×

20 Must-Have Command Line Tools to Monitor Linux Performance

20 Must-Have Command Line Tools to Monitor Linux Performance


Being a System or Network administrator tasked with monitoring and debugging Linux system performance problems on a daily basis is an immensely challenging responsibility.

It demands unwavering dedication, a profound understanding of Linux systems, and a constant commitment to ensuring optimal performance and reliability.

After dedicating a decade to working as a Linux Administrator in the IT industry, I have come to truly appreciate the arduous task of monitoring and ensuring the continuous operation of systems.

In light of this, we have curated a comprehensive list of the Top 20 frequently used command-line monitoring tools. These invaluable tools can prove indispensable for every Linux/Unix System Administrator, empowering them to efficiently monitor, diagnose, and maintain the health and performance of their systems.

These monitoring tools are available under all flavors of Linux and can be useful to monitor and find the actual causes of performance problems. This list of commands shown here is very enough for you to pick the one that is suitable for your monitoring scenario.

1. Top – Linux Process Monitoring

Linux top command is a performance monitoring program that is used frequently by many system administrators to monitor Linux performance and it is available under many Linux/Unix-like operating systems.

The top command is used to display all the running and active real-time processes in an ordered list and updates it regularly. It displays CPU usage, Memory usage, Swap Memory, Cache Size, Buffer Size, Process PID, User, Commands, and much more.

It also shows high memory and cpu utilization of running processes. The top command is much useful for system administrators to monitor and take corrective action when required. Let’s see the top command in action.

# top
Check Linux Running Processes

2. VmStat – Virtual Memory Statistics

Linux VmStat command is used to display statistics of virtual memory, kernel threads, disks, system processes, I/O blocks, interrupts, CPU activity, and much more.

Install VmStat on Linux

By default vmstat command is not available under Linux systems you need to install a package called sysstat (a powerful monitoring tool) that includes a vmstat program.

$ sudo yum install sysstat      [On Older CentOS/RHEL & Fedora]
$ sudo dnf install sysstat      [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux]
$ sudo apt-get install sysstat  [On Debian/Ubuntu & Mint]
$ sudo pacman -S sysstat        [On Arch Linux]

The common usage of the vmstat command format is.

# vmstat

procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 1  0  43008 275212   1152 561208    4   16   100   105   65  113  0  1 96  3  0
Vmstat System Monitoring Tool
Vmstat System Monitoring Tool

3. Lsof – List Open Files

The lsof command is used in many Linux/Unix-like systems to display a list of all the open files and processes. The open files included are disk files, network sockets, pipes, devices, and processes.

One of the main reasons for using this command is when a disk cannot be unmounted and displays the error that files are being used or opened. With this command, you can easily identify which files are in use.

The most common format for lsof command is.

# lsof

COMMAND     PID   TID TASKCMD             USER   FD      TYPE             DEVICE SIZE/OFF       NODE NAME
systemd       1                           root  cwd       DIR                8,2      224        128 /
systemd       1                           root  rtd       DIR                8,2      224        128 /
systemd       1                           root  txt       REG                8,2  1567768  134930842 /usr/lib/systemd/systemd
systemd       1                           root  mem       REG                8,2  2714928  134261052 /usr/lib64/libm-2.28.so
systemd       1                           root  mem       REG                8,2   628592  134910905 /usr/lib64/libudev.so.1.6.11
systemd       1                           root  mem       REG                8,2   969832  134261204 /usr/lib64/libsepol.so.1
systemd       1                           root  mem       REG                8,2  1805368  134275205 /usr/lib64/libunistring.so.2.1.0
systemd       1                           root  mem       REG                8,2   355456  134275293 /usr/lib64/libpcap.so.1.9.0
systemd       1                           root  mem       REG                8,2   145984  134261219 /usr/lib64/libgpg-error.so.0.24.2
systemd       1                           root  mem       REG                8,2    71528  134270542 /usr/lib64/libjson-c.so.4.0.0
systemd       1                           root  mem       REG                8,2   371736  134910992 /usr/lib64/libdevmapper.so.1.02
systemd       1                           root  mem       REG                8,2    26704  134275177 /usr/lib64/libattr.so.1.1.2448
systemd       1                           root  mem       REG                8,2  3058736  134919279 /usr/lib64/libcrypto.so.1.1.1c
...
List Open Files in Linux
List Open Files in Linux

4. Tcpdump – Network Packet Analyzer

The tcpdump command is one of the most widely used command-line network packet analyzer or packet sniffer programs that is used to capture or filter TCP/IP packets that are received or transferred on a specific interface over a network.

It also provides an option to save captured packages in a file for later analysis. tcpdump is almost available in all major Linux distributions.

# tcpdump -i enp0s3

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes
10:19:34.635893 IP tecmint.ssh > 192.168.0.124.45611: Flags [P.], seq 2840044824:2840045032, ack 4007244093
10:19:34.636289 IP 192.168.0.124.45611 > tecmint.ssh: Flags [.], ack 208, win 11768, options 
10:19:34.873060 IP _gateway.57682 > tecmint.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
10:19:34.873104 IP tecmint > _gateway: ICMP tecmint udp port netbios-ns unreachable, length 86
10:19:34.895453 IP _gateway.48953 > tecmint.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
10:19:34.895501 IP tecmint > _gateway: ICMP tecmint udp port netbios-ns unreachable, length 86
10:19:34.992693 IP 142.250.4.189.https > 192.168.0.124.38874: UDP, length 45
10:19:35.010127 IP 192.168.0.124.38874 > 142.250.4.189.https: UDP, length 33
10:19:35.135578 IP _gateway.39383 > 192.168.0.124.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
10:19:35.135586 IP 192.168.0.124 > _gateway: ICMP 192.168.0.124 udp port netbios-ns unreachable, length 86
10:19:35.155827 IP _gateway.57429 > 192.168.0.124.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; UNICAST
10:19:35.155835 IP 192.168.0.124 > _gateway: ICMP 192.168.0.124 udp port netbios-ns unreachable, length 86
...
Tcpdump - Network Packet Analyzer
Tcpdump – Network Packet Analyzer

5. Netstat – Network Statistics

The netstat is a command-line tool for monitoring incoming and outgoing network packet statistics as well as interface statistics. It is a very useful tool for every system administrator to monitor network performance and troubleshoot network-related problems.

# netstat -a | more

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:sunrpc          0.0.0.0:*               LISTEN
tcp        0      0 tecmint:domain          0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:ssh             0.0.0.0:*               LISTEN
tcp        0      0 localhost:postgres      0.0.0.0:*               LISTEN
tcp        0      0 tecmint:ssh             192.168.0.124:45611     ESTABLISHED
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN
tcp6       0      0 [::]:ssh                [::]:*                  LISTEN
tcp6       0      0 localhost:postgres      [::]:*                  LISTEN
udp        0      0 0.0.0.0:mdns            0.0.0.0:*
udp        0      0 localhost:323           0.0.0.0:*
udp        0      0 tecmint:domain          0.0.0.0:*
udp        0      0 0.0.0.0:bootps          0.0.0.0:*
udp        0      0 tecmint:bootpc          _gateway:bootps         ESTABLISHED
...
Netstat - Monitor Linux Network Connections
Netstat – Monitor Linux Network Connections

While in present-day netstat has been deprecated in favor of the ss command, you may still discover netstat in your networking toolkit.

6. Htop – Linux Process Monitoring

htop is a much advanced interactive and real-time Linux process monitoring tool, which is much similar to Linux top command but it has some rich features like a user-friendly interface to manage processes, shortcut keys, vertical and horizontal views of the processes, and much more.

# htop
Htop - Linux System Process Viewer
Htop – Linux System Process Viewer

htop is a third-party tool, which doesn’t come with Linux systems, you need to install it using your system package manager tool.

For more information on htop installation read our article – Install Htop (Linux Process Monitoring) in Linux.

7. Iotop – Monitor Linux Disk I/O

iotop is also much similar to the top command and htop program, but it has an accounting function to monitor and display real-time Disk I/O and processes.

iotop tool is much useful for finding the exact process and highly used disk read/writes of the processes.

Install Iotop on Linux

By default, the iotop command is not available under Linux and you need to install it as shown.

$ sudo yum install iotop      [On Older CentOS/RHEL & Fedora]
$ sudo dnf install iotop      [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux]
$ sudo apt-get install iotop  [On Debian/Ubuntu & Mint]
$ sudo pacman -S iotop        [On Arch Linux]

The common usage of the iotop command format is.

# iotop
iotop - Monitor Linux Disk IO Usage
iotop – Monitor Linux Disk IO Usage

8. Iostat – Input/Output Statistics

iostat is a simple tool that will collect and show system input and output storage device statistics. This tool is often used to trace storage device performance issues including devices, local disks, and remote disks such as NFS.

Install Iostat on Linux

To get the iostat command, you need to install a package called sysstat as shown.

$ sudo yum install sysstat      [On Older CentOS/RHEL & Fedora]
$ sudo dnf install sysstat      [On CentOS/RHEL/Fedora/Rocky Linux & AlmaLinux]
$ sudo apt-get install sysstat  [On Debian/Ubuntu & Mint]
$ sudo pacman -S sysstat        [On Arch Linux]

The common usage of the iostat command format is.

# iostat

Linux 4.18.0-193.el8.x86_64 (tecmint)   04/05/2021      _x86_64_        (1 CPU)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
           0.21    0.03    0.59    2.50    0.00   96.67

Device             tps    kB_read/s    kB_wrtn/s    kB_read    kB_wrtn
sda               3.95        83.35        89.63    1782431    1916653
iostat - Monitor Disk IO Statistics
iostat – Monitor Disk IO Statistics

9. IPTraf – Real-Time IP LAN Monitoring

IPTraf is an open-source console-based real-time network (IP LAN) monitoring utility for Linux. It collects a variety of information such as IP traffic monitor that passes over the network, including TCP flag information, ICMP details, TCP/UDP traffic breakdowns, TCP connection packets, and byte counts.

It also gathers information on general and detailed interface statistics of TCP, UDP, IP, ICMP, non-IP, IP checksum errors, interface activity, etc.

IPTraf IP Network Monitor
IPTraf IP Network Monitor

10. Psacct or Acct – Monitor User Activity

psacct or acct tools are very useful for monitoring each user’s activity on the system. Both daemons run in the background and keep a close watch on the overall activity of each user on the system and also what resources are being consumed by them.

These tools are very useful for system administrators to track each user’s activity like what they are doing, what commands they issued, how many resources are used by them, how long they are active on the system etc.

psacct - Monitor Linux User Activities
psacct – Monitor Linux User Activities

11. Monit – Linux Process and Services Monitoring

Monit is a free open-source and web-based process supervision utility that automatically monitors and manages system processes, programs, files, directories, permissions, checksums, and filesystems.

It monitors services like Apache, MySQL, Mail, FTP, ProFTP, Nginx, SSH, and so on. The system status can be viewed from the command line or using its own web interface.

Monit Monitor Linux System
Monit Monitor Linux System

For installation and configuration, read our article – How to Install and Setup Monit (Linux Process and Services Monitoring) Program.

12. NetHogs – Monitor Per Process Network Bandwidth

NetHogs is an open-source nice small program (similar to Linux top command) that keeps a tab on each process network activity on your system. It also keeps track of real-time network traffic bandwidth used by each program or application.

# nethogs
Nethogs Monitor Network Traffic in Linux
Nethogs Monitor Network Traffic in Linux

For installation and usage, read our article: Monitor Linux Network Bandwidth Using NetHogs

13. iftop – Network Bandwidth Monitoring

iftop is another terminal-based free open source system monitoring utility that displays a frequently updated list of network bandwidth utilization (source and destination hosts) that passes through the network interface on your system.

iftop is analogous to ‘top‘ in the context of network usage, much like how ‘top‘ provides insights into CPU usage.

iftop belongs to the esteemed ‘top’ family of network monitoring tools. Specifically designed to observe a user-selected network interface, it renders real-time data on the current bandwidth utilization between two specified hosts.

# iftop
iftop - Network Bandwidth Monitoring
iftop – Network Bandwidth Monitoring

For installation and usage, read our article: iftop – Monitor Network Bandwidth Utilization

14. Monitorix – System and Network Monitoring

Monitorix is a free lightweight utility that is designed to run and monitor system and network resources as many as possible in Linux/Unix servers.

It has a built-in HTTP web server that regularly collects system and network information and displays them in graphs. It Monitors system load average and usage, memory allocation, disk driver health, system services, network ports, mail statistics (Sendmail, Postfix, Dovecot, etc), MySQL statistics, and many more.

It is designed to monitor overall system performance and helps in detecting failures, bottlenecks, abnormal activities, etc.

Monitorix Monitoring
Monitorix Monitoring

For installation and usage, read our article: Monitorix a System and Network Monitoring Tool for Linux

15. Arpwatch – Ethernet Activity Monitor

Arpwatch is a kind of program that is designed to monitor the Address Resolution of (MAC and IP address changes) of Ethernet network traffic on a Linux network.

It continuously keeps watch on Ethernet traffic and produces a log of IP and MAC address pair changes along with a timestamp on a network. It also has a feature to send email alerts to administrators, when a pairing is added or changes. It is very useful in detecting ARP spoofing on a network.

Arpwatch - Monitor ARP Traffic
Arpwatch – Monitor ARP Traffic

For installation and usage, read our article: Arpwatch to Monitor Ethernet Activity

16. Suricata – Network Security Monitoring

Suricata is a high-performance open-source Network Security and Intrusion Detection and Prevention Monitoring System for Linux, FreeBSD, and Windows.

It was designed and owned by a non-profit foundation OISF (Open Information Security Foundation).

For installation and usage, read our article: Suricata – A Network Intrusion Detection and Prevention System

17. VnStat PHP – Monitoring Network Bandwidth

VnStat PHP is a web-based frontend application for the most popular networking tool called “vnstat“. VnStat PHP monitors network traffic usage in nicely graphical mode.

It displays the total IN and OUT network traffic usage in hourly, daily, monthly, and full summary reports.

For installation and usage, read our article: Monitoring Network Bandwidth Usage

18. Nagios – Network/Server Monitoring

Nagios is a leading open-source powerful monitoring system that enables network/system administrators to identify and resolve server-related problems before they affect major business processes.

With the Nagios system, administrators can able to monitor remote Linux, Windows, Switches, Routers, and Printers on a single window. It shows critical warnings and indicates if something went wrong in your network/server which indirectly helps you to begin remediation processes before they occur.

For installation, configuration, and usage, read our article – Install Nagios Monitoring System to Monitor Remote Linux/Windows Hosts

19. Nmon: Monitor Linux Performance

Nmon (stands for Nigel’s Performance Monitor) tool, which is used to monitor all Linux resources such as CPU, Memory, Disk Usage, Network, Top processes, NFS, Kernel, and much more. This tool comes in two modes: Online Mode and Capture Mode.

The Online Mode is used for real-time monitoring and Capture Mode is used to store the output in CSV format for later processing.

Nmon - Linux Performance Monitoring tool
Nmon – Linux Performance Monitoring tool

For installation and usage, read our article: Install Nmon (Performance Monitoring) Tool in Linux

20. Collectl: All-in-One Performance Monitoring Tool

Collectl is yet another powerful and feature-rich command-line-based utility, that can be used to gather information about Linux system resources such as CPU usage, memory, network, inodes, processes, nfs, TCP, sockets, and much more.

Collectl Monitoring
Collectl Monitoring

For installation and usage, read our article: Install Collectl (All-in-One Performance Monitoring) Tool in Linux

We would like to know what kind of monitoring programs you use to monitor the performance of your Linux servers. If we’ve missed any important tool that you would like us to include in this list, please inform us via comments, and please don’t forget to share it.



Source link