgpd -L 3
45 0 0 S /bin/isisd -L 2
46 0 0 S /bin/pimd -L 2
47 0 0 S /bin/pim6d -L 2
48 0 0 S /bin/pdmd -L 2
49 0 0 S /bin/imi -L 2
50 0 0 S /bin/uploadd
51 0 0 S /bin/miglogd
52 0 0 S /bin/kmiglogd
53 0 0 S /bin/httpsd
55 0 0 S /bin/getty
56 0 0 S /bin/ipsmonitor
59 0 0 S /bin/merged_daemons
60 0 0 S /bin/fnbamd
61 0 0 S /bin/fclicense
62 0 0 S /bin/ipshelper
63 0 0 S /bin/forticron
64 0 0 S /bin/forticldd
65 0 0 S /bin/authd
66 0 0 S /bin/foauthd
67 0 0 S /bin/httpclid
68 0 0 S /bin/iked
69 0 0 S /bin/updated
70 0 0 S /bin/snmpd
71 0 0 S /bin/dhcpd
72 0 0 S /bin/miglogd 1
73 0 0 S /bin/ntpd
74 0 0 S /bin/sshd
75 0 0 S /bin/telnetd
78 0 0 S /bin/alertmail
79 0 0 S /bin/dnsproxy
80 0 0 S /bin/eap_proxy
81 0 0 S /bin/fgfmd
82 0 0 S /bin/cw_acd
83 0 0 S /bin/wpad_ac
84 0 0 S /bin/stpd
85 0 0 S /bin/fsvrd
87 0 0 S /bin/fcnacd
92 0 0 S /bin/httpsd
93 0 0 S /bin/httpsd
94 0 0 S /bin/httpsd
510 0 0 S /bin/pyfcgid
512 0 0 S /bin/pyfcgid
513 0 0 S /bin/pyfcgid
514 0 0 S /bin/pyfcgid
553 0 0 S /bin/sshd
554 0 0 S /bin/newcli
556 0 0 R ps
-you can use diag to check 100 the most 100 top resources with 25s delay, but the list not as comprehensive as “fnsysctl ps” above
# diag sys top 25 100
Run Time: 0 days, 8 hours and 15 minutes
0U, 0N, 0S, 100I; 499T, 253F
pyfcgid 510 S 0.0 5.1
pyfcgid 512 S 0.0 5.0
pyfcgid 513 S 0.0 5.0
pyfcgid 514 S 0.0 5.0
cmdbsvr 32 S 0.0 5.0
httpsd 94 S 0.0 4.7
httpsd 93 S 0.0 4.7
httpsd 53 S 0.0 4.1
cw_acd 82 S 0.0 4.0
httpsd 92 S 0.0 3.9
forticron 63 S 0.0 3.3
miglogd 51 S 0.0 3.3
newcli 560 R 0.0 3.1
newcli 554 S 0.0 3.1
fgfmd 81 S 0.0 3.0
ipshelper 62 S < 0.0 2.5
fcnacd 87 S 0.0 2.4
authd 65 S 0.0 2.3
iked 68 S 0.0 2.2
eap_proxy 80 S 0.0 2.2
-for example we want to check dhcp PID
# fnsysctl more /var/run/dhcpd.pid
71
-to kill dhcpd
# diag sys kill 9 71
or
# fnsysctl kill -9 71
-to disable dhcpd service
# config sys dhcp server
# edit 1
# set status dis
-to enable back
# set status ena
HP:
Juniper:
> show system processes extensive
last pid: 16727; load averages: 22.24, 22.19, 22.15 up 0+17:39:34 01:26:10
265 processes: 28 running, 215 sleeping, 1 zombie, 21 waiting
Mem: 970M Active, 128M Inact, 147M Wired, 230M Cache, 112M Buf, 386M Free
> start shell
% top
last pid: 37244; load averages: 0.04, 0.03, 0.00 up 16+16:18:49 09:19:44 52 processes: 1 running, 51 sleeping, , 1 zombie, 21 waiting
CPU states: 2.5% user, 0.0% nice, 0.6% system, 0.3% interrupt, 96.6% idle Mem: 429M Active, 69M Inact, 59M Wired, 165M Cache, 110M Buf, 258M Free
If the PID is identified from CLI, or the top command
% ps aux | grep –Wz
Pid=16396
Pid=13256
-to kill target PID
# kill -9 16396
Mikrotik:
PaloAlto:
Sangfor:
SonicWall:
Sophos:
Nbctcp's Weblog 