Search our site for answers
Help Docs Server Administration Linux Server Administration Identifying which processes are using swap memory

Identifying which processes are using swap memory

Learn to pinpoint processes consuming swap memory. This guide explains how to use top and a custom script to identify culprits for efficient memory troubleshooting.
Cloud VPS Performance Troubleshooting
6 min read

Swap memory (or virtual memory) is a vital part of your server’s memory management, allowing the kernel to use disk space as an extension of RAM. This is not inherently a bad thing; it efficiently handles dormant processes, freeing up physical RAM for active tasks. (For a deeper dive into why swap is beneficial, please refer to our article on Understanding Swap Memory on Your Server).

While swap is beneficial, excessive or continuous active swapping can indicate a memory bottleneck. To address such issues, it’s crucial to identify which specific processes are utilizing the swap space.

Quickly see overall swap usage with top

Before diving into individual processes, you can quickly check your server’s overall swap usage using the top command:

  1. Open your terminal and run : top -c
    (The -c flag shows the full command path for processes).
  2. While top is running, press Shift + f. This opens the field management screen.
  3. Use your keyboard arrow keys to highlight SWAP in the list of available fields.
  4. Press either the d key or the Spacebar to select SWAP. This will add the SWAP column to your top display.
  5. Press q to return to the main top screen. You will now see a SWAP column, showing how much swap memory each process is using.
How to identify what is using swap memory

While top gives you a quick glance, for a more precise and sortable list of processes by their swap usage, you can use a simple script. This script iterates through all running processes and sums up their individual swap consumption.

Creating the identify.swap script

Method 1: “identify.swap” created using quick setups

This method creates the file and pastes the content in one go:

mkdir -p /root/bin/
cat <<EOM >/root/bin/identify.swap
#!/bin/bash
# Get current swap usage for all running processes
SUM=0
OVERALL=0
for DIR in `find /proc/ -maxdepth 1 -type d | egrep "^/proc/[0-9]"` ; do
    PID=`echo $DIR | cut -d / -f 3`
    PROGNAME=`ps -p $PID -o comm --no-headers`
    for SWAP in `grep Swap $DIR/smaps 2>/dev/null| awk '{ print $2 }'`
    do
        let SUM=$SUM+$SWAP
    done
    echo "$SUM : Swap Used - ($PROGNAME ) PID=$PID"
    let OVERALL=$OVERALL+$SUM
    SUM=0
done
echo "Overall swap used: $OVERALL"
EOM
chmod 700 /root/bin/identify.swap
Note

Hit the Enter key at the end.



Method 2: Manual Way (Step-by-step)

This method involves creating the file, setting permissions, and then pasting the content into it using a text editor (like nano or vi).

Create the directory and empty file:

  • Create the directory and empty file:
mkdir -p /root/bin/ 
touch /root/bin/identify.swap
  • Set executable permissions:
chmod 700 /root/bin/identify.swap
  • Edit the file and paste the script content: Open the file using your preferred text editor (e.g., nano /root/bin/identify.swap or vi /root/bin/identify.swap) and paste the following script content into it:
#!/bin/bash
# Get current swap usage for all running processes
SUM=0
OVERALL=0
for DIR in `find /proc/ -maxdepth 1 -type d | egrep "^/proc/[0-9]"` ; do
PID=`echo $DIR | cut -d / -f 3`
PROGNAME=`ps -p $PID -o comm --no-headers`
for SWAP in `grep Swap $DIR/smaps 2>/dev/null| awk '{ print $2 }'`
do
let SUM=$SUM+$SWAP
done
echo "$SUM : Swap Used - ($PROGNAME ) PID=$PID"
let OVERALL=$OVERALL+$SUM
SUM=0
done
echo "Overall swap used: $OVERALL"

Explanation of the script (applies to both methods):

  • mkdir -p /root/bin/: Creates a bin directory inside /root/ if it doesn’t already exist, which is a common place for custom root scripts.
  • #!/bin/bash: Shebang line, indicating the script should be executed with bash.
  • find /proc/ -maxdepth 1 -type d | egrep "^/proc/[0-9]": Finds all directories under /proc/ that represent running processes (these are numeric PIDs).
  • ps -p $PID -o comm --no-headers: Gets the command name for each PID.
  • grep Swap $DIR/smaps: Reads the smaps file for each process, which contains detailed memory maps, and filters for lines containing “Swap”.
  • awk '{ print $2 }': Extracts the second field (the swap size in KB) from the grep output.
  • let SUM=$SUM+$SWAP: Accumulates the swap usage for the current process.
  • echo "$SUM : Swap Used - ($PROGNAME ) PID=$PID": Prints the total swap used by the current process, its name, and PID.
  • let OVERALL=$OVERALL+$SUM: Keeps a running total of swap used by all processes.
  • chmod 700 /root/bin/identify.swap: Makes the script executable only by the root user.
Running the script

Once the script is created and made executable, you can run it and sort the output to see which processes are using the most swap:

/root/bin/identify.swap | sort -n | tail
  • sort -n: Sorts the output numerically.
  • tail: Shows the last 10 lines, which will be the processes using the most swap after sorting.

Example output (numbers are in KB):

14604 : Swap Used - (cpdavd ) PID=6237
23964 : Swap Used - (mysqld ) PID=2957
29480 : Swap Used - (python ) PID=6342
30912 : Swap Used - (python ) PID=6338
33812 : Swap Used - (python ) PID=6343
33940 : Swap Used - (python ) PID=6340
47312 : Swap Used - (spamd ) PID=12302
51824 : Swap Used - (spamd ) PID=3127
58800 : Swap Used - (spamd ) PID=30474
113096 : Swap Used - (clamd ) PID=3071
What to do after identifying high swap processes

Once you’ve identified processes consuming a significant amount of swap memory, you can take action. The most common approach is to restart the problematic service, which will typically clear its swap usage and reload its data into RAM (if available).

  • Restarting services:
    • If you see services like clamd (ClamAV daemon) or spamd (SpamAssassin daemon) using a lot of swap, restarting them can often resolve the issue. For example, restarting Exim (which often interacts with clamd and spamd) can clear their swap usage.
    • If a Java process is consuming a lot of swap, it might be related to specific services like cpanel-dovecot-solr or ElasticSearch. You can try restarting these services:
      • For cpanel-dovecot-solr:
        /scripts/restartsrv_cpanel_dovecot_solr
      • For ElasticSearch:
        systemctl restart elasticsearch.service
  • Long-Term solutions: If you consistently find processes using excessive swap, it’s an indicator that your server might be under-resourced for its workload. Consider:
    • Optimizing the application/service: Are there configuration changes that can reduce its memory footprint?
    • Adding more RAM: This is often the most effective solution for persistent memory pressure.
    • Reviewing swappiness settings: Only after careful consideration and understanding of its implications, with the help of the support team.

Conclusion

Identifying which processes are using swap memory is a valuable diagnostic step when troubleshooting server performance. By using tools like top for a quick overview and the provided script for detailed analysis, you can pinpoint memory-hungry applications and take appropriate action to optimize your server’s resources. If you need further assistance or encounter complex memory issues, Liquid Web’s Heroic Support® team is always ready to help.

Was this article helpful?