Monitoring Tools

Real Time Interactive IP LAN Monitoring with IPTraf Tool

Real Time Interactive IP LAN Monitoring with IPTraf Tool &-8211; this Article or News was published on this date:2019-05-28 19:54:25 kindly share it with friends if you find it helpful

There are number of monitoring tools available. Moreover, i came across a IPTraf monitoring tool which i find very useful and it’s a simple tool to monitor Inbound and Outbound network traffic passing through interface.

Install IPTraf Network MonitoringInstall IPTraf Network Monitoring

Install IPTraf LAN Monitoring

IPTraf is an ncurses-based IP LAN monitoring tool (text-based) wherein we can monitor various connections like TCP, UDP, ICMP, non-IP counts and also Ethernet load information etc.

This article guides you on how to install IPTraf monitoring tool using YUM command.

Installing IPTraf

IPTraf is part of the Linux distribution and can be installed on RHEL, CentOS and Fedora server’s using yum command from terminal.

- yum install iptraf

Under Ubuntu, iptraf can be installed using Ubuntu Software Center or ‘apt-get’ method. For example, use the ‘apt-get‘ command to install it.

$ sudo apt-get install iptraf
IPTraf Usage

Once IPTraf installed, run the following command from the terminal to launch an ascii based menu interface that will allow you to view current IP traffic monitoring, General interface statistics, Detailed interface statistics, Statistical breakdowns, Filters and also provide some configure options where you can configure as per your need.

[[email protected] ~]- iptraf
Install IPTraf Network MonitoringStart IPTraf

IPTraf Startup Screen

The iptraf interactive screen, displays a menu system with different options to choose from. Here are the some screenshots that shows real time IP traffic counts and interface statistics etc.

Install IPTraf Network MonitoringIPTraf System Menu

IPTraf System Menu

IP traffic monitor
Install IPTraf Network MonitoringIP Traffic Monitor

IP Traffic Monitor

General interface statistics
Install IPTraf Network MonitoringIPTraf General interface statistics

IPTraf General interface statistics

Detailed interface statistics
Install IPTraf Network MonitoringIPTraf Detailed interface statistics

IPTraf Detailed interface statistics

Statistical breakdowns
Install IPTraf Network MonitoringIPTraf Statistical breakdowns

IPTraf Statistical breakdowns

LAN station monitor
Install IPTraf Network MonitoringIPTraf LAN station monitor

IPTraf LAN station monitor

Configure
Install IPTraf Network MonitoringIPTraf Configure

IPTraf Configure

IPTraf Options

Using “iptraf -i” will immediately start the IP traffic monitor on a particular interface. For example, the following command will start the IP traffic on interface eth0. This is the primary interface card that attached to your system. Else you can also monitor all your network interface traffic using argument as “iptraf -i all“.

- iptraf -i eth0
Install IPTraf Network MonitoringIPTraf Eth0 Monitoring

IPTraf Eth0 Monitoring

Similarly, you can also monitor TCP/UDP traffic on a specific interface, using the following command.

- iptraf -s eth0
Install IPTraf Network MonitoringIPTraf TCP/UDP Monitoring

IPTraf TCP/UDP Monitoring

If you want to know more options and how to use them, check iptraf ‘man page‘ or use the command as ‘iptraf -help‘ for more parameters. Fore more information visit the official project page.

How to Monitor User Activity with psacct or acct Tools

How to Monitor User Activity with psacct or acct Tools &-8211; this Article or News was published on this date:2019-05-28 19:54:01 kindly share it with friends if you find it helpful

psacct or acct both are open source application for monitoring users activities on the system. These applications runs in the background and keeps track of each users activity on your system as well as what resources are being consumed.

I personally used this program in our company, we have development team where our developers continuously work on servers. So, this is one of best program to keep a eye on them. This program provides an excellent way to monitor what users are doing, what commands are they firing, how much resources are being consumed by them, how long users are active on the system. Another great feature of this program is it gives total resources consumed by services like Apache, MySQL, FTP,SSH etc.

Read Also: Monitor Linux Commands Executed by System Users in Real-time

I think this is one of the great and must needed application for every Linux/Unix System Administrators, who wanted to keep a track of user activities on their servers/systems.

The psacct or acct package provides several features for monitoring process activities.

  1. ac command prints the statistics of user logins/logouts (connect time) in hours.
  2. lastcomm command prints the information of previously executed commands of user.
  3. accton commands is used to turn on/off process for accounting.
  4. sa command summarizes information of previously executed commands.
  5. last and lastb commands show listing of last logged in users.

Installing psacct or acct Packages

psacct or acct both are similar packages and there is not much difference between them, but the psacct package only available for rpm based distributions such as RHEL, CentOS and Fedora, whereas acct package available for distributions like Ubuntu, Debian and Linux Mint.

To install psacct package under rpm based distributions issue the following yum command.

- yum install psacct

To install acct package using apt-get command under Ubuntu / Debian / Linux Mint.

$ sudo apt-get install acct

OR

- apt-get install acct
Starting psacct or acct service

By default psacct service is in disabled mode and you need to start it manually under RHEL/CentOS/Fedora systems. Use the following command to check the status of service.

- /etc/init.d/psacct status
Process accounting is disabled.

You see the status showing as disabled, so let’s start it manually using the following both commands. These two commands will create a /var/account/pacct file and start services.

- chkconfig psacct on
- /etc/init.d/psacct start
Starting process accounting:                               [  OK  ]

After starting service, check the status again, you will get status as enabled as shown below.

- /etc/init.d/psacct status
Process accounting is enabled.

Under Ubuntu, Debian and Mint service is started automatically, you don’t need to start it again.

Display Statistics of Users Connect Time

ac command without specifying any argument will displays total statistics of connect time in hours based on the user logins/logouts from the current wtmp file.

- ac
total     1814.03
Display Statistics of Users Day-wise

Using command “ac -d” will prints out the total login time in hours by day-wise.

- ac -d
Sep 17  total        5.23
Sep 18  total       15.20
Sep 24  total        3.21
Sep 25  total        2.27
Sep 26  total        2.64
Sep 27  total        6.19
Oct  1  total        6.41
Oct  3  total        2.42
Oct  4  total        2.52
Oct  5  total        6.11
Oct  8  total       12.98
Oct  9  total       22.65
Oct 11  total       16.18
Display Time Totals for each User

Using command “ac -p” will print the total login time of each user in hours.

- ac -p
        root                              1645.18
        sfnews                            168.96
        total     1814.14
Display Individual User Time

To get the total login statistics time of user “sfnews” in hours, use the command as.

- ac sfnews
 total      168.96
Display Day-Wise Logn Time of User

The following command will prints the day-wise total login time of user “sfnews” in hours.

- ac -d sfnews
Oct 11  total        8.01
Oct 12  total       24.00
Oct 15  total       70.50
Oct 16  total       23.57
Oct 17  total       24.00
Oct 18  total       18.70
Nov 20  total        0.18
Print All Account Activity Information

The “sa” command is used to print the summary of commands that were executed by users.

- sa
       2       9.86re       0.00cp     2466k   sshd*
       8       1.05re       0.00cp     1064k   man
       2      10.08re       0.00cp     2562k   sshd
      12       0.00re       0.00cp     1298k   psacct
       2       0.00re       0.00cp     1575k   troff
      14       0.00re       0.00cp      503k   ac
      10       0.00re       0.00cp     1264k   psacct*
      10       0.00re       0.00cp      466k   consoletype
       9       0.00re       0.00cp      509k   sa
       8       0.02re       0.00cp      769k   udisks-helper-a
       6       0.00re       0.00cp     1057k   touch
       6       0.00re       0.00cp      592k   gzip
       6       0.00re       0.00cp      465k   accton
       4       1.05re       0.00cp     1264k   sh*
       4       0.00re       0.00cp     1264k   nroff*
       2       1.05re       0.00cp     1264k   sh
       2       1.05re       0.00cp     1120k   less
       2       0.00re       0.00cp     1346k   groff
       2       0.00re       0.00cp     1383k   grotty
       2       0.00re       0.00cp     1053k   mktemp
       2       0.00re       0.00cp     1030k   iconv
       2       0.00re       0.00cp     1023k   rm
       2       0.00re       0.00cp     1020k   cat
       2       0.00re       0.00cp     1018k   locale
       2       0.00re       0.00cp      802k   gtbl
Where
  1. 9.86re is a “real time” as per wall clock minutes
  2. 0.01cp is a sum of system/user time in cpu minutes
  3. 2466k is a cpu-time averaged core usage, i.e. 1k units
  4. sshd command name
Print Individual User Information

To get the information of individual user, use the options -u.

- sa -u
root       0.00 cpu      465k mem accton
root       0.00 cpu     1057k mem touch
root       0.00 cpu     1298k mem psacct
root       0.00 cpu      466k mem consoletype
root       0.00 cpu     1264k mem psacct           *
root       0.00 cpu     1298k mem psacct
root       0.00 cpu      466k mem consoletype
root       0.00 cpu     1264k mem psacct           *
root       0.00 cpu     1298k mem psacct
root       0.00 cpu      466k mem consoletype
root       0.00 cpu     1264k mem psacct           *
root       0.00 cpu      465k mem accton
root       0.00 cpu     1057k mem touch
Print Number of Processes

This command prints the total number of processes and CPU minutes. If you see continue increase in these numbers, then its time to look into the system about what is happening.

- sa -m
sshd                                    2       9.86re       0.00cp     2466k
root                                  127      14.29re       0.00cp      909k
Print Sort by Percentage

The command “sa -c” displays the highest percentage of users.

- sa -c
 132  100.00%      24.16re  100.00%       0.01cp  100.00%      923k
       2    1.52%       9.86re   40.83%       0.00cp   53.33%     2466k   sshd*
       8    6.06%       1.05re    4.34%       0.00cp   20.00%     1064k   man
       2    1.52%      10.08re   41.73%       0.00cp   13.33%     2562k   sshd
      12    9.09%       0.00re    0.01%       0.00cp    6.67%     1298k   psacct
       2    1.52%       0.00re    0.00%       0.00cp    6.67%     1575k   troff
      18   13.64%       0.00re    0.00%       0.00cp    0.00%      509k   sa
      14   10.61%       0.00re    0.00%       0.00cp    0.00%      503k   ac
      10    7.58%       0.00re    0.00%       0.00cp    0.00%     1264k   psacct*
      10    7.58%       0.00re    0.00%       0.00cp    0.00%      466k   consoletype
       8    6.06%       0.02re    0.07%       0.00cp    0.00%      769k   udisks-helper-a
       6    4.55%       0.00re    0.00%       0.00cp    0.00%     1057k   touch
       6    4.55%       0.00re    0.00%       0.00cp    0.00%      592k   gzip
       6    4.55%       0.00re    0.00%       0.00cp    0.00%      465k   accton
       4    3.03%       1.05re    4.34%       0.00cp    0.00%     1264k   sh*
       4    3.03%       0.00re    0.00%       0.00cp    0.00%     1264k   nroff*
       2    1.52%       1.05re    4.34%       0.00cp    0.00%     1264k   sh
       2    1.52%       1.05re    4.34%       0.00cp    0.00%     1120k   less
       2    1.52%       0.00re    0.00%       0.00cp    0.00%     1346k   groff
       2    1.52%       0.00re    0.00%       0.00cp    0.00%     1383k   grotty
       2    1.52%       0.00re    0.00%       0.00cp    0.00%     1053k   mktemp
List Last Executed Commands of User

The ‘latcomm‘ command is used to search and display previously executed user commands information. You can also search commands of individual usernames. For example, we see commands of user (sfnews).

- lastcomm sfnews
su                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
ls                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
ls                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
ls                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
bash               F    sfnews  pts/0      0.00 secs Wed Feb 13 15:56
id                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
grep                    sfnews  pts/0      0.00 secs Wed Feb 13 15:56
grep                    sfnews  pts/0      0.00 secs Wed Feb 13 15:56
bash               F    sfnews  pts/0      0.00 secs Wed Feb 13 15:56
dircolors               sfnews  pts/0      0.00 secs Wed Feb 13 15:56
bash               F    sfnews  pts/0      0.00 secs Wed Feb 13 15:56
tput                    sfnews  pts/0      0.00 secs Wed Feb 13 15:56
tty                     sfnews  pts/0      0.00 secs Wed Feb 13 15:56
bash               F    sfnews  pts/0      0.00 secs Wed Feb 13 15:56
id                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
bash               F    sfnews  pts/0      0.00 secs Wed Feb 13 15:56
id                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
Search Logs for Commands

With the help of the lastcomm command you will be able to view individual use of an each commands.

- lastcomm ls
ls                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
ls                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56
ls                      sfnews  pts/0      0.00 secs Wed Feb 13 15:56

NetHogs – Monitor Per Process Network Bandwidth Usage in Real Time

NetHogs &-8211; Monitor Per Process Network Bandwidth Usage in Real Time &-8211; this Article or News was published on this date:2019-05-28 19:53:38 kindly share it with friends if you find it helpful

Linux operating systems have tons of open source network monitoring tools on the web. Say, you can use iftop command to check bandwidth usage, netstat command to see reports on interface statistics or top command to watch running process on your system. But if you are really looking for something that can give you a real time statistics of your network bandwidth of per process usage, then NetHogs is the only utility you should look for.

Linux Network Bandwidth MonitoringLinux Network Bandwidth Monitoring

NetHogs – Network Bandwidth Monitoring

What is NetHogs?

NetHogs is an open source command line program (similar to Linux top command) that is used for monitor real time network traffic bandwidth used by each process or application.

From NetHogs Project Page

NetHogs is a small ‘net top’ tool. Instead of breaking the traffic down per protocol or per subnet, like most tools do, it groups bandwidth by process. NetHogs does not rely on a special kernel module to be loaded. If there’s suddenly a lot of network traffic, you can fire up NetHogs and immediately see which PID is causing this. This makes it easy to identify programs that have gone wild and are suddenly taking up your bandwidth.

This article explains you on how to install and find out real time per process network bandwidth usage with nethogs utility under Unix/Linux operating systems.

Install NetHogs in RHEL, CentOS and Fedora

To install nethogs, you must turn on EPEL repository under your Linux systems and then run the following yum command to download and install nethogs package.

- yum install nethogs
Sample Output
[[email protected] ~]- yum -y install nethogs

Loaded plugins: fastestmirror, refresh-packagekit
Loading mirror speeds from cached hostfile
 * base: mirrors.hns.net.in
 * epel: mirror.nus.edu.sg
 * extras: mirrors.hns.net.in
 * rpmfusion-free-updates: mirrors.ustc.edu.cn
 * rpmfusion-nonfree-updates: mirror.de.leaseweb.net
 * updates: mirrors.hns.net.in
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package nethogs.i686 0:0.8.0-1.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

===========================================================================================================
 Package				Arch				Version					Repository					Size
===========================================================================================================
Installing:
 nethogs				i686				0.8.0-1.el6				epel						28 k

Transaction Summary
===========================================================================================================
Install       1 Package(s)

Total download size: 28 k
Installed size: 50 k
Downloading Packages:
nethogs-0.8.0-1.el6.i686.rpm														|  28 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : nethogs-0.8.0-1.el6.i686                                                          1/1
  Verifying  : nethogs-0.8.0-1.el6.i686                                                          1/1

Installed:
  nethogs.i686 0:0.8.0-1.el6

Complete!

Install NetHogs in Ubuntu, Linux Mint and Debian

To install nethogs, type the following apt-get command to install nethogs package.

$ sudo apt-get install nethogs
Sample Output
[email protected]:~$ sudo apt-get install nethogs

[sudo] password for sfnews: 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  nethogs
0 upgraded, 1 newly installed, 0 to remove and 318 not upgraded.
Need to get 27.1 kB of archives.
After this operation, 100 kB of additional disk space will be used.
Get:1 http://in.archive.ubuntu.com/ubuntu/ quantal/universe nethogs i386 0.8.0-1 [27.1 kB]
Fetched 27.1 kB in 1s (19.8 kB/s)  
Selecting previously unselected package nethogs.
(Reading database ... 216058 files and directories currently installed.)
Unpacking nethogs (from .../nethogs_0.8.0-1_i386.deb) ...
Processing triggers for man-db ...
Setting up nethogs (0.8.0-1) ...

Using NetHogs Utility

To run the nethogs utility, type the following command under red-hat based systems.

- nethogs

To execute it, you will must have root permissions, so run with sudo command as shown.

$ sudo nethogs
Sample Previews:
Linux Network Bandwidth MonitoringInstall Nethogs in Linux

NetHogs Preview on CentOS 6.3

Linux Network Bandwidth MonitoringInstall nethogs in Ubuntu

NetHogs Preview on Ubuntu 12.10

As you see above the send and received lines show the amount of traffic being used by per process. The total sent and received usage of bandwidth calculated at the bottom. You can sort and change the order by using the interactive controls discussed below.

NetHogs Command Line Options

Following are the nethogs command line options. Using ‘-d‘ to add a refresh rate and ‘device name‘ to monitor specific given device or devices bandwidth (default is eth0). For example, to set 5 seconds as your refresh rate, then type the command as.

- nethogs -d 5
$ sudo nethogs -d 5

To monitor specific device (eth0) network bandwidth only, use the command as.

- nethogs eth0
$ sudo nethogs eth0

To monitor network bandwidth of both eth0 and eth1 interfaces, type the following command.

- nethogs eth0 eth1
$ sudo nethogs eth0 eth1
Other Options and Usage
-d : delay for refresh rate.
-h : display available commands usage.
-p : sniff in promiscious mode (not recommended).
-t : tracemode.
-V : prints Version info.

NetHogs Interactive Controls

Following are some useful interactive controls (Keyboard Shortcuts) of nethogs program.

-m : Change the units displayed for the bandwidth in units like KB/sec -> KB -> B-> MB.
-r : Sort by magnitude of respectively traffic.
-s : Sort by magnitude of sent traffic.
-q : Hit quit to the shell prompt.

For a full list of nethogs utility command line options, please check out the nethogs man pages by using command as ‘man nethogs‘ or ‘sudo man nethogs‘ from the terminal. For more information visit the Nethogs project home page.

20 Command Line Tools to Monitor Linux Performance

20 Command Line Tools to Monitor Linux Performance &-8211; this Article or News was published on this date:2019-05-28 19:21:53 kindly share it with friends if you find it helpful

It’s really very tough job for every System or Network administrator to monitor and debug Linux System Performance problems every day. After being a Linux Administrator for 5 years in IT industry, I came to know that how hard is to monitor and keep systems up and running. For this reason, we’ve compiled the list of Top 20 frequently used command line monitoring tools that might be useful for every Linux/Unix System Administrator. These commands are available under all flavors of Linux and can be useful to monitor and find the actual causes of performance problem. This list of commands shown here are very enough for you to pick the one that is suitable for your monitoring scenario.

Linux Command Line MonitoringLinux Command Line Monitoring

Linux Command Line Monitoring

1. Top – Linux Process Monitoring

Linux Top command is a performance monitoring program which is used frequently by many system administrators to monitor Linux performance and it is available under many Linux/Unix like operating systems. The top command used to dipslay all the running and active real-time processes in ordered list and updates it regularly. It display CPU usage, Memory usage, Swap Memory, Cache Size, Buffer Size, Process PID, User, Commands and much more. It also shows high memory and cpu utilization of a running processess. The top command is much userful for system administrator to monitor and take correct action when required. Let’s see top command in action.

- top
Linux Command Line MonitoringTop Command Example

Top Command Example

For more examples of Top command read : 12 TOP Command Examples in Linux

2. VmStat – Virtual Memory Statistics

Linux VmStat command used to display statistics of virtual memory, kernerl threads, disks, system processes, I/O blocks, interrupts, CPU activity and much more. By default vmstat command is not available under Linux systems you need to install a package called sysstat that includes a vmstat program. The common usage of command format is.

- vmstat

procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free  inact active   si   so    bi    bo   in   cs us sy id wa st
 1  0      0 810420  97380  70628    0    0   115     4   89   79  1  6 90  3  0

For more Vmstat examples read : 6 Vmstat Command Examples in Linux

3. Lsof – List Open Files

Lsof command used in many Linux/Unix like system that is used to display list of all the open files and the processes. The open files included are disk files, network sockets, pipes, devices and processes. One of the main reason for using this command is when a disk cannot be unmounted and displays the error that files are being used or opened. With this commmand you can easily identify which files are in use. The most common format for this command is.

- lsof

COMMAND     PID      USER   FD      TYPE     DEVICE     SIZE       NODE NAME
init          1      root  cwd       DIR      104,2     4096          2 /
init          1      root  rtd       DIR      104,2     4096          2 /
init          1      root  txt       REG      104,2    38652   17710339 /sbin/init
init          1      root  mem       REG      104,2   129900     196453 /lib/ld-2.5.so
init          1      root  mem       REG      104,2  1693812     196454 /lib/libc-2.5.so
init          1      root  mem       REG      104,2    20668     196479 /lib/libdl-2.5.so
init          1      root  mem       REG      104,2   245376     196419 /lib/libsepol.so.1
init          1      root  mem       REG      104,2    93508     196431 /lib/libselinux.so.1
init          1      root   10u     FIFO       0,17                 953 /dev/initctl

More lsof command usage and examples : 10 lsof Command Examples in Linux

4. Tcpdump – Network Packet Analyzer

Tcpdump one of the most widely used command-line network packet analyzer or packets sniffer program that is used capture or filter TCP/IP packets that received or transferred on a specific interface over a network. It also provides a option to save captured packages in a file for later analysis. tcpdump is almost available in all major Linux distributions.

- tcpdump -i eth0

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
22:08:59.617628 IP sfnews.com.ssh > 115.113.134.3.static-mumbai.vsnl.net.in.28472: P 2532133365:2532133481(116) ack 3561562349 win 9648
22:09:07.653466 IP sfnews.com.ssh > 115.113.134.3.static-mumbai.vsnl.net.in.28472: P 116:232(116) ack 1 win 9648
22:08:59.617916 IP 115.113.134.3.static-mumbai.vsnl.net.in.28472 > sfnews.com.ssh: . ack 116 win 64347

For more tcpdump usage read : 12 Tcpdump Command Examples in Linux

5. Netstat – Network Statistics

Netstat is a command line tool for monitoring incoming and outgoing network packets statistics as well as interface statistics. It is very useful tool for every system administrator to monitor network performance and troubleshoot network related problems.

- netstat -a | more

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State
tcp        0      0 *:mysql                     *:*                         LISTEN
tcp        0      0 *:sunrpc                    *:*                         LISTEN
tcp        0      0 *:realm-rusd                *:*                         LISTEN
tcp        0      0 *:ftp                       *:*                         LISTEN
tcp        0      0 localhost.localdomain:ipp   *:*                         LISTEN
tcp        0      0 localhost.localdomain:smtp  *:*                         LISTEN
tcp        0      0 localhost.localdomain:smtp  localhost.localdomain:42709 TIME_WAIT
tcp        0      0 localhost.localdomain:smtp  localhost.localdomain:42710 TIME_WAIT
tcp        0      0 *:http                      *:*                         LISTEN
tcp        0      0 *:ssh                       *:*                         LISTEN
tcp        0      0 *:https                     *:*                         LISTEN

More Netstat examples : 20 Netstat Command Examples in Linux.

6. Htop – Linux Process Monitoring

Htop is a much advanced interactive and real time Linux process monitoring tool. This is much similar to Linux top command but it has some rich features like user friendly interface to manage process, shortcut keys, vertical and horizontal view of the processes and much more. Htop is a third party tool and doesn’t included in Linux systems, you need to install it using YUM package manager tool. For more information on installation read our article below.

- htop
Linux Command Line MonitoringHtop Command Example

Htop Command Example Screenshot

For Htop installation read : Install Htop (Linux Process Monitoring) in Linux

7. Iotop – Monitor Linux Disk I/O

Iotop is also much similar to top command and Htop program, but it has accounting function to monitor and display real time Disk I/O and processes. This tool is much useful for finding the exact process and high used disk read/writes of the processes.

- iotop
Linux Command Line MonitoringIotop Command Example

Iotop Command Example Screenshot

For Ioptop installation and usage read : Install Iotop in Linux

8. Iostat – Input/Output Statistics

IoStat is simple tool that will collect and show system input and output storage device statistics. This tool is often used to trace storage device performance issues including devices, local disks, remote disks such as NFS.

- iostat

Linux 2.6.18-238.9.1.el5 (sfnews.com)         09/13/2012

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           2.60    3.65    1.04    4.29    0.00   88.42

Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn
cciss/c0d0       17.79       545.80       256.52  855159769  401914750
cciss/c0d0p1      0.00         0.00         0.00       5459       3518
cciss/c0d0p2     16.45       533.97       245.18  836631746  384153384
cciss/c0d0p3      0.63         5.58         3.97    8737650    6215544
cciss/c0d0p4      0.00         0.00         0.00          8          0
cciss/c0d0p5      0.63         3.79         5.03    5936778    7882528
cciss/c0d0p6      0.08         2.46         2.34    3847771    3659776

For more Iostat usage and examples visit : 6 Iostat Command Examples in Linux

9. IPTraf – Real Time IP LAN Monitoring

IPTraf is an open source console-based real time network (IP LAN) monitoring utility for Linux. It collects a variety of information such as IP traffic monitor that passes over the network, including TCP flag information, ICMP details, TCP/UDP traffic breakdowns, TCP connection packet and byne counts. It also gathers information of general and detaled interface statistics of TCP, UDP, IP, ICMP, non-IP, IP checksum errors, interface activity etc.

Linux Command Line MonitoringIP Traffic Monitor

IP Traffic Monitor

For more information and usage of IPTraf tool, please visit : IPTraf Network Monitoring Tool

10. Psacct or Acct – Monitor User Activity

psacct or acct tools are very useful for monitoring each users activity on the system. Both daemons runs in the background and keeps a close watch on the overall activity of each user on the system and also what resources are being consumed by them.

These tools are very useful for system administrators to track each users activity like what they are doing, what commands they issued, how much resources are used by them, how long they are active on the system etc.

For installation and example usage of commands read the article on Monitor User Activity with psacct or acct

11. Monit – Linux Process and Services Monitoring

Monit is a free open source and web based process supervision utility that automatically monitors and managers system processes, programs, files, directories, permissions, checksums and filesystems.

It monitors services like Apache, MySQL, Mail, FTP, ProFTP, Nginx, SSH and so on. The system status can be viewed from the command line or using it own web interface.

Linux Command Line MonitoringMonit Linux Process Monitoring

Monit Linux Process Monitoring

Read More : Linux Process Monitoring with Monit

12. NetHogs – Monitor Per Process Network Bandwidth

NetHogs is an open source nice small program (similar to Linux top command) that keeps a tab on each process network activity on your system. It also keeps a track of real time network traffic bandwidth used by each program or application.

Linux Command Line MonitoringNetHogs Linux Bandwidth Monitoring

NetHogs Linux Bandwidth Monitoring

Read More : Monitor Linux Network Bandwidth Using NetHogs

13. iftop – Network Bandwidth Monitoring

iftop is another terminal-based free open source system monitoring utility that displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passing through the network interface on your system. iftop is considered for network usage, what ‘top‘ does for CPU usage. iftop is a ‘top‘ family tool that monitor a selected interface and displays a current bandwidth usage between two hosts.

Linux Command Line Monitoringiftop - Network Bandwidth Monitoring

iftop – Network Bandwidth Monitoring

Read More : iftop – Monitor Network Bandwidth Utilization

14. Monitorix – System and Network Monitoring

Monitorix is a free lightweight utility that is designed to run and monitor system and network resources as many as possible in Linux/Unix servers. It has a built in HTTP web server that regularly collects system and network information and display them in graphs. It Monitors system load average and usage, memory allocation, disk driver health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc), MySQL statistics and many more. It designed to monitor overall system performance and helps in detecting failures, bottlenecks, abnormal activities etc.

Linux Command Line MonitoringMonitorix Monitoring

Monitorix Monitoring

Read More : Monitorix a System and Network Monitoring Tool for Linux

15. Arpwatch – Ethernet Activity Monitor

Arpwatch is a kind of program that is designed to monitor Address Resolution (MAC and IP address changes) of Ethernet network traffic on a Linux network. It continuously keeps watch on Ethernet traffic and produces a log of IP and MAC address pair changes along with a timestamps on a network. It also has a feature to send an email alerts to administrator, when a pairing added or changes. It is very useful in detecting ARP spoofing on a network.

Read More : Arpwatch to Monitor Ethernet Activity

16. Suricata – Network Security Monitoring

Suricata is an high performance open source Network Security and Intrusion Detection and Prevention Monitoring System for Linux, FreeBSD and Windows.It was designed and owned by a non-profit foundation OISF (Open Information Security Foundation).

Read More : Suricata – A Network Intrusion Detection and Prevention System

17. VnStat PHP – Monitoring Network Bandwidth

VnStat PHP a web based frontend application for most popular networking tool called “vnstat“. VnStat PHP monitors a network traffic usage in nicely graphical mode. It displays a total IN and OUT network traffic usage in hourly, daily, monthly and full summary report.

Read More : VnStat PHP – Monitoring Network Bandwidth

18. Nagios – Network/Server Monitoring

Nagios is an leading open source powerful monitoring system that enables network/system administrators to identify and resolve server related problems before they affect major business processes. With the Nagios system, administrators can able to monitor remote Linux, Windows, Switches, Routers and Printers on a single window. It shows critical warnings and indicates if something went wrong in your network/server which indirectly helps you to begin remediation processes before they occur.

Read More : Install Nagios Monitoring System to Monitor Remote Linux/Windows Hosts

19. Nmon: Monitor Linux Performance

Nmon (stands for Nigel’s performance Monitor) tool, which is used to monitor all Linux resources such as CPU, Memory, Disk Usage, Network, Top processes, NFS, Kernel and much more. This tool comes in two modes: Online Mode and Capture Mode.

The Online Mode, is used for real-time monitoring and Capture Mode, is used to store the output in CSV format for later processing.

Linux Command Line MonitoringNmon Monitoring

Nmon Monitoring

Read More: Install Nmon (Performance Monitoring) Tool in Linux

20. Collectl: All-in-One Performance Monitoring Tool

Collectl is a yet another powerful and feature rich command line based utility, that can be used to gather information about Linux system resources such as CPU usage, memory, network, inodes, processes, nfs, tcp, sockets and much more.

Linux Command Line MonitoringCollectl Monitoring

Collectl Monitoring

Read More: Install Collectl (All-in-One Performance Monitoring) Tool in Linux

We would like to know what kind of monitoring programs you use to monitor performance of your Linux servers? If we’ve missed any important tool that you would like us to include in this list, please inform us via comments and please don’t forget to share it.

Read Also: 13 Linux Performance Monitoring Tools – Part 2

MTR – A Network Diagnostic Tool for Linux

MTR &-8211; A Network Diagnostic Tool for Linux &-8211; this Article or News was published on this date:2019-05-28 16:14:19 kindly share it with friends if you find it helpful

MTR is a simple, cross-platform command-line network diagnostic tool that combines the functionality of commonly used traceroute and ping programs into a single tool. In a similar fashion as traceroute, mtr prints information about the route that packets take from the host on which mtr is run to a user specified destination host.

Read Also: How to Audit Network Performance, Security and Troubleshoot in Linux

However, mtr shows a wealth of information than traceroute: it determines the pathway to a remote machine while printing response percentage as well as response times of all network hops in the internet route between the local system and a remote machines.

How Does MTR Work?

Once you run mtr, it probes the network connection between the local system and a remote host that you have specified. It first establishes the address of each network hop (bridges, routers and gateways etc.) between the hosts, it then pings (sends a sequence ICMP ECHO requests to) each one to determine the quality of the link to each machine.

During the course of this operation, mtr outputs some useful statistics about each machine – updated in real-time, by default.

This tool comes pre-installed on most Linux distributions and is fairly easy to use once you go through the 10 mtr command examples for network diagnostics in Linux, explained below.

If mtr not installed, you can install it on your respective Linux distributions using your default package manager as shown.

$ sudo apt install mtr
$ sudo yum install mtr
$ sudo dnf install mtr

10 MTR Network Diagnostics Tool Usage Examples

1. The simplest example of using mtr is to provide the domain name or IP address of the remote machine as an argument, for example google.com or 216.58.223.78. This command will show you a traceroute report updated in real-time, until you exit the program (by pressing q or Ctrl + C).

$ mtr google.com
OR
$ mtr 216.58.223.78

Start: Thu Jun 28 12:10:13 2018
HOST: TecMint                     Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.0.1                0.0%     5    0.3   0.3   0.3   0.4   0.0
  2.|-- 5.5.5.211                  0.0%     5    0.7   0.9   0.7   1.3   0.0
  3.|-- 209.snat-111-91-120.hns.n 80.0%     5    7.1   7.1   7.1   7.1   0.0
  4.|-- 72.14.194.226              0.0%     5    1.9   2.9   1.9   4.4   1.1
  5.|-- 108.170.248.161            0.0%     5    2.9   3.5   2.0   4.3   0.7
  6.|-- 216.239.62.237             0.0%     5    3.0   6.2   2.9  18.3   6.7
  7.|-- bom05s12-in-f14.1e100.net  0.0%     5    2.1   2.4   2.0   3.8   0.5

2. You can force mtr to display numeric IP addresses instead of host names (typically FQDNsFully Qualified Domain Names), using the -n flag as shown.

$ mtr -n google.com

Start: Thu Jun 28 12:12:58 2018
HOST: TecMint                     Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.0.1                0.0%     5    0.3   0.3   0.3   0.4   0.0
  2.|-- 5.5.5.211                  0.0%     5    0.9   0.9   0.8   1.1   0.0
  3.|-- ???                       100.0     5    0.0   0.0   0.0   0.0   0.0
  4.|-- 72.14.194.226              0.0%     5    2.0   2.0   1.9   2.0   0.0
  5.|-- 108.170.248.161            0.0%     5    2.3   2.3   2.2   2.4   0.0
  6.|-- 216.239.62.237             0.0%     5    3.0   3.2   3.0   3.3   0.0
  7.|-- 172.217.160.174            0.0%     5    3.7   3.6   2.0   5.3   1.4

3. If you would like mtr to display both host names as well as numeric IP numbers use the -b flag as shown.

$ mtr -b google.com

Start: Thu Jun 28 12:14:36 2018
HOST: TecMint                     Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.0.1                0.0%     5    0.3   0.3   0.3   0.4   0.0
  2.|-- 5.5.5.211                  0.0%     5    0.7   0.8   0.6   1.0   0.0
  3.|-- 209.snat-111-91-120.hns.n  0.0%     5    1.4   1.6   1.3   2.1   0.0
  4.|-- 72.14.194.226              0.0%     5    1.8   2.1   1.8   2.6   0.0
  5.|-- 108.170.248.209            0.0%     5    2.0   1.9   1.8   2.0   0.0
  6.|-- 216.239.56.115             0.0%     5    2.4   2.7   2.4   2.9   0.0
  7.|-- bom07s15-in-f14.1e100.net  0.0%     5    3.7   2.2   1.7   3.7   0.9

4. To limit the number of pings to a specific value and exit mtr after those pings, use the -c flag. If you observe from the Snt column, once the specified number of pings is reached, the live update stops and the program exits.

$ mtr -c5 google.com

5. You can set it into report mode using the -r flag, a useful option for producing statistics concerning network quality. You can use this option together with the -c option to specify the number of pings. Since the statistics are printed to std output, you can redirect them to a file for later analysis.

$ mtr -r -c 5 google.com >mtr-report

The -w flag enables wide report mode for a clearer output.

$ mtr -rw -c 5 google.com >mtr-report

6. You can also re-arrange the output fields the way you wish, this is made possible by the -o flag as shown (see the mtr man page for meaning of field labels).

$ mtr -o "LSDR NBAW JMXI" 216.58.223.78
MTR Fields and OrderMTR Fields and Order

MTR Fields and Order

7. The default interval between ICMP ECHO requests is one second, you can specify interval between ICMP ECHO requests by changing the value using the -i flag as shown.

$ mtr -i 2 google.com

8. You can use TCP SYN packets or UDP datagrams instead of the default ICMP ECHO requests as shown.

$ mtr --tcp test.com
OR
$ mtr --udp test.com 

9. To specify the maximum number of hops (default is 30) to be probed between the local system and the remote machine, use the -m flag.

$ mtr -m 35 216.58.223.78

10. While probing network quality, you can set the packet size used in bytes using the -s flag like so.

$ mtr -r -s PACKETSIZE -c 5 google.com >mtr-report

With these examples, you should be good to go with using mtr, see man page for more usage options.

$ man mtr 

Also check out these useful guides about Linux network configurations and troubleshooting:

  1. 13 Linux Network Configuration and Troubleshooting Commands
  2. How to Block Ping ICMP Requests to Linux Systems

That’s it for now! MTR is a simple, easy-to-use and above all cross-platform network diagnostics tool. In this guide, we have explained 10 mtr command examples in Linux. If you have any questions, or thoughts to share with us, use the comment form below.