20 Must-Have Command Line Tools to Monitor Linux Performance
Being a System or Network administrator tasked with monitoring and debugging Linux system performance problems on a daily basis is an immensely challenging responsibility.
It demands unwavering dedication, a profound understanding of Linux systems, and a constant commitment to ensuring optimal performance and reliability.
After dedicating a decade to working as a Linux Administrator in the IT industry, I have come to truly appreciate the arduous task of monitoring and ensuring the continuous operation of systems.
In light of this, we have curated a comprehensive list of the Top 20 frequently used command-line monitoring tools. These invaluable tools can prove indispensable for every Linux/Unix System Administrator, empowering them to efficiently monitor, diagnose, and maintain the health and performance of their systems.
These monitoring tools are available under all flavors of Linux and can be useful to monitor and find the actual causes of performance problems. This list of commands shown here is very enough for you to pick the one that is suitable for your monitoring scenario.
1. Top – Linux Process Monitoring
Linux top command is a performance monitoring program that is used frequently by many system administrators to monitor Linux performance and it is available under many Linux/Unix-like operating systems.
The top command is used to display all the running and active real-time processes in an ordered list and updates it regularly. It displays CPU usage, Memory usage, Swap Memory, Cache Size, Buffer Size, Process PID, User, Commands, and much more.
It also shows high memory and cpu utilization of running processes. The top command is much useful for system administrators to monitor and take corrective action when required. Let’s see the top command in action.
# top
2. VmStat – Virtual Memory Statistics
Linux VmStat command is used to display statistics of virtual memory, kernel threads, disks, system processes, I/O blocks, interrupts, CPU activity, and much more.
Install VmStat on Linux
By default vmstat command is not available under Linux systems you need to install a package called sysstat (a powerful monitoring tool) that includes a vmstat program.
$ sudo yum install sysstat [On Older CentOS/RHEL & Fedora] $ sudo dnf install sysstat [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux] $ sudo apt-get install sysstat [On Debian/Ubuntu & Mint] $ sudo pacman -S sysstat [On Arch Linux]
The common usage of the vmstat command format is.
# vmstat procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- r b swpd free buff cache si so bi bo in cs us sy id wa st 1 0 43008 275212 1152 561208 4 16 100 105 65 113 0 1 96 3 0
3. Lsof – List Open Files
The lsof command is used in many Linux/Unix-like systems to display a list of all the open files and processes. The open files included are disk files, network sockets, pipes, devices, and processes.
One of the main reasons for using this command is when a disk cannot be unmounted and displays the error that files are being used or opened. With this command, you can easily identify which files are in use.
The most common format for lsof command is.
# lsof COMMAND PID TID TASKCMD USER FD TYPE DEVICE SIZE/OFF NODE NAME systemd 1 root cwd DIR 8,2 224 128 / systemd 1 root rtd DIR 8,2 224 128 / systemd 1 root txt REG 8,2 1567768 134930842 /usr/lib/systemd/systemd systemd 1 root mem REG 8,2 2714928 134261052 /usr/lib64/libm-2.28.so systemd 1 root mem REG 8,2 628592 134910905 /usr/lib64/libudev.so.1.6.11 systemd 1 root mem REG 8,2 969832 134261204 /usr/lib64/libsepol.so.1 systemd 1 root mem REG 8,2 1805368 134275205 /usr/lib64/libunistring.so.2.1.0 systemd 1 root mem REG 8,2 355456 134275293 /usr/lib64/libpcap.so.1.9.0 systemd 1 root mem REG 8,2 145984 134261219 /usr/lib64/libgpg-error.so.0.24.2 systemd 1 root mem REG 8,2 71528 134270542 /usr/lib64/libjson-c.so.4.0.0 systemd 1 root mem REG 8,2 371736 134910992 /usr/lib64/libdevmapper.so.1.02 systemd 1 root mem REG 8,2 26704 134275177 /usr/lib64/libattr.so.1.1.2448 systemd 1 root mem REG 8,2 3058736 134919279 /usr/lib64/libcrypto.so.1.1.1c ...
4. Tcpdump – Network Packet Analyzer
The tcpdump command is one of the most widely used command-line network packet analyzer or packet sniffer programs that is used to capture or filter TCP/IP packets that are received or transferred on a specific interface over a network.
It also provides an option to save captured packages in a file for later analysis. tcpdump is almost available in all major Linux distributions.
# tcpdump -i enp0s3 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes 10:19:34.635893 IP tecmint.ssh > 192.168.0.124.45611: Flags [P.], seq 2840044824:2840045032, ack 4007244093 10:19:34.636289 IP 192.168.0.124.45611 > tecmint.ssh: Flags [.], ack 208, win 11768, options 10:19:34.873060 IP _gateway.57682 > tecmint.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 10:19:34.873104 IP tecmint > _gateway: ICMP tecmint udp port netbios-ns unreachable, length 86 10:19:34.895453 IP _gateway.48953 > tecmint.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 10:19:34.895501 IP tecmint > _gateway: ICMP tecmint udp port netbios-ns unreachable, length 86 10:19:34.992693 IP 142.250.4.189.https > 192.168.0.124.38874: UDP, length 45 10:19:35.010127 IP 192.168.0.124.38874 > 142.250.4.189.https: UDP, length 33 10:19:35.135578 IP _gateway.39383 > 192.168.0.124.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 10:19:35.135586 IP 192.168.0.124 > _gateway: ICMP 192.168.0.124 udp port netbios-ns unreachable, length 86 10:19:35.155827 IP _gateway.57429 > 192.168.0.124.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST 10:19:35.155835 IP 192.168.0.124 > _gateway: ICMP 192.168.0.124 udp port netbios-ns unreachable, length 86 ...
5. Netstat – Network Statistics
The netstat is a command-line tool for monitoring incoming and outgoing network packet statistics as well as interface statistics. It is a very useful tool for every system administrator to monitor network performance and troubleshoot network-related problems.
# netstat -a | more Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 0.0.0.0:sunrpc 0.0.0.0:* LISTEN tcp 0 0 tecmint:domain 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN tcp 0 0 localhost:postgres 0.0.0.0:* LISTEN tcp 0 0 tecmint:ssh 192.168.0.124:45611 ESTABLISHED tcp6 0 0 [::]:sunrpc [::]:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:postgres [::]:* LISTEN udp 0 0 0.0.0.0:mdns 0.0.0.0:* udp 0 0 localhost:323 0.0.0.0:* udp 0 0 tecmint:domain 0.0.0.0:* udp 0 0 0.0.0.0:bootps 0.0.0.0:* udp 0 0 tecmint:bootpc _gateway:bootps ESTABLISHED ...
While in present-day netstat has been deprecated in favor of the ss command, you may still discover netstat in your networking toolkit.
6. Htop – Linux Process Monitoring
htop is a much advanced interactive and real-time Linux process monitoring tool, which is much similar to Linux top command but it has some rich features like a user-friendly interface to manage processes, shortcut keys, vertical and horizontal views of the processes, and much more.
# htop
htop is a third-party tool, which doesn’t come with Linux systems, you need to install it using your system package manager tool.
For more information on htop installation read our article – Install Htop (Linux Process Monitoring) in Linux.
7. Iotop – Monitor Linux Disk I/O
iotop is also much similar to the top command and htop program, but it has an accounting function to monitor and display real-time Disk I/O and processes.
iotop tool is much useful for finding the exact process and highly used disk read/writes of the processes.
Install Iotop on Linux
By default, the iotop command is not available under Linux and you need to install it as shown.
$ sudo yum install iotop [On Older CentOS/RHEL & Fedora] $ sudo dnf install iotop [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux] $ sudo apt-get install iotop [On Debian/Ubuntu & Mint] $ sudo pacman -S iotop [On Arch Linux]
The common usage of the iotop command format is.
# iotop
8. Iostat – Input/Output Statistics
iostat is a simple tool that will collect and show system input and output storage device statistics. This tool is often used to trace storage device performance issues including devices, local disks, and remote disks such as NFS.
Install Iostat on Linux
To get the iostat command, you need to install a package called sysstat as shown.
$ sudo yum install sysstat [On Older CentOS/RHEL & Fedora] $ sudo dnf install sysstat [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux] $ sudo apt-get install sysstat [On Debian/Ubuntu & Mint] $ sudo pacman -S sysstat [On Arch Linux]
The common usage of the iostat command format is.
# iostat Linux 4.18.0-193.el8.x86_64 (tecmint) 04/05/2021 _x86_64_ (1 CPU) avg-cpu: %user %nice %system %iowait %steal %idle 0.21 0.03 0.59 2.50 0.00 96.67 Device tps kB_read/s kB_wrtn/s kB_read kB_wrtn sda 3.95 83.35 89.63 1782431 1916653
9. IPTraf – Real-Time IP LAN Monitoring
IPTraf is an open-source console-based real-time network (IP LAN) monitoring utility for Linux. It collects a variety of information such as IP traffic monitor that passes over the network, including TCP flag information, ICMP details, TCP/UDP traffic breakdowns, TCP connection packets, and byte counts.
It also gathers information on general and detailed interface statistics of TCP, UDP, IP, ICMP, non-IP, IP checksum errors, interface activity, etc.
10. Psacct or Acct – Monitor User Activity
psacct or acct tools are very useful for monitoring each user’s activity on the system. Both daemons run in the background and keep a close watch on the overall activity of each user on the system and also what resources are being consumed by them.
These tools are very useful for system administrators to track each user’s activity like what they are doing, what commands they issued, how many resources are used by them, how long they are active on the system etc.
11. Monit – Linux Process and Services Monitoring
Monit is a free open-source and web-based process supervision utility that automatically monitors and manages system processes, programs, files, directories, permissions, checksums, and filesystems.
It monitors services like Apache, MySQL, Mail, FTP, ProFTP, Nginx, SSH, and so on. The system status can be viewed from the command line or using its own web interface.
For installation and configuration, read our article – How to Install and Setup Monit (Linux Process and Services Monitoring) Program.
12. NetHogs – Monitor Per Process Network Bandwidth
NetHogs is an open-source nice small program (similar to Linux top command) that keeps a tab on each process network activity on your system. It also keeps track of real-time network traffic bandwidth used by each program or application.
# nethogs
For installation and usage, read our article: Monitor Linux Network Bandwidth Using NetHogs
13. iftop – Network Bandwidth Monitoring
iftop is another terminal-based free open source system monitoring utility that displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passes through the network interface on your system.
iftop is analogous to ‘top‘ in the context of network usage, much like how ‘top‘ provides insights into CPU usage.
iftop belongs to the esteemed ‘top’ family of network monitoring tools. Specifically designed to observe a user-selected network interface, it renders real-time data on the current bandwidth utilization between two specified hosts.
# iftop
For installation and usage, read our article: iftop – Monitor Network Bandwidth Utilization
14. Monitorix – System and Network Monitoring
Monitorix is a free lightweight utility that is designed to run and monitor system and network resources as many as possible in Linux/Unix servers.
It has a built-in HTTP web server that regularly collects system and network information and displays them in graphs. It Monitors system load average and usage, memory allocation, disk driver health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc), MySQL statistics, and many more.
It is designed to monitor overall system performance and helps in detecting failures, bottlenecks, abnormal activities, etc.
For installation and usage, read our article: Monitorix a System and Network Monitoring Tool for Linux
15. Arpwatch – Ethernet Activity Monitor
Arpwatch is a kind of program that is designed to monitor the Address Resolution of (MAC and IP address changes) of Ethernet network traffic on a Linux network.
It continuously keeps watch on Ethernet traffic and produces a log of IP and MAC address pair changes along with a timestamp on a network. It also has a feature to send email alerts to administrators, when a pairing is added or changes. It is very useful in detecting ARP spoofing on a network.
For installation and usage, read our article: Arpwatch to Monitor Ethernet Activity
16. Suricata – Network Security Monitoring
Suricata is a high-performance open-source Network Security and Intrusion Detection and Prevention Monitoring System for Linux, FreeBSD, and Windows.
It was designed and owned by a non-profit foundation OISF (Open Information Security Foundation).
For installation and usage, read our article: Suricata – A Network Intrusion Detection and Prevention System
17. VnStat PHP – Monitoring Network Bandwidth
VnStat PHP is a web-based frontend application for the most popular networking tool called “vnstat“. VnStat PHP monitors network traffic usage in nicely graphical mode.
It displays the total IN and OUT network traffic usage in hourly, daily, monthly, and full summary reports.
For installation and usage, read our article: Monitoring Network Bandwidth Usage
18. Nagios – Network/Server Monitoring
Nagios is a leading open-source powerful monitoring system that enables network/system administrators to identify and resolve server-related problems before they affect major business processes.
With the Nagios system, administrators can able to monitor remote Linux, Windows, Switches, Routers, and Printers on a single window. It shows critical warnings and indicates if something went wrong in your network/server which indirectly helps you to begin remediation processes before they occur.
For installation, configuration, and usage, read our article – Install Nagios Monitoring System to Monitor Remote Linux/Windows Hosts
19. Nmon: Monitor Linux Performance
Nmon (stands for Nigel’s Performance Monitor) tool, which is used to monitor all Linux resources such as CPU, Memory, Disk Usage, Network, Top processes, NFS, Kernel, and much more. This tool comes in two modes: Online Mode and Capture Mode.
The Online Mode is used for real-time monitoring and Capture Mode is used to store the output in CSV format for later processing.
For installation and usage, read our article: Install Nmon (Performance Monitoring) Tool in Linux
20. Collectl: All-in-One Performance Monitoring Tool
Collectl is yet another powerful and feature-rich command-line-based utility, that can be used to gather information about Linux system resources such as CPU usage, memory, network, inodes, processes, nfs, TCP, sockets, and much more.
For installation and usage, read our article: Install Collectl (All-in-One Performance Monitoring) Tool in Linux
We would like to know what kind of monitoring programs you use to monitor the performance of your Linux servers. If we’ve missed any important tool that you would like us to include in this list, please inform us via comments, and please don’t forget to share it.