Detailed Usage of Linux Operation and Maintenance Monitoring Commands

Introduction

Mastering system monitoring commands is a fundamental skill for Linux operation and maintenance. This note aims to organize and summarize commonly used monitoring commands along with their core functions and practical scenarios, facilitating quick review and learning to enhance system management and troubleshooting efficiency.

1. Comprehensive Performance Monitoring (CPU, Memory, Load)

1.top

•Core Function: Dynamically displays system process activity, CPU, memory, and other resource usage.
•Basic Usage:

•top: Start real-time monitoring.
•q: Exit.
• Interactive keys: 1 (details of each CPU core), M (sort by memory), P (sort by CPU).

•Advanced/Common Scenarios:

• End process: Press k -> Enter PID -> Enter signal (default 15, can use 9 to force).
• Filter by user: Press u -> Enter username.
• Batch mode (script/report): top -b -n 1 -o %CPU (get a snapshot sorted by CPU).

2.htop

•Core Function:top‘s enhanced version, with a more user-friendly interface and stronger interactivity.
•Basic Usage:

•htop: Start.
• Arrow keys/mouse: Select/scroll.
• Function keys: F6 (sort), F9 (send signal/kill), F4 (filter), F10/q (exit).

•Advanced/Common Scenarios:

• More intuitively filter, sort, and terminate processes than top.
• Filter by user: Press u.

3.uptime

•Core Function: Displays system uptime, number of logged-in users, and 1/5/15 minute average load (Load Average).
•Basic Usage:

•uptime: Run directly to quickly understand system load.

4.vmstat (Virtual Memory Statistics)

•Core Function: Reports detailed statistics on virtual memory, processes, I/O, and CPU activity.
•Basic Usage:

•vmstat [interval seconds] [count]: For example, vmstat 2 5 (output once every 2 seconds, for a total of 5 times).

•Advanced/Common Scenarios:

• Key columns to focus on: procs(r, b), memory(swpd), swap(si, so), io(bi, bo), cpu(us, sy, id, wa). si/so not equal to 0 may indicate insufficient memory, wa being too high may indicate an I/O bottleneck.
• View only disk: vmstat -d 2.
• View specific partition: vmstat -p /dev/sda1 2.
• View memory slab: sudo vmstat -m.

2. Memory Monitoring

1.free

•Core Function: Displays the usage of physical memory and swap space.
•Basic Usage:

•free -h: Display in human-readable format (e.g., G, M, K).

•Advanced/Common Scenarios:

• Understanding available: This column better reflects the actual available memory for applications.
• Continuous monitoring: watch -n 2 free -h (refresh every 2 seconds).
• Specify units: free -g (GB), free -m (MB).

3. Disk I/O Monitoring

1.iostat (Input/Output Statistics)

•Core Function: Monitors CPU usage and I/O load on devices and partitions.
•Basic Usage:

•iostat: Display an overview of CPU and device I/O.
•iostat -x [interval seconds]: Display more detailed I/O statistics, for example, iostat -x 2.

•Advanced/Common Scenarios:

• Key columns to focus on (-x):r/s, w/s (read/write counts per second), rkB/s, wkB/s (read/write rates), await (average I/O processing time), %util (device utilization, close to 100% may indicate saturation).
• View only CPU: iostat -c 2.
• View specific device: iostat -x sda 2.
• Human-readable units (new version): iostat -xh 2.

2.iotop

•Core Function: Similar to top, but sorts processes by disk I/O usage.
•Basic Usage:

•sudo iotop: Start real-time I/O monitoring (usually requires root).

•Advanced/Common Scenarios:

• View only active processes: sudo iotop -o.
• View cumulative I/O: sudo iotop -a.
• Batch mode (script): sudo iotop -b -n 1.

4. Disk Space Monitoring

1.df (Disk Free)

•Core Function: Reports the disk space usage of the file system.
•Basic Usage:

•df -h: Display all mounted file systems in a human-readable format.
•df -i: Display Inode usage.

•Advanced/Common Scenarios:

• Exclude specific types: df -h -x tmpfs -x devtmpfs.
• Display only specific types: df -h -t ext4 -t xfs.
• Script to get available space: df --output=avail / | tail -n 1 | tr -d ' ' (get the available space value of the root partition).

2.du (Disk Usage)

•Core Function: Estimates the actual disk space occupied by a file or directory.
•Basic Usage:

•du -sh <directory/file>: Display the total size of the specified path.
•du -sh *: Display the size of each sub-item in the current directory.

•Advanced/Common Scenarios:

• Find Top N largest directories: du -h --max-depth=1 /path | sort -hr | head -n 5.
• Calculate size excluding subdirectories: du -sh --exclude='subdir' /path.
• Find large files: find . -type f -size +100M -exec du -ch {} + | sort -hr.

5. Network Monitoring

1.ss

•Core Function: Obtains socket statistics, a modern replacement for netstat, faster.
•Basic Usage:

•sudo ss -tulnp: Display TCP/UDP listening ports and corresponding processes.

•Advanced/Common Scenarios:

• All TCP connections: ss -t -a.
• Specific port connections: ss -tan state established '( dport = :80 or sport = :80 )'.
• Count state connections: ss -tan state time-wait | wc -l (count TIME_WAIT).

2.netstat

•Core Function: Displays network connections, routing tables, interface statistics, etc. (older but still common).
•Basic Usage:

•sudo netstat -tulnp: Listening ports and processes.
•netstat -rn: View routing table.
•netstat -i: View network interface statistics (packet loss, errors, etc.).

3.ping

•Core Function: Tests network connectivity to the target host.
•Basic Usage:

•ping <target IP/domain>.
•ping -c 4 <target>: Send a specified number (4) of packets.

•Advanced/Common Scenarios:

• Test MTU: ping -M do -s 1472 <target> (send a specified size packet without fragmentation).
• Set timeout: ping -W 1 <target> (wait for reply 1 second).

4.iftop

•Core Function: Real-time monitoring of network interface bandwidth usage, displaying traffic by connection (requires root).
•Basic Usage:

•sudo iftop: Monitor the default interface.
•sudo iftop -i eth0: Monitor a specified interface.

•Advanced/Common Scenarios:

• Filter by subnet: sudo iftop -F 192.168.1.0/24.
• Do not resolve hostnames/ports: sudo iftop -n (only IP) / sudo iftop -N (hide ports).

6. Process Monitoring

1.ps (Process Status)

•Core Function: Displays the status of currently running processes.
•Basic Usage (Common Combinations):

•ps aux: BSD style, displays detailed information of all processes.
•ps -ef: System V style, displays complete format information of all processes.

•Advanced/Common Scenarios:

• Find process: ps aux | grep '[p]rocess_name' (use [] to avoid grep itself).
• Sort by resource: ps aux --sort=-%mem (memory descending), ps aux --sort=-%cpu (CPU descending).
• Filter by user: ps -u <username> -f.
• Custom output columns: ps -eo pid,user,%cpu,%mem,comm.
• Find zombie processes: ps aux | awk '$8=="Z"' or ps aux | grep ' Z '.

7. Log Monitoring

1.tail

•Core Function: View the end content of a file, commonly used for real-time log monitoring.
•Basic Usage:

•tail -f /path/to/log: Real-time track file updates.
•tail -n <number of lines> /path/to/log: View the last N lines of the file.

•Advanced/Common Scenarios:

• Track and highlight keywords: tail -f log | grep --color=always -E 'error|warn'.
• Track rolling logs (logrotate): tail -F /path/to/log.
• View the middle part of a file: head -n 200 file | tail -n +100 (view lines 100-200).

2.journalctl (Systemd Journal)

•Core Function: Queries and displays systemd system logs.
•Basic Usage:

•journalctl -f: Real-time track all logs.
•journalctl -u <service_name>: View logs of a specific service.

•Advanced/Common Scenarios:

• View latest logs: journalctl -n 50.
• Filter by time: journalctl --since "1 hour ago", journalctl --since "YYYY-MM-DD HH:MM:SS".
• Filter by priority: journalctl -p err (view only errors), journalctl -p warning.
• Filter by executable: journalctl /path/to/executable.
• Reverse display (latest first): journalctl -r.
• JSON output (for script processing): journalctl -o json-pretty.

8. Command Combination Techniques Examples

• Find Java threads with high CPU usage: ps aux | grep '[j]ava' (get PID) -> top -H -p <PID>.
• Find space occupied by each user under /home: sudo du -sh /home/* | sort -hr.
• Check abnormal external connections (exclude common ports): sudo ss -tunap | grep ESTAB | grep -Ev '(:80 |:443 |:22 )'.
• Find and count the number of network connections in a certain state: ss -tan state <STATE> | wc -l.

Key Reminders and Summary

•man manual is the best teacher: When unsure about options, man <command> (for example, man ps).
•Combined Usage: The power of Linux lies in pipes (|) and command combinations, flexibly used to solve complex problems.
•Understanding Output: Not only should you know how to use commands, but also understand the meaning of each column in the output.
•Practice: Practice more in a safe environment to familiarize yourself with commands and scenarios.
•Select Appropriate Tools: Choose the most suitable monitoring command based on the specific problem.

Related posts

Leave a Comment Cancel reply