Menu

Install SysStat to enable system monitoring.

Sysstat is really a handy tool which comes with number of utilities to monitor system resources, their performance and usage activities. Number of utilities that we all use in our daily bases comes with sysstat package. It also provide the tool which can be scheduled using cron to collect all performance and activity data.

Following are the list of tools included in sysstat packages.
Sysstat Features
  1. iostat: Reports all statistics about your CPU and I/O statistics for I/O devices.
  2. mpstat: Details about CPUs (individual or combined).
  3. pidstat: Statistics about running processes/task, CPU, memory etc.
  4. sar: Save and report details about different resources (CPU, Memory, IO, Network, kernel etc..).
  5. sadc: System activity data collector, used for collecting data in backend for sar.
  6. sa1: Fetch and store binary data in sadc data file. This is used with sadc.
  7. sa2: Summaries daily report to be used with sar.
  8. Sadf: Used for displaying data generated by sar in different formats (CSV or XML).
  9. Sysstat: Man page for sysstat utility.
  10. nfsiostat-sysstat: I/O statistics for NFS.
  11. cifsiostat: Statistics for CIFS.
[root@hackthesec ~]# yum -y install sysstat
[root@hackthesec ~]# systemctl start sysstat 
[root@hackthesec ~]# systemctl enable sysstat 
[2] Logging is executed by cron's setting like follows.
* Logs are stored in /var/log/sa/sa** per 10 minutes with /usr/lib64/sa/sa1 command.
* The Statics of a day is generated at 23:53 every day to /var/log/sa/sar** with /usr/lib64/sa/sa2 command.
[root@hackthesec ~]# cat /etc/cron.d/sysstat 
# Run system activity accounting tool every 10 minutes
*/10 * * * * root /usr/lib64/sa/sa1 1 1
# 0 * * * * root /usr/lib64/sa/sa1 600 6 &
# Generate a daily summary of process accounting at 23:53
53 23 * * * root /usr/lib64/sa/sa2 -A

If you'd like to change some settings of SysStat, the configuration file is located like follows.
[root@hackthesec ~]# vi /etc/sysconfig/sysstat

# sysstat-10.1.5 configuration file.

# How long to keep log files (in days).
# If value is greater than 28, then log files are kept in
# multiple directories, one for each month.
HISTORY=28

# Compress (using gzip or bzip2) sa and sar files older than (in days):
COMPRESSAFTER=31

# Parameters for the system activity data collector (see sadc manual page)
# which are used for the generation of log files.
# *note
SADC_OPTIONS="-S DISK"

# *note : valid options
INT     ⇒  System Interrupts
DISK    ⇒  Block Devices
SNMP    ⇒  SNMP statistics
IPV6    ⇒  IPv6 statistics
POWER   ⇒  Power Management statistics
ALL     ⇒  All of the above
XDISK   ⇒  DISK + Partition statistics
XALL    ⇒  All of the above (ALL + XDISK)

SysStat : How to use
To input sar command with specifying options like follows, it's possible to display logs. (refer to "man sar" for more details).

OptionDescription
-uCPU utilization statistics
-rMemory utilization statistics
-bI/O and transfer rate statistics
-BPaging statistics
-dActivity for each block device
-n [keyword]Network statistics
-qQueue length and load averages
-ADisplay All
Display today's statics reports.
# CPU

[root@hackthesec ~]# sar -u 
01:10:01 AM     CPU     %user     %nice   %system   %iowait    %steal     %idle
10:20:01 AM     all      0.90      0.00      0.23      1.19      0.03     97.65
...
...
01:30:01 PM     all      0.04      0.00      0.06      0.14      0.04     99.72
Average:        all      3.60      0.00      0.05      0.21      0.01     96.13

# memory

[root@hackthesec ~]# sar -r 
01:10:01 AM kbmemfree kbmemused  %memused kbbuffers  kbcached  kbcommit   %commit
10:20:01 AM   3681144    241544      6.16     10744    138392     83984      1.04
...
...
01:40:01 PM   3663328    259360      6.61     14752    145988     87996      1.09
Average:      3666930    255758      6.52     13204    144710     88273      1.10

# I/O

[root@hackthesec ~]# sar -b 
01:10:01 AM       tps      rtps      wtps   bread/s   bwrtn/s
10:20:01 AM     45.21      9.35     35.87    257.22    409.24
...
...
01:40:01 PM      0.52      0.00      0.52      0.00      5.43
Average:         3.11      0.49      2.62     14.55     29.32

# network

[root@hackthesec ~]# sar -n DEV 
01:10:01 AM     IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s
10:20:01 AM        lo      1.04      1.04      0.09      0.09      0.00      0.00      0.00
10:20:01 AM      eth0      7.48      4.48     10.06      0.30      0.00      0.00      0.00
...
...
01:40:01 PM        lo      0.01      0.01      0.00      0.00      0.00      0.00      0.00
01:40:01 PM      eth0      0.05      0.04      0.00      0.00      0.00      0.00      0.00
Average:           lo      0.08      0.08      0.01      0.01      0.00      0.00      0.00
Average:         eth0      0.54      0.38      0.51      0.03      0.00      0.00      0.00

# load avarage

[root@hackthesec ~]# sar -q 
01:10:01 AM   runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15
10:20:01 AM         1        99      0.04      0.07      0.04
...
...
01:30:01 PM         1       104      0.00      0.00      0.00
01:40:01 PM         1       101      0.00      0.00      0.00
Average:            1       102      0.11      0.08      0.06

Display past statics with specifying a log file.

Log files are stored under the /var/log/sa directory.
# display all statisc by a log file
[root@hackthesec ~]# sar -A -f /var/log/sa/sa05 
01:10:01 AM     CPU      %usr     %nice      %sys   %iowait    %steal      %irq     %soft    %guest     %idle
10:20:01 AM     all      0.90      0.00      0.19      1.19      0.03      0.04      0.00      0.00     97.65
10:20:01 AM       0      0.96      0.00      0.19      1.27      0.03      0.04      0.00      0.00     97.51
...
...
01:50:01 PM       125         3         4         0         0         0
02:00:01 PM       125         3         4         0         0         0
Average:          122         3         4         0         0         0

# display the load average with specifying times by a log file
[root@hackthesec ~]# sar -q -s 11:00:00 -e 12:00:00 -f /var/log/sa/sa05 
11:00:01 AM   runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15
11:10:01 AM         1       103      0.01      0.03      0.14
11:20:01 AM         1       102      0.01      0.01      0.06
11:30:01 AM         1       102      0.00      0.00      0.01
11:40:01 AM         1       101      0.00      0.00      0.00
11:50:01 AM         1       101      0.01      0.01      0.00
Average:            1       102      0.01      0.01      0.04

Display current statics.
# display CPU utilization per a second 3 times
[root@hackthesec ~]# sar -u 1 3 
01:51:34 AM     CPU     %user     %nice   %system   %iowait    %steal     %idle
01:51:35 AM     all      0.00      0.00      0.50      0.00      0.00     99.50
01:51:36 AM     all      0.00      0.00      0.00      0.00      0.50     99.50
01:51:37 AM     all      0.00      0.00      0.00      0.00      0.00    100.00
Average:        all      0.00      0.00      0.17      0.00      0.17     99.67

# display I/O and network per 2 seconds 5 times
[root@hackthesec ~]# sar -b -n DEV 2 5 
01:54:11 AM       tps      rtps      wtps   bread/s   bwrtn/s
01:54:13 AM      0.00      0.00      0.00      0.00      0.00

01:54:11 AM     IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s
01:54:13 AM        lo      0.00      0.00      0.00      0.00      0.00      0.00      0.00
01:54:13 AM      eth0      0.00      0.00      0.00      0.00      0.00      0.00      0.00
...
...
01:54:19 AM       tps      rtps      wtps   bread/s   bwrtn/s
01:54:21 AM      0.00      0.00      0.00      0.00      0.00

01:54:19 AM     IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s
01:54:21 AM        lo      0.00      0.00      0.00      0.00      0.00      0.00      0.00
01:54:21 AM      eth0      0.00      0.00      0.00      0.00      0.00      0.00      0.00

Average:          tps      rtps      wtps   bread/s   bwrtn/s
Average:         0.70      0.00      0.70      0.00      4.80

Average:        IFACE   rxpck/s   txpck/s    rxkB/s    txkB/s   rxcmp/s   txcmp/s  rxmcst/s
Average:           lo      0.00      0.00      0.00      0.00      0.00      0.00      0.00
Average:         eth0      0.20      0.00      0.01      0.00      0.00      0.00      0.00

SysStat packages includes other commands not only Sar command, so it's possible to display current statics with them like follows.

# display I/O with Mega bytes per 2 seconds
[root@hackthesec ~]# iostat -mx -d 2 
Device:         rrqm/s   wrqm/s     r/s     w/s    rMB/s    wMB/s avgrq-sz avgqu-sz   await  svctm  %util
vda               0.11     1.05    0.43    0.63     0.01     0.01    28.44     0.05   51.01   9.29   0.99
dm-0              0.00     0.00    0.48    1.65     0.01     0.01    14.05     0.20   95.25   4.64   0.99
dm-1              0.00     0.00    0.02    0.00     0.00     0.00     8.00     0.00    1.14   0.52   0.00
...
...

# display all CPU utilization per 2 seconds 3 times
[root@hackthesec ~]# mpstat -P ALL 2 3 
02:28:57 PM  CPU    %usr   %nice    %sys %iowait    %irq   %soft  %steal  %guest   %idle
02:28:59 PM  all    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00  100.00
02:28:59 PM    0    0.00    0.00    0.00    0.00    0.50    0.00    0.00    0.00   99.50
02:28:59 PM    1    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00  100.00
...
...

# display memory utilization of a process per a second 3 times
[root@hackthesec ~]# pidstat -r -p 1202 1 3 
02:34:07 PM       PID  minflt/s  majflt/s     VSZ    RSS   %MEM  Command
02:34:08 PM      1202      0.00      0.00  175360   2456   0.06  httpd
02:34:09 PM      1202      0.00      0.00  175360   2456   0.06  httpd
02:34:10 PM      1202      0.00      0.00  175360   2456   0.06  httpd
Average:         1202      0.00      0.00  175360   2456   0.06  httpd
...
...

# display CIFS statics with Mega bytes per a 1 second 3 times
[root@hackthesec ~]# cifsiostat -m 1 3 
Filesystem:                    rB/s         wB/s    rops/s    wops/s         fo/s         fc/s         fd/s
\\10.0.0.100\tmp               0.00        20.93      0.00      0.00         0.00         0.00         0.00
...
...

About Author:


I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Next
Newer Post
Previous
Older Post

0 comments:

Post a comment

 
Top