Monday, 5 December 2016

Monitoring Commands For Linux System Administrator Part 1

Top twenty Linux Server Monitoring Commands every Linux System Admin must know: 

 Top   -->  Top commands is used to check cpu most intensive task  running on the server  and process intervals. it can display system summary information as well as a list of task currently being managed by the Linux Kernel.


option can use:

  • -m     Display floating point value in the memory information.

  • k      kill any high unusable process taken pid  

  • t     display summary information of CPU and task state.

  • z     color 

2#vmstat  (Virtual Memory Statistics)

This command is used to collect and display summary information about operating system memory, processes, interrupts, paging and block i/o. 

  • # vmstat

  • #vmstat -m  (showing cache, number, total, size,  pages,)

  • # vmstat  -a   (showing information of about active/inactive memory swap, io, system ans cpu.)

3# W 

this command displays the information about the users currently logged in on the server from IP and process statistics.

4# uptime

this cmd is used to display the current time, how long the server has been running, how many users are currently logged in the server.

5# ps 

The ps command is used to display information about the currently running processes, including their PID's numbers.  you can take help for more option in man page.

  • # ps -a    

  • #ps -A

  • #  ps -AL      showing in long format.

  • # ps -ALF      

  • #ps -ef | grep  (particular name )    this display the particular process id 

  • #   ps -aux    this will provide detailed information

  • #ps -f   -p  (process id )    provide process information 

  • # ps -aux --sort=-pcpu,+pmem   (you can use | less in the last of the commands to make 

results scrollable. you can use also | head -10 in last of the commands to list only numbers ol line only.)

  • # ps -e -o pid,uname,pcpu,pmem,comm

6# Free

free command is use to see the Memory spaces in the system. below is examples to check in different different options:

  • # free 

  • #free -b   (With -b option you will get the memory status in bytes)

  • #free -k  (show in kilobyte)

  • #free -m  (show in megabytes)

  • #free -g (show in gigabytes)

  • #free --tera   (show results in terabyte if you have otherwise cannot show the cmd result)


iostat is system monitoring tool which is used to collect the system i/o for device, physical disks statistics average cpu load stat , it often use to check performance issues with storage devices, local disks and nfs.


  • #iostat -c  (will display the cpu statistics)

  • #iostat -d (will display the disk statistics)

  • #iostat -p sda   (it will display the sda HDD all partition status)

  • #iostat -N   (will show you the LVM device, mapper, partition statistics status)

  • # iostat -h  (show the nfs resports)

  • # iostat -k   (show in kb)

  • #iostat -m (show in mb)

  • #iostat -d 2 6   (display six reports at two intervals for devices)

  • # iostat -x (will display extended disk statistics )

8#netstat and ss 

(ss also work smiler netstat )

Netstat is use to display the network connection, routing tables, interface statistics, network interface controller, it list the all tcp,udp sockets connection and socket waiting connections,
it also show musquerade connection.

  • netstat -a    (will show the list of current connections)

  • netstat -at (this option list only tcp connection)

  • netstat -au (for UDP connection)

  • netstat  -ant    (is used to reverse dns lookup.)

  • netstat -tnl (list only network service an open to listen for incoming connections)

  • netstat -tp (will list the PID number of the ESTABLISHED connections)

        netstat -aple (check if a server like http,smtp or ntp)

                          Report processors related statistics. The mpstat command writes to standard output activities for each available processor, processor 0 being the first  one. 

mpstat -P ALL 2 5    (list all processes within 2 sec interval for 5 outputs)

There is lot more commands and tools to monitor Linux Servers like:

# iptraf   (need to intall through yum,rpm for first time)
               use to generate various network statistics including tcp info, udp info counts icmp and other protocol information, checksum error.                


tcpdump is used to track network packet analyzer.
prints  out a description of the contents of packets on a network interface that match the boolean expression.  It can also be run with the -w flag, which causes it to save the packet data  to  a  file  for later  analysis,  and/or  with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface.  In all cases, only packets that match expression will be  processed by tcpdump.

# tcpdump -i eth0   (it will capture all the packets which is flowing through eth0 interfaces.)

# tcpdump -c 2 -i eth0    (with -c 2 it will capture only 2 counts)

# tcpdump -n -tttt -i eth0 (capture packets with all readable timestamps using -tttt)

# tcpdump -w 000test.pcap -i eth0  (to save the output of the into file 000test.pcap)

# tcpdump -r  000test.pcap  (to read the saved file)

# tcpdump -nl -s 0 -A -i eth0 -c 50 port 80   (this will monitor all port 80 traffic on eth0 and display 50 lines of tcpdump)

your tribute is