For system and network administrators, it is a heavy task to monitor and debug the performance of Linux systems on a daily basis. After 5 years working as an administrator in the IT field as a Linux system, I gradually realized how difficult it was to monitor and keep the system up and running. For this reason, we have written a list of the 18 most commonly used command-line tools that will help each Linux/unix system administrator work. These command-line tools can be used under a variety of Linux systems and can be used to monitor and find the cause of performance problems. This list of command-line tools provides enough tools to pick and choose the tools for your monitoring scenario.
1.top-linux Process Monitoring
The top command under Linux is a performance Monitor that many system administrators often use to monitor Linux performance, and this command is available in many Linux or Unix-like operating systems. The top command is used to display all live processes that are running and active in a certain order, and the display results are updated periodically. This command shows CPU usage, memory usage, swap memory usage size, cache usage size, buffer usage size, process PID, commands used, and more. It can also show the memory and CPU usage of the running process. For system administrators, the top command is a very useful one that can be used to monitor the system and take the correct processing action when needed. Let's take a look at the top command in action.
# Top
For more examples of top commands, read the following 12 examples of using the top command in Linux.
2. vmstat– Virtual Memory Statistics
The Linux VmStat command is used to display statistics for virtual memory, kernel threads, disks, system processes, I/O blocks, interrupts, CPU activity, and so on. By default, the Vmstat command is not available under the Linux system, and you need to install a Sysstat package that contains the Vmstat program. Common uses of the command format are:
- [Email protected] ~]# Vmstat
- procs-----------Memory-------------Swap-------io------System-------CPU-----
- R b swpd free buff cache si so bi bo in CS us sy ID WA St
- 0 0 0 105368 90900 257588 0 0 9 33 4 11 2 0 97 0 0
For more vmstat examples, please read: 6 vmstat command instances under Linux
3.lsof-to list open files
In many Linux or Unix-like systems, there are lsof commands, which are often used to display all open files and processes in the form of a list. Open files include disk files, network sockets, pipelines, devices, and processes. One of the main scenarios for using this command is when you cannot mount a disk and display an error message that you are using or opening a file. With this command, you can easily see which file is in use. The most common format for this command is as follows:
- # lsof
- COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
- Init 1 root cwd DIR 104,2 4096 2/
- Init 1 root RTD DIR 104,2 4096 2/
- Init 1 root txt REG 104,2 38652 17710339/sbin/init
- Init 1 root mem REG 104,2 129900 196453/lib/ld-2.5.so
- Init 1 root mem REG 104,2 1693812 196454/lib/libc-2.5.so
- Init 1 root mem REG 104,2 20668 196479/lib/libdl-2.5.so
- Init 1 root mem REG 104,2 245376 196419/lib/libsepol.so.1
- Init 1 root mem REG 104,2 93508 196431/lib/libselinux.so.1
- Init 1 root 10u FIFO 0,17 953/dev/initctl
For more information on the use and examples of LSOF commands, refer to the following 10 examples of using the lsof command in Linux.
4.tcpdump-Network Packet Analyzer
Tcpdump is one of the most widely used network packet analyzers or packet monitoring programs that capture or filter TCP/IP packets that are received or transmitted on a specified interface on a network. It also has an option to save the captured package to a file for later analysis. In almost all major Linux releases, tcpdump can be used.
- # tcpdump-i Eth0tcpdump:verbose output suppressed, use-v OR-VV for full protocol decode
- Listening on eth0, Link-type EN10MB (Ethernet), capture size bytes
- 22:08:59.617628 IP tecmint.com.ssh > 115.113.134.3.static-mumbai.vsnl.net.in.28472:p 2,532,133,365:2,532,133,481 ( ) Ack 3561562349 win 9648
- 22:09:07.653466 IP tecmint.com.ssh > 115.113.134.3.static-mumbai.vsnl.net.in.28472:p 116:232 ($) Ack 1 win 9648
- 22:08:59.617916 IP 115.113.134.3.static-mumbai.vsnl.net.in.28472 > Tecmint.com.ssh:. Ack, Win 64347
For more information about tcpdump usage, see the following 12 examples of using the Tcpdump command in Linux.
5.netstat-Network Status statistics
Netstat is a command-line tool for monitoring packet and network interface statistics for incoming and outgoing networks. It is a very useful tool that system administrators can use to monitor network performance, locate and troubleshoot network-related issues.
- # Netstat-a | Moreactive Internet connections (servers and established)
- Proto recv-q send-q Local address Foreign address state
- TCP 0 0 *:mysql *:* LISTEN
- TCP 0 0 *:sunrpc *:* LISTEN
- TCP 0 0 *:REALM-RUSD *:* LISTEN
- TCP 0 0 *:ftp *:* LISTEN
- TCP 0 0 Localhost.localdomain:ipp *:* LISTEN
- TCP 0 0 localhost.localdomain:smtp *:* LISTEN
- TCP 0 0 localhost.localdomain:smtp localhost.localdomain:42709 time_wait
- TCP 0 0 localhost.localdomain:smtp localhost.localdomain:42710 time_wait
- TCP 0 0 *:http *:* LISTEN
- TCP 0 0 *:ssh *:* LISTEN
- TCP 0 0 *:https *:* LISTEN
For more examples of Netstat, see: Linux Under 20 examples using the netstat command.
6. Htop–linux Process Monitoring
Htop is a very advanced interactive real-time Linux process monitoring tool. It is very similar to the top command, but it has richer features such as user-friendly management of processes, shortcut keys, vertical and horizontal display of processes, and so on. Htop is a third-party tool that is not included in a Linux system and you need to use the Yum Package management tool to install it.
CentOS Command installation: Yum install Htop, for more information on installation, please read below.
# Htop
For htop installation, read: Install Htop on Linux (Linux process monitoring)
7.iotop-Monitoring Linux disk I/O
The Iotop command is also very similar to the top command and the Htop program, but it has the ability to monitor and display real-time disk I/O and process statistics. This tool is useful when you are looking for specific processes and lots of disk read and write processes.
CentOS Command installation: Yum install Iotop
# Iotop
For information on how to install and use Iotop, please read: Install Iotop under Linux.
8.iostat-Input/Output statistics
Iostat is a simple tool for collecting statistics on the input and output status of display system storage devices. This tool is often used to track performance issues with storage devices, including devices, local disks, and remote disks, such as using NFS.
- # Iostat
- Linux 2.6.18-238.9.1.el5 (tecmint.com) 09/13/2012
- AVG-CPU:%user%nice%system%iowait%steal%idle
- 2.60 3.65 1.04 4.29 0.00 88.42
- Device:tps blk_read/s blk_wrtn/s Blk_read Blk_wrtn
- cciss/c0d0 17.79 545.80 256.52 855159769 401914750
- CCISS/C0D0P1 0.00 0.00 0.00 5459 3518
- CCISS/C0D0P2 16.45 533.97 245.18 836631746 384153384
- CCISS/C0D0P3 0.63 5.58 3.97 8737650 6215544
- CCISS/C0D0P4 0.00 0.00 0.00 8 0
- CCISS/C0D0P5 0.63 3.79 5.03 5936778 7882528
- CCISS/C0D0P6 0.08 2.46 2.34 3847771 3659776
For more information on iostat usage and examples, please visit the following 6 examples of Linux using the Iostat command.
9.iptraf-real-time LAN IP monitoring
Iptraf is an open source real-time network (LAN) monitoring application running on the Linux console. It collects a lot of information, such as IP traffic monitoring over the network, including TCP tokens, ICMP details, TCP/UDP traffic separation, TCP connection packets, and bytes. It also collects common information and details about the state of the interface: TCP, UDP, IP, ICMP, non-IP,IP checksum error, interface activity, and so on.
For more information about Iptraf tool usage and more, visit: Iptraf Network monitoring tool.
Psacct or acct– monitoring user activity
PSACCT or Acct tools are used to monitor the activity status of each user in the system. These two service processes run in the background, and they are closely monitored for all activities of each user running on the system, while also monitoring the resources used by these activities.
The system administrator can use these two tools to track each user's activity, such as what the user is doing, how many resources they are using, how much time they have spent on the system, and so on.
For examples of installation and usage of these commands, see the article: Monitor user activity with PSACCT or acct.
11.monit–linux process and service monitoring tools
Monit is a free open source software and a web-based process monitoring tool. It can automatically monitor and manage system processes, programs, files, folders, permissions, sum verification codes and file systems.
This software can monitor services like Apache, MySQL, Mail, FTP, ProFTP, Nginx, SSH, and so on. You can use the command line or the network excuse provided by this software to view the status of the system.
For more information, see: Monitoring Linux processes with Monit
12.nethogs-monitoring the network bandwidth used by each process
Nethogs is a very small program of Open source code (similar to the top command under Linux), which closely monitors the network activity of each process on the system. It also tracks the real-time network bandwidth used by each program or application.
Bandwidth monitoring under the Nethogs:linux
For more information, see: Using Nethogs to monitor network bandwidth usage for Linux.
13.iftop-Monitoring network bandwidth
Iftop is another open source system monitoring application running in the console that shows a list of application network bandwidth usage (source host or destination host) on the system over the network interface, which is updated periodically. Iftop is used to monitor network usage, while ' top ' is used to monitor CPU usage. Iftop is a member of the ' top ' tool family that monitors the selected interface and displays the current network bandwidth usage among the two hosts.
iftop-Monitor network bandwidth.
For more information, see: iftop-Monitoring the usage of network bandwidth.
monitorix-System and Network monitoring
Monitorix is a free lightweight application tool designed to run and monitor Linux/unix server systems and resources. It has an HTTP Web server that has a regular collection of information about the system and the network and displays it graphically. It monitors the average load and usage of the system, memory allocations, disk health, system services, network ports, message statistics (SENDMAIL,POSTFIX,DOVECOT, etc.), MySQL statistics, and so on. It is used to monitor the overall performance of the system to help detect errors, bottlenecks, and abnormal activity.
arpwatch– Ethernet Activity Monitor
The Arpwatch is designed to monitor Ethernet address resolution (changes in Mac and IP addresses) on Linux. He continuously monitors Ethernet activity for a period of time and outputs a log of changes in IP and MAC address pairs. It can also send an email notification to an administrator, alerting you to an increase in address pairing. This is useful for detecting ARP attacks on a network.
For more information, see: Arpwatch to Monitor Ethernet Activity
suricata– Network Security Monitoring
Suricata is an open source high-performance network security, intrusion detection and anti-monitoring tool that can run on Linux, FreeBSD, and Windows. Nonprofit organization OISF (Open Information Security Foundation) develops and owns its copyrights.
For more information, see: Suricata–a Network intrusion Detection and prevention System
Vnstat php– Network traffic monitoring
Vnstat PHP is a web-based front-end rendering of popular web Tools "Vnstat". Vnstat PHP presents the network usage in a beautiful graphical interface. He can display upload and download traffic in hours, days, months, and output summary reports.
For more information, see: Vnstat php–monitoring Network Bandwidth
nagios– Network/server monitoring
Nagios is a leading and powerful open source monitoring system that allows network/system administrators to identify and resolve problems before they affect normal business. With the Nagios system, administrators can remotely detect Linux, Windows, switches, routers, and printers within a single window. It can warn of danger and indicate whether there is an exception to the system/server, which can indirectly help you to take rescue measures before the problem occurs.
18 command-line tools for Linux performance monitoring