10.6-10.10 Monitoring IO Performance free Command PS Command View Network Linux under Grab Bag

seven weeks two sessions (March 20)
10.6 Monitoring IO Performance
10.7 Free Command
10.8 PS Command
10.9 Viewing network status
10.10 Linux under Grab bag

Extended TCP three-time handshake four times wave http://www.doc88.com/p-9913773324388.html
Tshark several usages: http://www.aminglinux.com/bbs/thread-995-1-1.html

10.6 Monitoring IO Performance

Two commands for the status of a disk

Iostat-x disk usage

Iotop Disk usage

In our operations, disk IO is also an important indicator in addition to looking at memory CPU performance.

Sometimes, memory and CPU clearly have surplus, but the system load is very high, with Vmstat view status, you will find B and WA larger, this indicates that the system disk has bottlenecks. So, to see the status of the disk in more detail.

Monitor system Status

The Iostat command was installed when the Sysstat was installed.

Usage can be #iostat or #iostat 1

Usage is similar to Vmstat.

[Email protected] sed]# Iostat

Linux 3.10.0-693.el7.x86_64 (centos7.4-01) March 20, 2018 _x86_64_(1 CPU)

AVG-CPU:%user%nice%system%iowait%steal%idle

0.06 0.00 0.16 0.08 0.00 99.69

Device:tps kb_read/s kb_wrtn/s Kb_read Kb_wrtn

SDA 0.68 8.63 1.40 107340 17392

SDB 0.02 0.29 0.00 3612 0

dm-0 0.00 0.08 0.00 1036 0

Here you can see the SDA SDB two hard disk and read, write speed This command looks not very rich,

Because these #sar-b can be seen.

[Email protected] sed]# Sar-b

Linux 3.10.0-693.el7.x86_64 (centos7.4-01) March 20, 2018 _x86_64_(1 CPU)

11:25 06 sec LINUX RESTART

11:30 02 Sec. TPs Rtps Wtps bread/s bwrtn/s

11:40 01 sec 0.07 0.00 0.07 0.00 1.27

11:50 01 sec 0.30 0.14 0.16 3.84 3.76

12:00 01 sec 0.07 0.01 0.06 0.78 0.68

12:10 01 sec 0.11 0.02 0.09 0.31 1.14

12:20 01 sec 0.88 0.41 0.47 11.15 11.03

12:30 01 sec 0.04 0.00 0.04 0.00 0.55

12:40 01 sec 0.05 0.00 0.05 0.00 0.53

[Email protected] sed]# iostat-x

Linux 3.10.0-693.el7.x86_64 (centos7.4-01) March 20, 2018 _x86_64_(1 CPU)

AVG-CPU:%user%nice%system%iowait%steal%idle

0.06 0.00 0.15 0.07 0.00 99.72

device:rrqm/s wrqm/s r/s w/s rkb/s wkb/s avgrq-sz avgqu-sz await r_await w_await SVCTM%util

SDA 0.00 0.01 0.36 0.23 7.32 1.23 29.14 0.01 15.13 5.89 29.42 2.64 0.15

SDB 0.00 0.00 0.02 0.00 0.25 0.00 29.25 0.00 1.53 1.53 0.00 0.93 0.00

Dm-0 0.00 0.00 0.00 0.00 0.07 0.00 48.19 0.00 3.53 3.53 0.00 1.47 0.00

Focus Point

%util This column represents an IO wait

Disk usage, how much time it takes to CPU, a portion of the CPU that is processed by the process, calculated. There is also a part of waiting for IO, waiting for disk to read and write.

How much of this waiting time is%util

If this wait time is bigger, the reading and writing follow the big. Prove that the disk read and write in a busy state, if the reading and writing is not big, just%util large indicates that the hard disk may have problems, faulty. If the hard drive is very slow, it will certainly affect performance, even if the CPU is very strong, the operation is fast, hard disk can not keep up, there will be a big bottleneck.

such as the discovery of disk IO is very busy, very frequent, you can use #iotop (first run requires installation)

It is similar to top and is also dynamic display, sorting.

[Email protected] sed]# Iotop

10.7 Free Command

The free command can view the total memory size and usage of the current system.

The free command for the CentOS 7 system shows a more concise result than CentOS 6, but the general content is consistent.

[[email protected] ~]# free

Total used free shared buff/cache available

mem:1008152 126864 605284 6880 276004 702136

swap:2097148 0 2097148

Three lines, the first line is the description, the second row of memory usage, the third row swap swap partition usage. The second line of memory is what you need to focus on.

Add-m so that its output unit is m,

[Email protected] ~]# free-m

Total used free shared buff/cache available

mem:984 123 591 6 269 685

swap:2047 0 2047

-H Displays the current appropriate units * commonly used

[Email protected] ~]# free-h

Total used free shared buff/cache available

mem:984m 123M 591M 6.7M 269M 685M

swap:2.0g 0B 2.0G

The Linux system will allocate a portion of memory to the Buff/cache

How to distinguish between buffer and cache

000 is the data

000 (disk)--memory (cache)-->CPU

When the CPU is calculated, it needs to read the data out of the disk and put it into memory temporarily, this memory is the cache.

CPU---memory (buffer)---disk

The data is CPU-bound and is about to be written to disk, with the memory buffer.

Because the speed of data conversion between disk and CPU is somewhat different, it is necessary to alleviate this speed conversion through memory.

Total=used+free+buff/cache

Avaiable: How much memory the system can use.

The avaiable contains the remainder of free and buffer/cache. (Available is the focus point)

Total and available are different.

10.8 PS Command

The PS command is a specialized display of the system process, which is a snapshot of the current process. Equivalent to the Task Manager for Windows.

#ps aux lists all the processes in the system

View System A process uses grep to filter

Format # PS aux |grep process name

[[Email protected] ~]# PS aux |grep nginx

Root 1831 0.0 0.0 112676 984 pts/0 r+ 17:45 0:00 grep--color=auto nginx

[Email protected] ~]# ps-elf This usage is similar to #ps aux. All processes are displayed

The PID represents the ID of the process.

#kill PID can kill the related process the usage format is #kill 1346.

Each process has a directory/proc/505 (PID)/

Focus Point

STAT Status

D A process that cannot be interrupted, usually IO. This state directly affects the load on the system.

RRun state of the process, some time period in the use of CPU.

Theprocess of the S sleep state.

T has stopped or paused the process. If we run a command, such as Vmstat 1, when we press CTRL + Z to pause the process, the PS command displays the T state.

Test

[[email protected] ~]# vmstat run #vmstat command

procs-----------Memory-------------Swap-------io-----system--------CPU-----

R b swpd free buff cache si so bi bo in CS us sy ID WA St

3 0 0 604728 2076 274284 0 0 8 2 48 54 0 0 100 0 0

[Email protected] ~]# Vmstat 1

procs-----------Memory-------------Swap-------io-----system--------CPU-----

R b swpd free buff cache si so bi bo in CS us sy ID WA St

2 0 0 604868 2076 274316 0 0 8 2 48 54 0 0 100 0 0

0 0 0 604852 2076 274316 0 0 0 0 45 41 0 0 100 0 0

0 0 0 604852 2076 274316 0 0 0 0 63 53 1 0 99 0 0

^z

[1]+ has stopped Vmstat 1

[[Email protected] ~]# PS aux |grep vmstat show T status

Root 1878 0.0 0.1 148316 1356 pts/0 T 18:09 0:00 vmstat 1

Root 1884 0.0 0.0 112676 980 pts/0 s+ 18:09 0:00 grep--color=auto vmstat

[[email protected] ~]# FG back to front desk

Vmstat 1

2 0 0 604224 2076 274452 0 0 124 149 23199 21059 0 0 100 0 0

0 0 0 604224 2076 274452 0 0 0 0 47 43 0 0 100 0 0

[[Email protected] ~]# PS aux |grep vmstat at this time Vmstat is already in s+ state, s+ status indicates sleep and is in the foreground. + indicates the foreground.

Root 1878 0.0 0.1 148316 1356 pts/0 s+ 18:09 0:00 vmstat 1

Root 1917 0.0 0.0 112676 980 PTS/1 r+ 18:18 0:00 grep--color=auto vmstat

Z Zombie process.

<: High-priority process. CPU resources are prioritized for use by this process.

N: Low-priority process.

L: Memory paging is locked in memory.

S: The main process, the back nginx or the PHP-FPM service will often have its shadow.

L: multithreaded process, meaning that this process has multiple threads.

The biggest differences between threads and processes are:

1 processes contain threads, threads are sub-units of processes, and a process has multiple threads.

2 All threads under the same process share the same memory (the threads are shared with each other between threads), and the memory between processes is isolated from each other.

+: foreground process.

Start time

Time to start

command, and top command is the same.

10.9 Viewing network status

This section learns the netstat command, which is used to view network status.

Linux server has a lot of services, service often with the client to communicate with each other, it means that it should have a listening port, there is a port for external communication. Netstat is a state that looks at TCP/IP traffic.

Install a service to the system, install an nginx, and provide a Web service .... With these services, you need to listen to a port for these services. Under normal circumstances, a machine, it is not any port monitoring, if there is no port, there is no way to listen.

* Learn what the socket file does.

[[email protected] ~]# NETSTAT-LNP listening port to print which ports the current system launches.

[[email protected] ~]# Netstat-an View TCP/IP status

View TCP UDP Status

[Email protected] ~]# NETSTAT-LTUNP

Active Internet connections (only servers)

Proto recv-q send-q Local address Foreign address State Pid/program Name

TCP 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 949/sshd

TCP 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1055/master

TCP6 0 0::: $:::* LISTEN 949/sshd

TCP6 0 0:: 1:25:::* LISTEN 1055/master

UDP 0 0 127.0.0.1:323 0.0.0.0:* 577/chronyd

UDP6 0 0:: 1:323:::* 577/chronyd

[[email protected] ~]# Netstat-an |awk '/^tcp/{++sta[$NF]} END {for (key in STA) print key, "\ T", Sta[key]} '

LISTEN 4

Established 1

Focus on established, if this number is large, it means the system is busy.

#ss-an can also view the TCP/IP status

View Listen status

#ss-an |grep-i Listen

PPT in *centos7.aminglinux.com

* Learn what the socket file does. Three-time handshake process.

10.10 Linux under Grab Bag

Introduced

Grab Bag Tool

Sometimes you might want to look at what packets are on a network card, especially if you have a traffic attack on your initial binding server and use the grab kit to get the packets to know which IPs are attacking.

#tcpdump-nn-i network card name (network card name can be viewed in ifconfig)

[[email protected] ~]# tcpdump-nn-i ens33 Source address IP address display

About data information:

The first column is the time, the second column is the IP, the source IP, the port > Where to go to the destination IP destination IP Port flage start packet information.

The primary concern is the source IP and the source port.

-nn the first n IP is displayed numerically, and if not added, the hostname is displayed. General use-nn

[[email protected] ~]# tcpdump-n-i ens33 Source Address host name display

The SSH you see is Port 22, and if you do not know that SSH represents 22 ports, such as other names that do not know the specified port, then it is easy to see the details.

Information one by one pairs should come back with

* Learn about DDoS attacks, UDP flood UDP flood attacks.

Specify port

[Email protected] ~]# tcpdump-nn-i ens33 Port 22

Exclude port Usage

[[email protected] ~]# tcpdump-nn-i ens33 not Port 22

Specify the port, specify the host IP

[Email protected] ~]# tcpdump-nn-i ens33 Port and host 192.168.189.128

Packet specified length, specified number, stored on a file

For example, specify a length of 100.

[Email protected] ~]# tcpdump-nn-i ens33-c 100-w/tmp/1.cap

In the process of grasping the package, it is relatively slow, similar to the suspended state. At this point, you can open a new terminal.

If the terminal does not generate some data flow, then it will not produce so many packets.

For example, when using tcpdump to view the packet, it is actually in the traffic generated data flow, so there is a packet generation, this is an internal loop.

If this terminal does not produce any data and does not produce any information, then it does not have any packets. The data packet is generated, and the screen (the paused interface) naturally has the data. So open a new terminal and use the new terminal to generate the packet so you can continue to grab the packet.

Grab the package Success tips,

Data Packet 1.cap

Use #file to view properties, not cat view, because this is the information that the network card captures, in fact it is a real communication packet information, rather than text format.

Read data stream (the data inside the packet is called the data stream), need to use #tcpdump-r/tmp/1.cap

[Email protected] ~]# File/tmp/1.cap

/tmp/1.cap:tcpdump capture File (Little-endian)-version 2.4 (Ethernet, capture length 262144)

#wireshark Tools

10.6-10.10 Monitoring IO Performance free Command PS Command View Network Linux under Grab Bag