Linux server monitoring | SAR Commands

Essential Linux Server Monitoring with SAR Commands: A Novice's Guide to System Activity Reporter

Maintaining a healthy and high-performing Linux server is crucial for any application or service it hosts. Without proper monitoring, you might find yourself reacting to problems rather than preventing them. This guide introduces you to SAR (System Activity Reporter), a powerful, built-in tool that helps you understand what's happening under the hood of your Linux server.

What is SAR? The System Activity Reporter

SAR, part of the sysstat package, is a command-line utility that collects, reports, and saves system activity information. Think of it as your server's detailed health log. It can show you real-time data or historical insights into CPU usage, memory, disk I/O, network activity, and much more. For both system administrators and developers, SAR is an indispensable tool for diagnosing performance bottlenecks and understanding resource utilization.

Getting Started: Installing sysstat (if needed)

SAR is typically included in most Linux distributions. If not, you can easily install the sysstat package:

• Debian/Ubuntu: sudo apt update && sudo apt install sysstat
• CentOS/RHEL/Fedora: sudo yum install sysstat or sudo dnf install sysstat

After installation, the SAR data collection service might need to be enabled:

sudo systemctl enable sysstat

SAR data collection is often configured via cron jobs that run scripts like sa1 and sa2 (explained later) to collect daily statistics.

Understanding Basic SAR Syntax

The basic SAR command structure is straightforward:

sar [options] [interval] [count]

• [options]: Specifies what type of activity you want to monitor (e.g., -u for CPU, -r for memory).
• [interval]: The time in seconds between each report.
• [count]: The number of reports to generate.

For example, sar -u 2 5 would report CPU utilization every 2 seconds, 5 times.

Essential SAR Commands for Novice Monitoring

1. CPU Utilization (sar -u)

This command shows you how busy your server's processor(s) are. It's often the first place to look when performance feels sluggish.

Command:

sar -u 2 3

Key Metrics Explained:

• %user: CPU utilization by user-level applications. High values suggest your applications are demanding.
• %system: CPU utilization by the kernel (system processes). High values here might indicate issues with drivers or kernel operations.
• %iowait: Time CPU spends waiting for I/O operations (e.g., disk reads/writes) to complete. High %iowait often points to disk bottlenecks.
• %idle: Percentage of time the CPU was idle. You generally want this to be high (indicating spare capacity), but 0% idle might mean your CPU is maxed out.

2. Memory Utilization (sar -r)

Monitors how your server is using its RAM, including free memory, used memory, and swap space activity.

Command:

sar -r 2 3

Key Metrics Explained:

• kbmemfree: Amount of free physical memory available (in kilobytes).
• kbmemused: Amount of physical memory used (in kilobytes).
• %memused: Percentage of physical memory used.
• kbcached, kbbuffers: Memory used by the kernel for caching files and buffering I/O. This is often "used" memory that can be quickly freed if applications need it.
• kbswpfree, kbswpused, %swpused: Information about swap space. High swap usage (and especially high activity like pswpin/s, pswpout/s) indicates your server is running out of physical RAM and relying heavily on slower disk-based swap.

3. Disk I/O Activity (sar -d)

Crucial for understanding how your storage devices are performing. Bottlenecks here can severely impact application speed.

Command:

sar -d 2 3

Key Metrics Explained:

• DEV: The device name (e.g., sda, sdb).
• tps: Total number of transfers per second issued to the device. Higher values mean more activity.
• rd_sec/s, wr_sec/s: Number of sectors read/written from/to the device per second.
• avgrq-sz: Average size of the requests issued to the device (in sectors).
• avgqu-sz: Average queue length of the requests issued to the device. A consistently high value indicates the disk is struggling to keep up.
• await: Average time (in milliseconds) for I/O requests issued to the device to be served. This includes time spent in the queue and time spent servicing them. Higher values mean slower disk response.
• %util: Percentage of time during which the device was busy processing requests. 100% means the disk is fully saturated.

4. Network Statistics (sar -n DEV)

Monitors network interface activity, including data transfer rates, packet errors, and collisions.

Command:

sar -n DEV 2 3

Key Metrics Explained:

• IFACE: The network interface name (e.g., eth0, enp0s3).
• rxpck/s, txpck/s: Total number of packets received/transmitted per second.
• rxbyt/s, txbyt/s: Total number of bytes received/transmitted per second. Useful for understanding bandwidth utilization.
• rxerr/s, txerr/s: Total number of bad packets received/transmitted per second. Non-zero values here can indicate network card issues or cable problems.
• rxdrop/s, txdrop/s: Number of received/transmitted packets dropped per second. High numbers suggest network congestion or insufficient buffer sizes.

5. Run Queue and Load Average (sar -q)

Shows the load on your system, specifically the number of tasks waiting for CPU time and the system's load averages.

Command:

sar -q 2 3

Key Metrics Explained:

• runq-sz: Number of tasks currently waiting for CPU time. A consistently high number indicates CPU contention.
• plist-sz: Number of tasks currently in the task list.
• ldavg-1, ldavg-5, ldavg-15: Load average over the last 1, 5, and 15 minutes. This is the average number of processes either running or waiting to run. For a single-core CPU, a load average above 1 suggests the CPU is overloaded. For multi-core systems, divide by the number of cores (e.g., for an 8-core CPU, a load average of 8 means all cores are fully utilized).

6. Context Switches and Task Creation (sar -w)

Monitors kernel activity related to process switching and creation. High values here can indicate an application creating too many processes or threads, or a system struggling to manage many active tasks.

Command:

sar -w 2 3

Key Metrics Explained:

• proc/s: Total number of tasks created per second.
• cswch/s: Total number of context switches per second. A context switch occurs when the kernel switches from one process to another. Extremely high values can indicate CPU contention or inefficient application design.

7. File System Statistics (sar -F)

Provides insights into file system activity, such as inode usage and open files. This is particularly useful for debugging "no space left on device" errors that aren't related to actual disk capacity, but rather a lack of available file handles or inodes.

Command:

sar -F 2 3

Key Metrics Explained:

• dentunusd: Number of unused directory entries (inodes).
• file-sz: Number of open files.
• inode-sz: Number of open inodes.
• %ifree: Percentage of free inodes. Running out of inodes can prevent new files from being created, even if there's disk space.

8. All Statistics (sar -A)

If you want a comprehensive overview of everything SAR monitors, the -A option is your go-to. Be aware, the output can be very long!

Command:

sar -A 1 1

This command will display a single report of all available statistics for a 1-second interval.

Collecting and Viewing Historical SAR Data

One of SAR's greatest strengths is its ability to collect and store historical system performance data. This is handled by a set of scripts and cron jobs that are part of the sysstat package:

• sa1: Collects and stores daily data in a binary file. This script is typically run every 10 minutes by a cron job.
• sa2: Writes a daily summary report to a text file. This is usually run once a day by cron.

The historical data files are stored in the /var/log/sa/ directory (or sometimes /var/log/sysstat/ depending on your distribution). These files are named `saXX`, where `XX` is the day of the month (e.g., `sa01` for the 1st, `sa15` for the 15th).

To view historical data, you use the -f option:

Command to view yesterday's CPU usage (if today is the 2nd of the month):

sar -u -f /var/log/sa/sa01

You can also specify a time range for historical reports using -s HH:MM:SS (start time) and -e HH:MM:SS (end time):

sar -u -f /var/log/sa/sa01 -s 10:00:00 -e 12:00:00

Tips for Effective Monitoring with SAR

1. Establish Baselines: Understand what "normal" performance looks like for your server. This makes it easier to spot deviations.
2. Look for Trends: Don't just focus on single spikes. Consistent high usage or gradual degradation over time is more concerning.
3. Combine with Other Tools: While SAR is powerful, it's a command-line tool. Combine it with graphical monitoring solutions (like Grafana, Prometheus, Nagios) for easier visualization and alerting.
4. Focus on Key Metrics First: For novices, start with CPU, Memory, Disk I/O, and Network. These are often the first indicators of a problem.
5. Understand Your Applications: Knowing what your server is supposed to be doing helps you interpret SAR output correctly. A database server will naturally have high disk I/O, for example.

Conclusion

SAR is an invaluable utility for anyone managing Linux servers. By understanding and regularly using its various commands, you can gain deep insights into your system's performance, proactively identify potential issues, and optimize resource utilization. Start experimenting with these commands today, and take the first step towards becoming a more effective Linux server administrator!

Linux commands

Linux Commands
1. Tar Command Examples: Archiving and Extracting Files
Create a new uncompressed tar archive from a directory.	$ tar cvf archive_name.tar dirname/
Extract files from an existing uncompressed tar archive.	$ tar xvf archive_name.tar
List the contents of an existing uncompressed tar archive.	$ tar tvf archive_name.tar
2. Grep Command Examples: Powerful Text Searching
Perform a case-insensitive search for a string within a file.	$ grep -i "the" demo_file
Display the matched line and the three lines immediately following it.	$ grep -A 3 -i "example" demo_text
Recursively search for a string across all files in the current directory and its subdirectories.	$ grep -r "ramesh" *
3. Find Command Examples: Locating Files and Directories
Locate files by name, performing a case-insensitive search.	# find -iname "MyCProgram.c"
Execute an arbitrary command on files discovered by the 'find' command (e.g., calculate MD5 checksum).	$ find -iname "MyCProgram.c" -exec md5sum {} \;
Identify all empty files within the user's home directory.	# find ~ -empty
4. SSH Command Examples: Secure Remote Access
Establish a secure shell connection to a remote host with a specified username.	ssh -l jsmith remotehost.example.com
Enable verbose debugging output for the SSH client during connection attempts.	ssh -v -l jsmith remotehost.example.com
Show the installed SSH client version.	$ ssh –V OpenSSH_3.9p1, OpenSSL 0.9.7a Feb 19 2003
5. Sed Command Examples: Stream Editor for Text Transformation
Convert a DOS-formatted text file to Unix format by removing carriage returns.	$sed 's/.$//' filename
Reverse the order of lines in a file.	$ sed -n '1!G;h;$p' thegeekstuff.txt
Prepend line numbers to all non-empty lines in a file.	$ sed '/./=' thegeekstuff.txt | sed 'N; s/\n/ /'
6. Awk Command Examples: Pattern Scanning and Processing Language
Filter out and display unique lines from a file.	$ awk '!($0 in array) { array[$0]; print }' temp
Display lines from '/etc/passwd' where the User ID (UID) matches the Group ID (GID).	$awk -F ':' '$3==$4' passwd.txt
Extract and display specific fields from a delimited file.	$ awk '{print $2,$5;}' employee.txt
7. Vim Command Examples: Efficient Text Editing
Open a file and navigate directly to a specified line number.	$ vim +143 filename.txt
Open a file and jump to the first occurrence of a search term.	$ vim +/search-term filename.txt
Open a file in read-only mode to prevent accidental modifications.	$ vim -R /etc/passwd
8. Diff Command Examples: Comparing Files
Compare two files, ignoring differences in whitespace.	# diff -w name_list.txt name_list_new.txt 2c2,3 < John Doe --- > John M Doe > Jason Bourne
9. Sort Command Examples: Ordering Text Files
Sort the lines of a file in ascending alphabetical order.	$ sort names.txt
Sort the lines of a file in descending alphabetical order.	$ sort -r names.txt
Sort the '/etc/passwd' file numerically by the third colon-delimited field (UID).	$ sort -t: -k 3n /etc/passwd | more
10. Export Command Examples: Managing Environment Variables
Display all environment variables related to 'ORACLE'.	$ export | grep ORACLE declare -x ORACLE_BASE="/u01/app/oracle" declare -x ORACLE_HOME="/u01/app/oracle/product/10.2.0" declare -x ORACLE_SID="med" declare -x ORACLE_TERM="xterm
Set and export a new environment variable.	$ export ORACLE_HOME=/u01/app/oracle/product/10.2.0
11. Xargs Command Examples: Building and Executing Command Lines
Copy all JPG images from the current directory to an external hard drive.	# ls *.jpg | xargs -n1 -i cp {} /external-hard-drive/directory
Find all JPG images on the system and create a compressed tar archive of them.	# find / -name *.jpg -type f -print | xargs tar -cvzf images.tar.gz
Download files from all URLs listed in 'url-list.txt', allowing for continued downloads.	# cat url-list.txt | xargs wget –c
12. LS Command Examples: Listing Directory Contents
List files with sizes presented in human-readable formats (KB, MB, GB).	$ ls -lh -rw-r----- 1 ramesh team-dev 8.9M Jun 12 15:27 arch-linux.txt.gz
List files sorted by last modification time in reverse order (oldest first).	$ ls -ltr
Classify and list files, appending indicators to distinguish directories, executables, and symbolic links.	$ ls -F
13. PWD Command: Print Working Directory	The 'pwd' command is used to print the name of the current working directory.
14. CD Command Examples: Changing Directories
Toggle between the current and previous working directories.	$ cd -
15. Gzip Command Examples: File Compression and Decompression
Compress a file using gzip, creating a '.gz' archive.	$ gzip test.txt
Decompress a '.gz' file.	$ gzip -d test.txt.gz
16. Bzip2 Command Examples: Advanced File Compression
Compress a file using bzip2, creating a '.bz2' archive.	$ bzip2 test.txt
Decompress a '.bz2' file.	bzip2 -d test.txt.bz2
Display compression ratio and details of a '.gz' file (using gzip's list option).	$ gzip -l *.gz compressed uncompressed ratio uncompressed_name 23709 97975 75.8% asp-patch-rpms.txt
17. Unzip Command Examples: Extracting Zip Archives
Extract all files from a '.zip' archive.	$ unzip test.zip
List the contents of a '.zip' archive without extracting them.	$ unzip -l jasper.zip Archive: jasper.zip Length Date Time Name -------- ---- ---- --- 40995 11-30-98 23:50 META-INF/MANIFEST.MF 32169 08-25-98 21:07 classes_ 15964 08-25-98 21:07 classes_names 10542 08-25-98 21:07 classes_ncomp
18. Shutdown Command Examples: System Control
Immediately shut down the system and power off.	# shutdown -h now
Schedule a system shutdown to occur in 10 minutes.	# shutdown -h +10
Immediately reboot the system.	# shutdown -r now
Reboot the system and force a filesystem check during startup.	# shutdown -Fr now
19. FTP Command Examples: File Transfer Protocol
Connect to an FTP server and download multiple files using wildcards.	$ ftp IP/hostname ftp> mget *.html
List specific files on the remote FTP server before initiating a download.	ftp> mls *.html - /ftptest/features.html /ftptest/index.html /ftptest/othertools.html /ftptest/samplereport.html /ftptest/usage.html
20. Crontab Command Examples: Scheduling Tasks
Display the crontab entries for a specified user.	# crontab -u john -l
Schedule a script to run every 10 minutes.	*/10 * * * * /home/ramesh/check-disk-space
21. Service Command Examples: Managing System Services
Check the operational status of a specified system service.	# service ssh status
Display the status of all currently managed system services.	service --status-all
Restart a specified system service.	# service ssh restart
22. PS Command Examples: Process Status
Display comprehensive information about all running processes.	$ ps -ef | more
Display running processes in a hierarchical tree format.	$ ps -efH | more
23. Free Command Examples: Displaying Memory Usage
Show total, used, and free memory, swap, buffers, and cache in bytes.	$ free total used free shared buffers cached Mem: 3566408 1580220 1986188 0 203988 902960 -/+ buffers/cache: 473272 3093136 Swap: 4000176 0 4000176
Display memory usage in gigabytes. (Use -b for bytes, -k for kilobytes, -m for megabytes).	$ free -g total used free shared buffers cached Mem: 3 1 1 0 0 0 -/+ buffers/cache: 0 2 Swap: 3 0 3
Show a total line for memory and swap usage.	ramesh@ramesh-laptop:~$ free -t total used free shared buffers cached Mem: 3566408 1592148 1974260 0 204260 912556 -/+ buffers/cache: 475332 3091076 Swap: 4000176 0 4000176 Total: 7566584 1592148 5974436
24. Top Command Examples: Real-time Process Monitoring
Monitor running processes in real-time. (Interactive: Press 'O' to sort by various columns like PID, USER, etc.)	$ top Current Sort Field: P for window 1:Def Select sort field via field letter, type any other key to return a: PID = Process Id v: nDRT = Dirty Pages count d: UID = User Id y: WCHAN = Sleeping in Function e: USER = User Name z: Flags = Task Flag
Display real-time process information filtered to a specific user.	$ top -u oracle
25. DF Command Examples: Reporting Disk Space Usage
Report filesystem disk space usage in kilobytes (default for '-k').	$ df -k Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda1 29530400 3233104 24797232 12% / /dev/sda2 120367992 50171596 64082060 44% /home
Display filesystem disk space usage in human-readable format (e.g., GB, MB).	ramesh@ramesh-laptop:~$ df -h Filesystem Size Used Avail Use% Mounted on /dev/sda1 29G 3.1G 24G 12% / /dev/sda2 115G 48G 62G 44% /home
26. Kill Command Examples: Terminating Processes
Forcefully terminate a process by its Process ID (PID). (Find PID with 'ps -ef | grep process_name').	$ ps -ef | grep vim ramesh 7243 7222 9 22:43 pts/2 00:00:00 vim $ kill -9 7243
27. RM Command Examples: Removing Files and Directories
Remove a file with an interactive confirmation prompt.	$ rm -i filename.txt
Remove multiple files matching a pattern with interactive confirmation.	$ rm -i file*
Recursively remove a directory and all its contents.	$ rm -r example
28. CP Command Examples: Copying Files and Directories
Copy a file, preserving its mode, ownership, and timestamp.	$ cp -p file1 file2
Copy a file with an interactive prompt before overwriting an existing destination.	$ cp -i file1 file2
29. MV Command Examples: Moving and Renaming Files
Rename or move a file, prompting for confirmation before overwriting an existing destination. (Use '-f' to force overwrite without prompt).	$ mv -i file1 file2
Display verbose output during file move/rename operations.	$ mv -v file1 file2
30. Cat Command Examples: Concatenating and Displaying Files
Concatenate and display the content of multiple files to standard output.	$ cat file1 file2
Display file contents with line numbers prepended to each line.	$ cat -n /etc/logrotate.conf 1 /var/log/btmp { 2 missingok 3 monthly 4 create 0660 root utmp 5 rotate 1 6 }
31. Mount Command Examples: Attaching Filesystems
Mount a filesystem to a specified directory.	# mkdir /u01 # mount /dev/sdb1 /u01
Add a filesystem entry to '/etc/fstab' for automatic mounting on system startup.	# /dev/sdb1 /u01 ext2 defaults 0 2
32. Chmod Command Examples: Changing File Permissions
Grant full read, write, and execute permissions to the user and group for a specified file.	$ chmod ug+rwx file.txt
Remove all read, write, and execute permissions for the group on a specified file.	$ chmod g-rwx file.txt
Recursively apply file permissions to a directory and all its contents.	$ chmod -R ug+rwx file.txt
33. Chown Command Examples: Changing File Ownership
Change both the owner and group of a file simultaneously.	$ chown oracle:dba dbora.sh
Recursively change the owner and group of a directory and its contents.	$ chown -R oracle:dba /home/oracle
34. Passwd Command Examples: User Password Management
Change the password for the current user (prompts for old and new passwords).	$ passwd
(Root Only) Reset the password for a specified user without requiring their current password.	# passwd USERNAME
(Root Only) Disable password authentication for a specified user, allowing passwordless login.	# passwd -d USERNAME
35. Mkdir Command Examples: Creating Directories
Create a new directory within the current user's home directory.	$ mkdir ~/temp
Create nested directories, creating parent directories as needed, and suppress errors if directories already exist.	$ mkdir -p dir1/dir2/dir3/dir4/
36. Ifconfig Command Examples: Network Interface Configuration
Display configuration and status of all network interfaces.	$ ifconfig -a
Activate or deactivate a specific network interface.	$ ifconfig eth0 up $ ifconfig eth0 down
37. Uname Command Examples: System Information
Display comprehensive system information, including kernel name, hostname, and operating system details.	$ uname -a Linux john-laptop 2.6.32-24-generic #41-Ubuntu SMP Thu Aug 19 01:12:52 UTC 2010 i686 GNU/Linux
38. Whereis Command Examples: Locating Command Binaries
Locate the binary, source, and manual page files for a specified command.	$ whereis ls ls: /bin/ls /usr/share/man/man1/ls.1.gz/usr/share/man/man1p/ls.1p.gz
Search for an executable in a non-standard specified directory.	$ whereis -u -B /tmp -f lsmk lsmk: /tmp/lsmk
39. Whatis Command Examples: Brief Command Descriptions
Display a concise, one-line description for a command.	$ whatis ls ls (1) - list directory contents $ whatis ifconfig ifconfig (8) - configure a network interface
View the manual page for a command from a specific section.	$ whatis crontab crontab (1) - maintain crontab files for individual users (V3) crontab (5) - tables for driving cron $ man 5 crontab
Following 8 sections are available in the man page. 1. General commands 2. System calls 3. C library functions	4. Special files (usually devices, those found in /dev) and drivers 5. File formats and conventions 6. Games and screensavers 7. Miscellaneous 8. System administration commands and daemons
40. Locate Command Examples: Fast File Search
Quickly search for files and directories by name using a pre-built database.	$ locate crontab /etc/anacrontab /etc/crontab /usr/bin/crontab /usr/share/doc/cron/examples/crontab2english.pl.gz /usr/share/man/man1/crontab.1.gz /usr/share/man/man5/anacrontab.5.gz /usr/share/man/man5/crontab.5.gz /usr/share/vim/vim72/syntax/crontab.vim
41. Man Command Examples: Accessing Manual Pages
View the complete manual page for a specified command.	$ man crontab
Access a specific section of a command's manual page (e.g., section 5 for file formats).	$ man SECTION-NUMBER commandname
42. Tail Command Examples: Viewing the End of Files
Display the last 10 lines of a file (default behavior).	$ tail filename.txt
Display a specified number (N) of lines from the end of a file.	$ tail -n N filename.txt
Monitor a file in real-time as it grows (useful for log files). Terminate with Ctrl+C.	$ tail -f log-file
43. Less Command Examples: Interactive File Viewing
Interactively view large files page by page without loading the entire file into memory.	$ less huge-log-file.log
Navigate through a file: CTRL+F (forward), CTRL+B (backward).	CTRL+F – forward one window CTRL+B – backward one window
44. Su Command Examples: Switching User Identity
Switch to another user account (superusers can switch without a password).	$ su - USERNAME
Execute a single command as another user, then return to the original user session.	[john@dev-server]$ su - raj -c 'ls' [john@dev-server]$
Login as a specified user and invoke a custom shell instead of their default.	$ su -s 'SHELLNAME' USERNAME
45. MySQL Command Examples: Database Interaction
Connect to a remote MySQL database server as a specified user (prompts for password).	$ mysql -u root -p -h 192.168.1.2
Connect to the local MySQL database server as a specified user (prompts for password).	$ mysql -u root -p
46. YUM Command Examples: Package Management (RHEL/CentOS)
Install the Apache HTTP server package.	$ yum install httpd
Upgrade the Apache HTTP server package.	$ yum update httpd
Remove the Apache HTTP server package.	$ yum remove httpd
47. RPM Command Examples: Red Hat Package Manager
Install an RPM package, showing verbose output and hash marks.	# rpm -ivh httpd-2.2.3-22.0.1.el5.i386.rpm
Upgrade an RPM package, showing verbose output and hash marks.	# rpm -uvh httpd-2.2.3-22.0.1.el5.i386.rpm
Remove an installed RPM package.	# rpm -ev httpd
48. Ping Command Examples: Network Connectivity Test
Send a limited number of ICMP echo requests (packets) to a remote host to test connectivity.	$ ping -c 5 gmail.com
49. Date Command Examples: System Date and Time Management
Set the system's date and time to a specific value.	# date -s "01/31/2010 23:59:53"
Synchronize the hardware clock with the system's current date and time.	# hwclock –systohc # hwclock --systohc –utc
50. Wget Command Examples: Non-Interactive Network Downloader
Download a file from a specified URL.	$ wget http://prdownloads.sourceforge.net/sourceforge/nagios/nagios-3.2.1.tar.gz
Download a file and save it with a different local filename.	$ wget -O taglist.zip http://www.vim.org/scripts/download_script.php?src_id=7701