A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
Daily monitoring and debugging of Linux system performance is a heavy task for the system and network administrators. Five years after working as a Linux system administrator in the IT field, I gradually realized how difficult IT is to monitor and keep the system up and running. For this reason, we have compiled the list of 18 most commonly used command line tools that will help every Linux/Unix system administrator. These command line tools can be used in various Linux systems to monitor and find the causes of performance problems. This command line tool list provides enough tools for you to select a tool suitable for your monitoring scenario.1. Top-Linux process monitoring
The Top command in Linux is a performance monitoring program, which is often used by many system administrators to monitor Linux performance.Linux or Unix-likeThis command is available in the operating system. The Top command is used to display all running and active real-time processes in a certain order, and regularly update the display results. This command showsCPU usage, memory usage, swap memory usage, cache usage, buffer usage, process PID, command usedAnd others. It can also display the memory and CPU usage of running processes. For the system administrator, the top command is very useful. it can be used to monitor the system and take correct actions when necessary. Let's take a look at the top command in practice.
Top command example
For more examples of Top commands, see: 12 examples of using the Top command in Linux.2. VmStat-virtual memory statistics
LinuxVmStatCommand for displayVirtual memory,Kernel thread,Disk,System process,I/O Block,Interrupted,CPU activity. By default, the vmstat command is unavailable in Linux. you need to installSysstatSoftware package. Common usage of command format is:
# vmstatprocs -----------memory---------- ---swap-- -----io---- --system-- -----cpu----- r b swpd free inact active si so bi bo in cs us sy id wa st 1 0 0 810420 97380 70628 0 0 115 4 89 79 1 6 90 3 0
For more examples of vmstat, see:6. Vmstat command instance in Linux3. Lsof-List opened files
In many Linux or Unix-like systems, lsof commands are commonly used to display all open files and processes in a list. Open files includeDisk files, network sockets, pipelines, devices, and processes. One of the main cases of using this command is when the disk cannot be mounted and an error message is displayed that is in use or a file is opened. Using this command, you can easily see which file is being used. The most common format of this command is as follows:
# lsofCOMMAND PID USER FD TYPE DEVICE SIZE NODE NAMEinit 1 root cwd DIR 104,2 4096 2 /init 1 root rtd DIR 104,2 4096 2 /init 1 root txt REG 104,2 38652 17710339 /sbin/initinit 1 root mem REG 104,2 129900 196453 /lib/ld-2.5.soinit 1 root mem REG 104,2 1693812 196454 /lib/libc-2.5.soinit 1 root mem REG 104,2 20668 196479 /lib/libdl-2.5.soinit 1 root mem REG 104,2 245376 196419 /lib/libsepol.so.1init 1 root mem REG 104,2 93508 196431 /lib/libselinux.so.1init 1 root 10u FIFO 0,17 953 /dev/initctl
For more information about the lsof command usage and examples, see: 10 examples of using lsof commands in Linux.4. Tcpdump-network package analyzer
TcpdumpIs the most widely usedNetwork package analyzer or package monitoring programIt is used to capture or filter received or transmitted by a specified interface on the network.TCP/IPPackage. It also has an option to save the captured package to the file for later analysis. Tcpdump can be used in almost all major Linux releases.
# tcpdump -i eth0tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes22:08:59.617628 IP tecmint.com.ssh > 188.8.131.52.static-mumbai.vsnl.net.in.28472: P 2532133365:2532133481(116) ack 3561562349 win 964822:09:07.653466 IP tecmint.com.ssh > 184.108.40.206.static-mumbai.vsnl.net.in.28472: P 116:232(116) ack 1 win 964822:08:59.617916 IP 220.127.116.11.static-mumbai.vsnl.net.in.28472 > tecmint.com.ssh: . ack 116 win 64347
For more information about tcpdump usage, see: 12 examples of using the Tcpdump command in Linux.5. Netstat-network status Statistics
Netstat isInbound and outbound networksPackage and command line tools for network interface statistics. It is a very useful tool that the system administrator can use to monitor network performance, locate and solve network problems.
# netstat -a | moreActive Internet connections (servers and established)Proto Recv-Q Send-Q Local Address Foreign Address Statetcp 0 0 *:mysql *:* LISTENtcp 0 0 *:sunrpc *:* LISTENtcp 0 0 *:realm-rusd *:* LISTENtcp 0 0 *:ftp *:* LISTENtcp 0 0 localhost.localdomain:ipp *:* LISTENtcp 0 0 localhost.localdomain:smtp *:* LISTENtcp 0 0 localhost.localdomain:smtp localhost.localdomain:42709 TIME_WAITtcp 0 0 localhost.localdomain:smtp localhost.localdomain:42710 TIME_WAITtcp 0 0 *:http *:* LISTENtcp 0 0 *:ssh *:* LISTENtcp 0 0 *:https *:* LISTEN
For more examples of Netstat, see: 20 examples of using the Netstat command in Linux.6. Htop-Linux process monitoring
HtopIs a very advanced interactive real-time linux process monitoring tool. It is very similar to the top command, but it has more features, such as user-friendly management of processes, shortcut keys, vertical and horizontal display processes and so on. Htop is a third-party tool that is not included in the linux system. you need to install it using the YUM package management tool. For more information about installation, see the following.
Htop command example
For Htop installation, read: install Htop in Linux (Linux process monitoring)7. Iotop-Linux disk monitoring I/O
IotopThe command is also very similarTopCommandAndHtop programBut it has monitoring and display real-timeDisk I/O and processes. This tool is useful when searching for specific processes and using a large number of disk read/write processes.
Iotop command example
For more information about how to install and use iotop, see: Install Iotop in Linux.8. Iostat-input/output statistics
IostatIs a storage device used to collect and display systems.Input and outputA simple tool for status statistics. This tool is often used to track the performance of storage devices, includingDevices, local disks, and remote disks such as NFS.
# iostatLinux 2.6.18-238.9.1.el5 (tecmint.com) 09/13/2012avg-cpu: %user %nice %system %iowait %steal %idle 2.60 3.65 1.04 4.29 0.00 88.42Device: tps Blk_read/s Blk_wrtn/s Blk_read Blk_wrtncciss/c0d0 17.79 545.80 256.52 855159769 401914750cciss/c0d0p1 0.00 0.00 0.00 5459 3518cciss/c0d0p2 16.45 533.97 245.18 836631746 384153384cciss/c0d0p3 0.63 5.58 3.97 8737650 6215544cciss/c0d0p4 0.00 0.00 0.00 8 0cciss/c0d0p5 0.63 3.79 5.03 5936778 7882528cciss/c0d0p6 0.08 2.46 2.34 3847771 3659776
For more information about iostat usage and examples, visit: Six examples of using the iostat command in Linux.9. IPTraf-real-time lan ip monitoring
IPTrafIsLinuxReal-time Open-source network (Lan) Monitoring applications. It collects a large amount of information, such as network IP traffic monitoring, including TCP tag, ICMP details, TCP/UDP traffic separation, TCP connection packets, and number of nodes. It also collects common information and details about the interface status: TCP, UDP, IP, ICMP, non-IP, IP checksum and error, and interface activity.
IP traffic monitoring
For more information about IPTraf usage, visit:IPTraf network monitoring tool.10. psacct or acct-monitor user activity
The psacct or acct tool is used to monitor the activity status of each user in the system. These two service processes run in the background, which closely monitors all activities of each user running on the system, and also monitors the resources used by these activities.
The system administrator can use these two tools to track the activities of each user, such as what the user is doing, what commands they have submitted, and how many resources they have used, how long have they been on the system.
For installation and usage examples of these commands, see the article: Use psacct or acct to monitor user activities.11. Monit-Linux process and service monitoring tools
Monit is a free open-source software and a network-based process monitoring tool. It automatically monitors and manages system processes, programs, files, folders, permissions, sum verification codes, and file systems.
This software monitors services such as Apache, MySQL, Mail, FTP, ProFTP, Nginx, and SSH. You can view the system status through the command line or the network excuse provided by the software.
Monit Linux system monitoring
For more information, see monitor Linux processes with Monit.12. NetHogs-monitor the network bandwidth used by each process
NetHogsIs a small program with open source code (withTop CommandIt closely monitors the network activity of each process on the system. It also tracks the real-time network bandwidth used by each program or application.
NetHogs: Linux bandwidth monitoring
For more information, see:Use NetHogs to monitor Linux network bandwidth usage.13. iftop-monitoring network bandwidth
IftopIs another open-source system monitoring application running on the console. it displays the list of application network bandwidth usage (source host or target host) through network interfaces on the system. This list is updated on a regular basis. Iftop is used to monitor network usage, while'Top'Monitors CPU usage. Iftop is'Top'A member of the tool series, used to monitor the selected interface and display the current network bandwidth usage between two hosts.
Iftop-monitor network bandwidth.
For more information, see:Iftop-monitors network bandwidth usage.
14 Monitorix-system and network monitoring
Monitorix is a free lightweight application tool designed to run and monitor Linux/Unix server systems and resources. It has an HTTP network server which regularly collects system and network information and displays it in a graphical form. It monitors the average load and usage of the system, memory allocation, disk health status, system services, network ports, Mail statistics (Sendmail, Postfix, Dovecot, etc.), MySQL statistics, and so on. It is used to monitor the overall performance of the system and help identify errors, bottlenecks, and abnormal activities.15. Arpwatch-Ethernet Activity Monitor
ArpwatchDesigned to monitor Ethernet Address Resolution on Linux (MACAndIPAddress changes ). He continuously monitors Ethernet activity for a period of time and outputs logs of paired changes of IP and MAC addresses. It can also send email notifications to the administrator to warn about the addition and modification of address pairs. This is useful for detecting ARP attacks on the network.
For more information, see: Arpwatch to Monitor Ethernet Activity16. Suricata-Network security monitoring
SuricataIs an open-source high-performance network security, intrusion detection and anti-monitoring tool that can run Linux, FreeBSD, and Windows. Non-profit organizationsOISF(Open Information Security Foundation) Development and copyright.
For more information, see: Suricata-A Network Intrusion Detection and Prevention System17. VnStat PHP-network traffic monitoring
VnStat PHPIs a web-based front-end rendering of the popular network tool "vnstat.VnStat PHPDisplay Network usage in a beautiful graphic interface. It displays the upload and download traffic by hour, day, and month, and outputs the summary report.
For more information, see: VnStat PHP-Monitoring Network Bandwidth18. Nagios-network/server monitoring
Nagios is a leading and powerful open-source monitoring system that allows network/system administrators to discover and solve problems before they affect normal services. With Nagios, administrators can remotely detect Linux, Windows, switches, routers, and printers in a single window. It can warn and identify system/server exceptions, which indirectly helps you to take rescue measures before the problem occurs.
For more information, see: Install Nagios Monitoring System to Monitor Remote Linux/Windows Hosts
We want to know: what monitoring program are you using to monitor the performance of Linux servers? If we miss the tool you think is important, please let us know in the comments and don't forget to share it!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service