Procs columns:
R column: Indicates the number of processes running and waiting for the CPU time slice, if this value is longer than the number of system CPU cores, indicating that the CPU is low, and that the CPU is required to increase the CPU, which refers to the logical CPU
To view the total CPU cores:
Column B indicates the number of processes waiting on the resource
Memory column:
SWPD: Is the amount of memory switched to the swap partition (in k), if the SWPD value is not 0, or larger, as long as Si so is 0, does not affect system performance
Free indicates the amount of physical memory in the current space (in K)
Buff represents the amount of memory buff Chache, generally read and write to the block device to buffer
The cache represents the amount of memory in page cached, which is generally used as the file system's cached, and frequently accessed files are put into cached, which releases when physical memory is too small or not enough to be used.
Swap columns:
Si: The size of memory written by the swap partition per second
So: the size of the swap partition written by memory per second
If the memory is sufficient, the swap partition writes and writes out to 0, only if the two values are longer than 0, indicating that the system memory is insufficient.
IO columns:
BI: Represents the total amount of data read from a block device (that is, read disk) (block/s)
BO: Indicates the total amount of data written to the block settings (that is, write disk) (block/s)
System column: Shows the number of interrupts that occurred during the acquisition interval
The in column indicates the number of device interrupts per second observed within a certain time interval
The CS column represents the number of context switches produced per second
If these two values are larger, it means the kernel consumes more CPU
CPU column: Shows the CPU usage status
US: The percentage of time that the user process consumes the CPU, and if it is longer than 50%, the optimizer algorithm needs to be optimized
SY: Shows the percentage of time that the system (kernel) process consumes the CPU, and if it is greater than 80%, it may not have enough CPU resources
ID: Shows the percentage of CPU idle time
WA: Shows the percentage of CPU time consumed by IO waits, and if it is longer than 20%, there is a problem
Optional parameters and extensions:
| parameter Options | Explanatory notes |
|---|---|
| -A | Show active and inactive memory |
| -F | Shows the number of fork processes since the system started |
| -M | Show Slab Information |
| -N | Displays the name of a field only once at the beginning |
| -S | Displays memory-related statistics and number of system activities (emphasis) |
| -D | Display disk-related statistics |
| -P | Display specified disk partition statistics |
| -S | Display with specified units, with K,k,m,m, representing 1000,1024,1000000,1048576 bytes, default unit K (emphasis) |
| -T | Statistical information with time stamp |
Example 1
3 indicates a 3-second interval
5 indicates 5 times
Inact indicates non-active memory size
Active indicates a memory size
Example 2 showing memory details
Example 3 viewing disk read/write
Iostat is an abbreviation for I/O statistics (input/output), and its main function is to monitor the system disk I/O operation, which mainly shows the statistics of disk read and write operations, and also gives the CPU usage.
Syntax format
Iostat [Options] [time interval [times]]
| parameter Options | Explanatory notes |
|---|---|
| -C | Show CPU Usage |
| -D | Show disk usage |
| -K | Display data in kilobytes per second |
| -M | Display data in megabytes per second |
| -N | Show Usage of NFS |
| -T | Displays the time of each statistic execution |
| -P Device | Specifies the disk device name to be counted, which defaults to all disks |
| -X | Show extended statistics |
%user: Percentage of CPU time consumed by user processes
%nice: The percentage of CPU time that the process that changed the priority takes
%system: Percentage of CPU time consumed by the system kernel process
Percentage of CPU time in%iowait:io wait
%steal: Percentage of virtual machine Force CPU wait Time
%IDLE:CPU idle state percent of time
TPS: Indicates the number of transmissions per second, one transmission means one I/O request, and multiple logical requests may be merged into one I/O request
BLK_READ/S: Indicates the number of data blocks read per second
BLK_WRTN/S: Indicates the number of data blocks written per second
Blk_read: Indicates the number of blocks read
BLK_WRTN: Indicates the number of blocks written
Show only disk information
RRQM/S: Number of read operations per second for merge
WRQM/S: Write operation data for merge per second
R/S: Number of Read I/O devices completed per second
W/S: Number of write I/O devices completed per second
RKB/S: Number of kilobytes read in per second
WKB/S: The number of kilobytes written per second
AVGRQ-SZ: The data size (sector) of the average device per I/O operation
Avgqu-sz: Average I/O Queue Length
Await: Average wait time per I/O operation for the device
SVCTM: Average wait time per I/O operation for the device
%util: Percentage of I/O operations per second
Uptime (option)
-V Displays version information for the instruction
Instance
Content Description:
15:07:32 current time of the system
Up 14min, indicating the time the system has been running
1 user indicates the number of links, which is the total number of links
Load average represents system average load, statistics last 1, 5, 15 min average load
The average load of a system is the average number of processes that run the queue at a specific time.
If the current number of active processes per CPU core is not greater than 3. Indicates that the system performance is good and if it is greater than 5, there is a serious performance problem
SAR Collection System InformationWith the SAR command, you can get full CPU, run queue, disk I/O, paging (swap area), memory, CPU interrupt and network performance data.
Syntax format
SAR [options] [time interval [times]]
Description
In the SAR command and subsequent options, there must be at least one space between each element
Parameter description
| parameter Options | Explanatory notes |
|---|---|
| -A | Shows the operation of all resource devices on the system |
| -U | Displays the load status of all CPUs in the system over the sampling time |
| -P | Displays the usage of the specified CPU in the current system |
| -D | Displays the usage of all hard disk devices during sample time |
| -R | Displays system memory usage during sample time |
| -B | Displays the buffer usage over the sample time |
| -V | Displaying the status of Index nodes, files, and other kernel tables |
| -N | Show Network operational status |
| -Q | Displays the size of the run queue, which is the same as the current average load on the system |
| -R | Shows the activity of the process over the sample time |
| -W | Displays the state of the system swap activity during the sampling time |
Install packages
To view CPU-related information:
Kbmemfree: Free Physical Memory
Kbmemused: The amount of physical memory in use
%memused: Usage of physical memory
Kbbuffers: The amount of physical memory used as a buffer in memory
Kubcached: The amount of physical memory used in the kernel as a cache
%xommit: Percentage of usage of the current memory size of the application
Display the usage of the buffer:
TPS: Total I/O transfers per second for physical devices
Rtps: Total amount of data read from physical devices per second
Wtps: The total amount of data written to the physical device per second
BREAD/S: The amount of data that is read from the physical device per second, in blocks/s.
BWRTN/S: The amount of data written to the physical device per second, in the same unit
Show the running status of the network
IFACE: Network interface
RXPCK/S: Packets Received per second
TXPCK/S: Packets Sent per second
rxkb/s: Number of bytes accepted per second
txkb/s: Number of bytes sent in seconds
RXCMP/S: Compressed packets received per second
TXCMP/S: Compressed packets sent in seconds
RXMCST/S: Multicast packets received per second
Display statistics for network errors
IFACE: Network interface
RXERR/S: Bad packets received per second
TXERR/S: Bad packets that occur every second
COLL/S: Number of collisions per second
RXDROP/S: The number of packets that have been received per second because the buffer is full
TXDROP/S: Because the buffers are full. Discards the number of packets that have been sent per second
TXCARR/S: The number of carrier errors per second when sending packets
RXFRAM/S: The number of frames per second that receive packets to their errors
RXFIFO/S: Number of errors received per second FIFO over-speed
TXFIFO/S: The number of errors sent by the FIFO over-speed of the packets per second.
Display socket Information
TOTSCK: Total number of sockets used
TCPSCK: Number of TCP sockets used
UDPSCK: Number of UDP sockets used
RAWSCK: Number of raw sockets used
Ip-frag: Number of IP segments used
TCP-TW: Number of TCP sockets in Time_wait state
View system disk read and write performance
DEV: Indicates the disk device name
TPS: Indicates the number of transmissions per second of the device
RD_SEC/S: Indicates the number of sectors read from the device per second
WR_SEC/S: Indicates the number of sectors written to the device per second
AVGRQ-SZ: The data size (sector) of the average device per I/O operation
Avgqu-sz: Average I/O Queue Length
Await: Average wait time (in milliseconds) per I/O operation for the device
SVCTM: Average service time per I/O operation for the device (MS)
%util: Percent per second for I/O operations
The tcpdump command is a packet analysis tool that intercepts network packets, and tcpdump can intercept the [head] of the packets transmitted in the network, which supports filtering of the network layer, protocol, host, port, etc., and supports and/or non-logical statements to assist in filtering valid information.
The tcpdump command is to switch the operating mode of the network card to promiscuous mode, because you want to modify the operating mode of the interface, so the tcpdump command needs to run as root
tcpdump [options] [expression]
Parameter description
| parameter Options | Explanatory notes |
|---|---|
| -A | Displays each packet in ASCII mode, which can be viewed when the packet is crawled |
| -C < number of packets > | Exit command after accepting the specified number of packets |
| -E | The Data link layer header information for the packet will be included in the printout of each row |
| -I < network interface > | Specify the network interface to listen for packets |
| -N | No DNS resolution for faster display |
| -nn | Do not convert protocol and port numbers to names |
| -Q | Run in a fast way, this option displays only the protocol profile for the packet, and the output information is short |
| -s < packet size > | Set the packet fetch length, default to 68 bytes if not set, and set to 0 to automatically select the appropriate length to crawl the packet |
| -T | Timestamp tags are not displayed in output information per row |
| -tt | Shows the delay of the current line and the previous row |
| -tttt | Add a date before the timestamp for each line printed |
| -V | Show details of command execution |
| -vv | Display more detailed information than the-v option |
| -vvvv | Show more trusted output |
1 Installing Tcpdump
Instance:
-I specifies the port to listen on
-c Specifies the number of listening packets
16:52:50 current time, accurate to microseconds
IP 192.168.3.21.54680 > Server6.ssh: Information from specific packets and > Representation of Flow
flags[.]: Flag information in TCP packets, S is an abbreviation for the SYN Flag, F (FIN), P (PUSH), R (RST), [.] No tag
SEQ: Sequence number of data in a packet
ACK: The next expected order number
Win: Accept the cached window size
Length: Packet lengths
Listen for fixed IP addresses
Listen for fixed port numbers
Listen for packets for the specified protocol
Common protocols: Ip,arp, ICMP, TCP, UDP, etc.
Network detection Tool/Port scanner
Nmap command is an open-source network detection and security Audit tool, is the abbreviation of Networks Mapper, the design goal I is to quickly scan large networks, Nmap can find those hosts on the network, what the host provides services, and detect the type of operating system and version information
Software Installation
Nmap [Scan type] [common options] {scan target}
The scan target can be an IP address or subnet address, etc.
Parameter description
| parameter Options | Explanatory notes |
|---|---|
| , S2 | TCP synchronous Scan TCP SYN) |
| -st | TCP link Scan |
| -sn | No port scan, just check that the host is running, this option is the same as the boss does not-sp |
| -su | Scan UDP ports |
| -sv | Probe Server version Information |
| -pn | Scan only, do not ping the host |
| -ps | Scan target host with SYN packet, default is 80 port, can specify port, format-ps22 or-ps22-25,80,53, no space between PS and port number |
| -pu | Using UDP ping to scan ports |
| -O | Activates the scan of the TCP/IP fingerprint feature to obtain the remote host's flag, which is the operating system type |
| -V | Show detailed information about the scanning process |
| -S <ip> | Set the source IP address of the scan |
| -G Port | Set the source port for the scan |
| -on | Redirect the results of the scan to a file |
| -il filename | Read the scanned target from the file |
| -p< Port > | Specify the port to scan, either as a separate port or as multiple ports separated by commas, or use "_" to indicate the port range |
| -N | No DNS resolution, faster scan speed |
| --exclude | Exclude a specified host |
| --excludefile | Exclude hosts in the specified file |
To view the ports currently open by the host
Scan a specific port for a host
Scan a network segment
The ping command can be used to test the network connectivity between hosts, and the ping command uses the ICMP transport protocol to send messages requesting a response, and if there is no problem with the remote network function, the message will be returned.
ping [options] [target host]
| parameter Options | Explanatory notes |
|---|---|
| -C < times > | Specifies the number of times an ICMP message is sent, otherwise it will be sent |
| -I < time interval > | The interval between two consecutive delivery times, the default time interval is 1s |
| -N | Do not query host name, directly display IP address |
| -Q | Displays only the information at the beginning of the command and the statistics at the end of the run, ignoring the information that appears during the command run |
| -s< Packet Size > | Sets the size of the sending packet, with a default size of 56 bytes, plus 8 bytes of ICMP header, which is a total of 64 bytes ICMP packets |
| -T < lifetime > | Sets the value of the sent Packet's lifetime (TLL) |
| -W Cutoff time | Exit the ping program immediately after the cut-off time |
| -W Time-out | Wait for the appropriate time-out |
-C 3: Send ICMP packets 3 times
-I 3:3s each time the contract is contracted
-S 1024: Set the sent packet size to 1024 bytes
-T 220, set the TTL value of the sending packet to 220
The top command is used to monitor the state of the system's processor in real time, and it can display the resource consumption of each process in real-time, according to CPU usage, memory usage and execution time to sort the tasks of the system, and the top command can be displayed by interactive command.
Top [Options]
Followed by command
| parameter Options | Explanatory notes |
|---|---|
| -B | The process information is displayed in batch mode, the output can be transferred to another program or written to a file, in which case the top command will not accept any input, and one-stop operation until it reaches the threshold value set by the-n option, or CTRL + C terminates |
| -C | Displays the entire command path of the process, not just the command name |
| -D | Specify the time interval between refresh of screen information every two times |
| -H | Specifies that this can show the situation for each thread, otherwise the overall situation of the process |
| -I. | Do not display idle or zombie process information |
| -N | Number of updates to top output information |
| -P | Displays the specified process information |
Interactive commands
Interactive commands are some of the commands that are used during the execution of the top command:
| Interactive Commands | meaning |
|---|---|
| H or? | Display Help information and give some summary of the interactive commands |
| Z | Global color settings |
| B | Global font Bold settings |
| L (lowercase L) | Toggles whether the average load and start time information is displayed |
| T | Toggles whether to display process and CPU status information |
| M | Toggle whether memory information is displayed |
| 1 (number 1) | For multi-core CPU monitoring to monitor the health of each logical CPU |
| I | Irix/sokaris mode |
| F | Add or remove items from the current display list, press the "F" key to display a list of columns, press "A-Z" key to show or hide the corresponding column, and then press ENTER to determine |
| O | The table top output information shows the order of items, a-z key by case can move the corresponding column to the right, while the uppercase A-Z key can move the corresponding column to the left, and then press ENTER to determine |
| F or O | Select a sorted column |
| <,> | Moves the selected sorted column. ' < ' Select Left Pro column sort, ' > ' Select Right Pro column sort |
| R | Toggle Normal/reverse order |
| H | Toggle whether thread information is displayed |
| C | Toggle is sufficient to display full command line and command name information |
| I | Toggle is enough to show idle processes and zombie processes |
| S | Switch to cumulative mode |
| X | Sort the corresponding columns in a highlighted form, using a combination of b/z |
| Y | Highlight running processes that need to be used in conjunction with b/z |
| Z | Turn color on/off |
| B | Open/Close Bold |
| U | Display process information related to the specified user |
| N or # | Set the maximum number of rows to display a process |
| K | Terminates a process, prompting the user to enter a PID to terminate the process |
| R | Reset the priority of a process, prompting the user to enter a process PID that needs to be changed, and the priority value that needs to be set, entering a positive number to lower the priority, or, conversely, giving the process a higher priority, the default value is 10 |
| D or S | Change the top output information two times, the system will prompt for a new time, in units of S, if it is a decimal, then converted to MS, if it is 0, the system is constantly refreshed, the default refresh time is 3s, if the setting is too small, it may cause excessive system load |
| W | Writes the current top setting to the "~/.TOPRC" file |
| Q | Exit Top Display |
Display description
First line: Task queue information, with uptime command execution results
Second line: Tasks for the task (process), the system existing process 115, in the running state of 1, is sleeping 114, stoped state 0, zombie (zombie) 0
Third line: CPU status information
US user consumption CPU ratio
Sy core consumes CPU ratio
NI has changed the priority of the process to occupy the percentage of CPU
The percentage of the ID idle CPU
WA I/O waits a percentage of CPU usage
NI hard Interrupt (hardware IRQ)% of CPU occupied
Si soft interrupt software interrupt)% of CPU occupied
The percentage of CPU that the St virtual machine occupies
Line four: Memory status
Total Physical Memory
Used amount of memory in use
Total Free Memory
Buffers amount of memory buffered
Line five: Swap swap partition information
Total Swap partition Totals
The amount of swap partitions used by the used
Free Swap partition Amount
Cached the amount of memory cached
Line six: blank line
Line seventh: Status monitoring of each process
PID: Process ID
USER: Process Owner
PR: Process Priority
Ni:nice, negative indicates high priority, positive value indicates low priority
VIRT: The total amount of virtual memory used by the process. Unit is KB
RES: The amount of physical memory that is not swapped out by the process is small, in kilobytes
SHR: Shared memory size, in kilobytes
S: Process state, d= sleep state, r= run, s= sleep, T = track/stop, z= zombie process
%cpu percentage of CPU time that was last updated to current
Percentage of physical memory used by the%MEM process
Total CPU time used by the time+ process in 1/100 seconds
Command process name (commands name/command line)
The PS command lists the process snapshots at the time of the PS command, and the top command is required for dynamic information
PS [Options]
| parameter Options | Explanatory notes |
|---|---|
| -A | Shows the processes performed under all terminals |
| A | Displays all the processes associated with the terminal, including the full path of each process |
| X | Show all processes unrelated to the terminal |
| U | Display user information for a process |
| -U | Display process information related to the specified user |
| -E | Show All Processes |
| -F | Extra display of uid,pid,c and Stime fields |
| F | Show Process Tree |
| -H | Show Process Tree |
| -I. | Displays the status of the process in a detailed format |
| -O | Custom output Specifies the fields, separated by commas |
| --sort Key | Key indicates ordering for the specified field, default to ascending, +key to ascending, and-key to descending |
PID is the identification number of the process
TTY is the terminal console that the process belongs to
The time column is the total CPU times used by the process
The CMD column is the command line that is being executed
UID: Process Owner
PID: Process identification number
PPID: Process Parent Process identification number
C:CPU Percentage of resources used
Stime: Process Start time
TTY: Which terminal the process is running on, if it is not related to the terminal, the display [?], in addition, Tty1-tty6 is the native side of the login process, if it is pts/0, it indicates that there is network connection into the host process
Duration: The total CPU time used by the process
CMD: Executing the command line
Common combination Commands
User: The users that the process belongs to
PID: Process number of the process
%cpu: Percentage of CPU that the process uses off
%MEM: The percentage of physical memory that the process occupies
VSZ: The amount of virtual memory that the process is using (unit Kbytes)
RSS: The amount of fixed memory that the process occupies (in Kbytes)
TTY: Which terminal the process is running on
STAT: The current state of the process
R: Running
S: Is sleeping or can run
D: Non-disruptive sleep
T: It's being detected or it's stopped.
Z: Has terminated, but its parent process does not terminate him properly, thus programming the zombie process
+: Foreground process
I: Multithreaded Process
N: Low-priority process
' < ': high-priority process
S: Process leader
L: The page has been locked into memory
Start: The time that the process was triggered to start
Time: The duration of the CPU operation that the process actually uses
Command: The actual commands of the process
Show process status in verbose format
Detailed parameters:
F: Represents the sign of the process, 4 represents the user as Super user.
S: Represents the status of this process as stat
C: Represents the percentage of CPU usage
PRI: Priority
Ni:nice value
ADDR: Indicates that the process is in the memory part, if it is a running, it is generally [-]
SZ: The amount of memory used
Wchan: Whether the process is currently running, if it is [-]
Terminating a process
Kill [Options] [process number]
| parameter Options | Explanatory notes |
|---|---|
| -L | List all signal names |
| -P | Specifies that the KILL command prints only the relevant process number without sending any signals |
| -S | Specify the signal to send |
Conversion between parametric signals and digital signals can be performed using the-l (lowercase l)
Common Signal Description
| Signal | Description |
|---|---|
| HUP (1) | Suspended, usually caused by a terminal drop or user exit |
| INT (2) | Interrupt, usually by pressing CTRL + C key combination to emit this signal |
| QUIT (3) | Exit, usually by pressing the crtl+\ key combination to issue this information number |
| Kill (9) | To end the run of a process immediately |
| Term (15) | Terminated, usually sent at system shutdown |
| TSTP (20) | Pauses the process to run, usually by pressing CTRL + Z key combination to emit this signal |
Kill uses the default signal of 15 to end the process, and if the process ignores this signal, it can use signal 9 to force the process to terminate.
In Kill there is a special signal value of 0, where 0 means no signal is sent, but the corresponding process will still be checked, if the $pid corresponding process already exists, then return 0, otherwise return 1
Killall terminating a process with a process name
killall [Options] [process name]
| parameter Options | Explanatory notes |
|---|---|
| -E | For very long names, it is required to match exactly, by default, if a process name is longer than 15 characters, the entire name cannot be used, in which case the killall terminates all processes that match the first 15 characters of the first name, and the-e parameter is a fuzzy match, and if the-v option is specified at the same time, Killall will print a message for each ignored record |
| -I. | Case-insensitive matching |
| -G | Terminate a process that belongs to the process group |
| -I. | Ask whether to confirm before terminating the process |
| -Q | Do not prompt if no process is terminated |
| -R | Use regular expressions to match the name of the process to terminate |
| -S | Replace the default signal with the specified signal |
| -U | Terminate a process for a specified user |
| -V | Report whether the signal was sent successfully |
| -W | Waits for all the terminated processes to die, killall every second to see if the terminated process still exists and returns only after it has been killed. |
Linux system Operations gadget
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
