# Copyright 2000 - 2004 George Shaffer # Anyone may use or modify this code for any purpose PROVIDED # that as long as it is recognizably derived from this code, # that this copyright notice, remains intact and unchanged. # No warrantees of any kind are expressed or implied. HOSTS=bsd-req,anotherhost-req,host3-opt,four-req HOST=bsd=6-r HOST=anotherhost=6-r HOST=host3=6-r HOST=four=6-r 6~^ PID TTY?\s+STAT\s+TIME COMMAND$ HOST=bsd=101-r,102-r,103-r,104-r,105-r HOST=anotherhost=101-r,102-r,103-r,104-r,105-r HOST=host3=101-r,102-r,103-r,104-r,105-r # BSD Kernel processes # In 2.7 all 5 appeared. In 2.8 only /sbin/init appears; the other # 4 are no longer listed by ps. 101~^ 0 \?\? [DR]Ls\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \(swapper\)$ 102~^ 1 \?\? [IS]W?s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/sbin\/init\s?$ 103~^ 2 \?\? DL\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \(pagedaemon\)$ 104~^ 3 \?\? [DR]L\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \(update\)$ 105~^ 4 \?\? [DR]L\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \(apm0\)$ HOST=four=111-r,112-r,113-r,114-r,115-r,116-r # four Kernel processes 111~^ 1 \?\s+S\s+[0-9]?[0-9]:[0-9]{2} init \[3\] 112~^ 2 \?\s+SW\s+[0-9]?[0-9]:[0-9]{2} \[kflushd\] 113~^ 3 \?\s+SW\s+[0-9]?[0-9]:[0-9]{2} \[kpiod\] 114~^ 4 \?\s+SW\s+[0-9]?[0-9]:[0-9]{2} \[kupdate\] 115~^ 5 \?\s+SW\s+[0-9]?[0-9]:[0-9]{2} \[kswapd\] 116~^ 6 \?\s+SW<\s+[0-9]?[0-9]:[0-9]{2} \[mdrecoveryd\] HOST=bsd=201-r,202-r,203-r,204-a,205-r,206-r HOST=anotherhost=201-r,202-r,203-r,204-a,206-r HOST=host3=201-r,202-r,203-r,204-a,206-r #BSD Daemons started at boot time 201~^ {0,4}[0-9]{1,5} \?\? [DS]s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} syslogd $ 202~^ {0,4}[0-9]{1,5} \?\? [IS]W?\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} CRON \(cron\)$ 203~^ {0,4}[0-9]{1,5} \?\? Ss\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} cron $ 204~^ {0,4}[0-9]{1,5} \?\? IW?s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/usr\/sbin\/sshd -Q $ 205~^ {0,4}[0-9]{1,5} \?\? (Ss|I)\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/usr\/sbin\/httpd YES $ 206~^ {0,4}[0-9]{1,5} \?\? [IS]W?s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} inetd $ HOST=four=230-r,231-r,232-a,233-r,234-a,235-r,236-r,238-r # four daemons started at boot time 230~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (\[automount\]|\/usr\/sbin\/automount --timeout 60 \/misc file \/etc\/auto) 231~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (syslogd -m 0|\[syslogd\]) 232~^ {0,4}[0-9]{1,5} \?\s+S\s+[0-9]?[0-9]:[0-9]{2} /usr/sbin/atd 233~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (crond|\[crond\]) 234~^ {0,4}[0-9]{1,5} \?\s+S?\s+[0-9]?[0-9]:[0-9]{2} CROND 235~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} \[?inetd\]? 236~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (httpd|\[httpd\]) 238~^ {0,4}[0-9]{1,5} \?\s+SW?\s+[0-9]?[0-9]:[0-9]{2} (\[xfs\]|xfs -droppriv -daemon -port -1) HOST=bsd=301-a,302-r,303-r HOST=anotherhost=301-a,302-r,303-r HOST=host3=301-a,302-r,303-r # Cron jobs 301~^ {0,4}[0-9]{1,5} \?\? [IS]W?s\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/bin\/sh -c \/bin\/sh $ 302~^ {0,4}[0-9]{1,5} \?\? [RS]\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/bin\/sh \/usr\/local\/bin\/wps 303~^ {0,4}[0-9]{1,5} \?\? R\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} ps -ax HOST=four=401-r,402-r # four cron jobs and other non terminal processes 401~^ {0,4}[0-9]{1,5} \?\s+S\s+[0-9]?[0-9]:[0-9]{2} \/bin\/sh -c \/usr\/local\/bin\/wps 402~^ {0,4}[0-9]{1,5} \?\s+R\s+[0-9]?[0-9]:[0-9]{2} ps -ax HOST=bsd=501-r HOST=anotherhost=501-a HOST=host3=501-a HOST=four=521-a # Local console only interactive processes 501~^ {0,4}[0-9]{1,5} C[0-5] IW?s\+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/usr\/libexec\/getty Pc ttyC[0-5] $ 521~^ {0,4}[0-9]{1,5} tty[1-6]\s+S\s+[0-9]?[0-9]:[0-9]{2} \[mingetty\] HOST=bsd=701-a,702-a,703-a,704-a,713-a HOST=anotherhost=701-a,702-a,703-a,704-a,712-a,713-a HOST=host3=701-a,702-a,703-a,704-a,712-a,713-a # Interactive processes from either local consoles or remote terminals 701~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]W?s\+?\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} -ksh \(ksh\)$ 702~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) \S+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} -csh \(csh\)$ 703~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) \S+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} ksh $ 704~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]\+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} less 712~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]\+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} sh -c sh 713~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]\+\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} /usr/bin/more -s /usr/share/man/cat./\S+ 714~^ {0,4}[0-9]{1,5} (p[0-4]|C[0-5]) [IS]W?[s+]\s+[0-9]?[0-9]:[0-9]{2}\.[0-9]{2} \/bin\/sh -c \/bin\/sh $ HOST=four=801-a # four (Linux) interactive processes, terminals or consoles. 801~^ {0,4}[0-9]{1,5} (pts\/[1-4]|tty[1-6])\s+S\s+[0-9]?[0-9]:[0-9]{2} -bash HOST=bsd=1-r,2-r,3-a,4-a,5-a,6-r HOST=anotherhost=1-r,2-r,3-a,4-a,5-a,6-r HOST=host3=1-r,2-r,3-a,4-a,5-a,6-r HOST=four=1-r,7-r,3-a,4-a,5-a,6-r # Header lines and user logins from w 1~\s+[0-9]+\s+users?,\s+load averages?: [0-9]\.[0-9]{2}, [0-9]\.[0-9]{2}, [0-9]\.[0-9]{2} 2~USER TTY FROM LOGIN@ IDLE WHAT$ 3~^(root|jack)\s+C[0-5] -\s+\S+\s+\S+\s+(\S.*$)$ 4~^jack\s+p[0-4]\s+198\.168\.89\.(86|85)\s+\S+\s+\S+\s+(\S.*$)$ 5~^jack\s+p[0-4]\s+(wks1|wks2)\.xyzinc\.com\s+\S+\s+\S+\s+(\S.*$)$ 6~^ PID TTY?\s+STAT\s+TIME COMMAND$ 7~USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT$