Linux Swapping - identifying the process

Hi

I ran the command

vmstat -s 

, the output is below

    2335876  total memory
      2307284  used memory
       902984  active memory
       953180  inactive memory
        28592  free memory
       445848  buffer memory
      1234196  swap cache
       779872  total swap
        57184  used swap
       722688  free swap
      1425586 non-nice user cpu ticks
       137569 nice user cpu ticks
      1253812 system cpu ticks
    136556548 idle cpu ticks
       499759 IO-wait cpu ticks
        80609 IRQ cpu ticks
        47344 softirq cpu ticks
      2631596 stolen cpu ticks
      7401052 pages paged in
     19325628 pages paged out
           24 pages swapped in
        14301 pages swapped out
            0 interrupts
    221749766 CPU context switches
   1398654642 boot time
       251203 forks

I can see some swapping of 57184 Kb like about 58MB approximately.

Is there any way to know which process name and timestamp at which this swapping occurred on machine ?

My aim is to make sure that there is no swapping on my system

Any help is much appreciated - Thanks

In that case, you need to add more memory to your system.

If your still struggling you can get information on processes that are swapping by using: top, the VIRT heading shows how much swapping a process is doing.
Not sure how you would identify time unless you continually monitor the system.
Please note swapping isn't a bad thing if the impact on performance is not apparent to the users.

The file "/proc/###/smaps" has all sorts of useful information about memory usage of individual processes, including swap space. It's way more detail than you're looking for but you can extract what you need and ignore the rest.

The only confusing part is that it breaks down memory usage by address segments so you can't just "grep" for "Swap:", sort the output and find the process with the most swap.

But this line:

grep 'Swap:' /proc/[0-9]*/smaps | gawk '$2 > 0'

will give you a raw dump of process id's with allocated swap space. The filename will identify the process. And if you sum up all the per-segment values for each process you'll have the total swap allocated for that process.

That could generate lots of lines of output though, depending on the number of processes running on the system, how much swap they have allocated and how that swap space is allocated to distinct memory segments within those processes. So some secondary parsing to find the interesting data will probably be necessary.

If you're up for installing some Python code to parse the data in /proc, you can clone the repository I published on Github here. GitHub - cnamejj/PyProc: Linux /proc data in a consistent, parsed format.

It won't help you find the process with the most swap with a single command line, but it will give ways to write scripts to pull data from the "smaps" file easier. There's a script included in the repo called "watch-process-smaps" which you could use to monitoring the memory allocations for one or more processes in near-realtime too. But that script itself will consume CPU and memory, so it's really just for diagnostic use IMO.

Finally, as dluk said there's nothing inherently evil about seeing some swapping. If the system doesn't have enough RAM to handle the workload it gets without slowing down, then that swapping would be a bad thing. Understanding the system in more detail is always a good thing though, since you might find a potential memory related problem before it causes noticeable performance issues.

Also, if your system runs into trouble with the available memory and starts swapping things out, the process with the most swap might not be the real problem in all cases. If you have some well behaved process that uses lots of RAM by design, but isn't CPU bound, then other more CPU-centric processes might wind up pushing the well-behaved processes memory to swap over time. So the process(es) that are out of control might be in memory and the well behaved ones might be swapped out.