iostat
The sysstat package includes sar and iostat
[root@pantinglinux]# iostat
Linux 3.10.0-693.2.2.el7.x86_64 (centos7.4) January 23, 2018_x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.41 0.00 0.27 0.01 0.00 99.31
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
vda 0.25 2.04 2.25 1348209 1490248
iostat 1 keeps showing disk information in a loop
iostat -x disk usage
[root@pantinglinux]# iostat -x
Linux 3.10.0-693.2.2.el7.x86_64 (centos7.4) January 23, 2018_x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.41 0.00 0.27 0.01 0.00 99.31
Device: rrqm/s wrqm/s r/s w/s rkB/s wkB/s avgrq-sz avgqu-sz await r_await w_await svctm %util
vda 0.00 0.07 0.04 0.21 2.04 2.25 34.40 0.00 11.22 15.07 10.48 0.46 0.01
Device: sda,sdb,vda disk
rkB/s wkB/s read and write speed
An important indicator: %util
%util indicates the percentage of waiting for disk io
iotop to see which process is reading and writing to the disk
yum install -y iotop
iotop disk usage
[root@pantinglinux]# iotop
Total DISK READ : 0.00 B/s | Total DISK WRITE : 0.00 B/s
Actual DISK READ: 0.00 B/s | Actual DISK WRITE: 0.00 B/s
TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND
1 be/4 root 0.00 B/s 0.00 B/s 0.00 % 0.00 % systemd --switched-root --system --deserialize 21
free
free to view memory usage
[root@pantinglinux]# free -h
total used free shared buff/cache available
Mem: 1.8G 530M 140M 14M 1.1G 1.1G
Swap: 0B 0B 0B
Mem physical memory
swap swap partition
total : total memory size
used: memory used
free: the remaining memory size
buff: buffer
cache : cache
Buffer/cache difference:
Read data from disk ---> memory (cahche cache) -----> cpu
Data processed by cpu ---> memory (buffer buffer) -----> disk
free -m / -g / -h
free -m (MB)
free -h (specific data plus unit)
free -g(GB)
Total memory size formula: total = used + free + buff /cache
available contains free and buffer/cache remainder
ps
ps to view system processes
(ps means report system process snapshot)
Usage: ps aux, ps -elf
ps aux show system processes
[root@pantinglinux]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.2 43388 3824 ? Ss 1月15 0:03 /usr/lib/systemd/systemd --switched
root 2 0.0 0.0 0 0 ? S 1月15 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ?S Jan 15 0:10 [ksoftirqd/0]
....
ps aux |grep nginx List the nginx processes in the current system process
[root@pantinglinux]# ps aux |grep nginx
root 11881 0.0 0.0 112676 984 pts/0 R+ 17:55 0:00 grep --color=auto nginx
root 28467 0.0 0.1 122908 2268 ? Ss 1月20 0:00 nginx: master process nginx
nginx 28468 0.0 0.1 123296 3588 ? S 1月20 0:00 nginx: worker process
kill pid kill a process
PID is the process number
See where the process started from
ls /proc/process number (each process has a directory)/
ls / proc / 505 /
STAT section description
D process that cannot be interrupted
Process in R run state
S sleep state process
T paused process
Z zombie process
< high priority process
N low priority process
L memory is locked in memory paging
S main process
| Multithreaded process
+ foreground process
What causes zombie processes?
When the parent process is accidentally interrupted, leaving child processes alone, these child processes are called zombie processes.
Multithreaded process:
A process is one run of a program, and a process contains multiple threads.
Pause the process
[root@pantinglinux]# vmstat 1
procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
r b swpd free buff cache si so bi bo in cs us sy id wa st
3 0 0 141648 52672 1144972 0 0 2 2 41 30 0 0 99 0 0
0 0 0 141648 52672 1144972 0 0 0 0 176 345 0 1 99 0 0
0 0 0 141648 52672 1144972 0 0 0 8 171 336 1 0 99 0 0
0 0 0 141260 52672 1144972 0 0 0 0 168 352 0 0 100 0 0
0 0 0 141248 52672 1144972 0 0 0 0 162 368 0 0 100 0 0
^ Z
[1]+ vmstat stopped 1
[root@pantinglinux]# ps aux |grep vmstat
root 21417 0.0 0.0 148316 1376 pts/0 T 19:13 0:00 vmstat 1
netstat View network status
netstat -lnp View listening ports
netstat -ltnp only looks at the tcp port
netstat -ltunp only view tcp, udp ports
netstat -an View the network connection status of the system
netstat -lntp only looks at tcp, not socket
ss -an is the same as netstat
Skill:
netstat -an |awk '/^tcp/{++sta[$NF]}END{for(key in sta) print key,"\t",sta[key]}'
[root@pantinglinux]# netstat -an |awk '/^tcp/{++sta[$NF]}END{for(key in sta) print key,"\t",sta[key]}'
LISTEN 3
ESTABLISHED 3
tcpdump
install yum install -y tcpdump
Packet capture tool: tcpdump
Usage: tcpdump -nn
The first n means that it is displayed by ip, if n is not added, the host name will be displayed
Monitor the specified network card
tcpdump -nn -i eth0
[root@pantinglinux]# tcpdump -nn -i eth0
listen on specified port
listen on port 80 web
[root@pantinglinux]# tcpdump -nn port 80
Listen to the network card eth0 port 80
[root@pantinglinux]# tcpdump -nn -i eth0 port 80
Not listening on port 22
tcpdump -nn -i etho not port 22
Specify a packet of an IP, excluding port 22
tcpdump -nn -i eth0 not port 22 and host 192.168.1.1
Grab 100 packets and put them in /tmp/1.cap
tcpdump -nn -i eth0 -c 100 -w /tmp/1.cap
[root@pantinglinux]# tcpdump -nn -i eth0 -c 100 -w /tmp/1.cap
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
100 packets captured
102 packets received by filter
0 packets dropped by kernel
Read and grab the saved package file 1.cap
[root@pantinglinux]# tcpdump -r /tmp/1.cap
Wire shark capture
[root@pantinglinux]# yum install -y wireshark
tshark command in wireshark
You can clearly see which IP is accessing my website and what content is being accessed on my website.
tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e
"http.host" -e "http.request.method" -e "http.request.uri"