Monday, August 5, 2013

Sysstat(sar) for UNIX / Linux - Best utility for Server Performance Monitoring

Sar (System Activity Reporter) is a command that ships with the sysstat package. Sysstat is a collection of Unix tools used for performance monitoring, the package includes tools such as iostat, mpstat, pidstat, sadf and sar.Along with the real time commands sysstat will install a cronjob that will run every 10 minutes and collect the systems performance information. Sar is the command you can use to read the collected information.

You can monitor the following Linux performance statistics using sar.
Collective CPU usage
Individual CPU statistics
Memory used and available
Swap space used and available
Overall I/O activities of the system
Individual device I/O activities
Context switch statistics
Run queue and load average data
Network statistics
Report sar data from a specific time

Installation of  Sysstat
==================

For Debian based systems
----------------------------------


 apt-get install sysstat

For RPM based systems
-------------------------------

yum install sysstat
(or)
rpm -ivh sysstat-10.0.0-1.i586.rpm


Install sysstat from source
=====================

wget http://pagesperso-orange.fr/sebastien.godard/sysstat-10.0.0.tar.bz2


tar xvfj sysstat-10.0.0.tar.bz2


cd sysstat-10.0.0


./configure --enable-install-cron


After the ./configure, install it as shown below.

make

make install


Sar Usages 
========


CPU Usage of ALL CPUs -> sar -u


sar -u Displays CPU usage for the current day that was collected until that point.
sar -u 1 3 Displays real time CPU usage every 1 second for 3 times.
sar -u ALL Same as “sar -u” but displays additional fields.
sar -u ALL 1 3 Same as “sar -u 1 3″ but displays additional fields.
sar -u -f /var/log/sa/sa10 Displays CPU usage for the 10day of the month from the sa10 file.


CPU Usage of Individual CPU or Core (sar -P)

eg: sar -P ALL


sar -P ALL Displays CPU usage broken down by all cores for the current day.
sar -P ALL 1 3 Displays real time CPU usage for ALL cores every 1 second for 3 times (broken down by all cores).
sar -P 1 Displays CPU usage for core number 1 for the current day.
sar -P 1 1 3 Displays real time CPU usage for core number 1, every 1 second for 3 times.
sar -P ALL -f /var/log/sa/sa10 Displays CPU usage broken down by all cores for the 10day day of the month from sa10 file.


Memory Free and Used (sar -r)


sar -r
sar -r 1 3
sar -r -f /var/log/sa/sa10


Swap Space Used (sar -S)


sar -S
sar -S 1 3
sar -S -f /var/log/sa/sa10

Overall I/O Activities (sar -b)

sar -b
sar -b 1 3
sar -b -f /var/log/sa/sa10


Individual Block Device I/O Activities (sar -d)

sar -d
sar -d 1 3
sar -d -f /var/log/sa/sa10
sar -p -d


Display context switch per second (sar -w)

sar -w
sar -w 1 3
sar -w -f /var/log/sa/sa10


Reports run queue and load average (sar -q)

sar -q
sar -q 1 3
sar -q -f /var/log/sa/sa10


Report network statistics (sar -n)

sar -n KEYWORD

KEYWORD can be one of the following:

DEV – Displays network devices vital statistics for eth0, eth1, etc.,
EDEV – Display network device failure statistics
NFS – Displays NFS client activities
NFSD – Displays NFS server activities
SOCK – Displays sockets in use for IPv4
IP – Displays IPv4 network traffic
EIP – Displays IPv4 network errors
ICMP – Displays ICMPv4 network traffic
EICMP – Displays ICMPv4 network errors
TCP – Displays TCPv4 network traffic
ETCP – Displays TCPv4 network errors
UDP – Displays UDPv4 network traffic
SOCK6, IP6, EIP6, ICMP6, UDP6 are for IPv6
ALL – This displays all of the above information. The output will be very long.

Friday, February 1, 2013

How to check if a IP is blocked from Iptables............

Solution:

How to check if IP is blocked from Iptables

Check if IP is blocked:

# iptables -L -n --line | grep [IP Address]


If IP appear as DROP or REJECT, the IP has been blocked


Unblock the IP Address:

# iptables -I INPUT -s [IP Address] -j ACCEPT



Blocking back an IP Address:

# iptables -A INPUT -d [IP Address] -j DROP