Unix Monitoring Tools

1. Ferramentas Unix

3. PS Lista de processos do SO 3

6. $ ps -A PID TTY TIME CMD 1 ? 00:00:00 init 2 ? 00:00:00 ksoftirqd/0 3 ? 00:00:00 events/0 4 ? 00:00:00 khelper 5 ? 00:00:00 kthread 7 ? 00:00:00 kacpid 89 ? 00:00:00 kblockd/0 92 ? 00:00:00 khubd 138 ? 00:00:00 pdflush 139 ? 00:00:01 pdflush 141 ? 00:00:00 aio/0 140 ? 00:00:15 kswapd0 227 ? 00:00:00 kseriod 386 ? 00:00:00 kjournald 1303 ? 00:00:00 udevd 1756 ? 00:00:04 kjournald 1757 ? 00:00:00 kjournald 1758 ? 00:00:27 kjournald 1759 ? 00:00:02 kjournald 2488 ? 02:31:43 named 2547 ? 00:00:02 syslogd 2551 ? 00:00:00 klogd 2579 ? 00:00:00 portmap 2599 ? 00:00:00 rpc.statd 2637 ? 00:00:00 rpc.idmapd 2720 ? 00:00:02 nifd 2752 ? 00:00:00 mDNSResponder 2764 ? 00:00:00 smartd 2774 ? 00:00:00 acpid 2784 ? 00:00:01 sshd (...) 6

7. $ ps -C httpd PID TTY TIME CMD 29361 ? 00:00:13 httpd 30204 ? 00:01:39 httpd 31855 ? 00:00:00 httpd 31856 ? 00:00:00 httpd 31857 ? 00:00:00 httpd 31859 ? 00:00:00 httpd 31860 ? 00:00:00 httpd 31862 ? 00:00:00 httpd 31863 ? 00:00:02 httpd 31866 ? 00:00:00 httpd 31868 ? 00:00:11 httpd 31869 ? 00:00:00 httpd 31872 ? 00:00:00 httpd 31879 ? 00:00:02 httpd 31902 ? 00:00:00 httpd 31905 ? 00:00:02 httpd 31906 ? 00:00:00 httpd 32376 ? 00:00:00 httpd 32387 ? 00:00:00 httpd 32388 ? 00:00:00 httpd 32389 ? 00:00:00 httpd 32756 ? 00:00:00 httpd 7

8. $ ps -p 3078 PID TTY TIME CMD 3078 ? 01:09:10 java $ ps -u alegomes PID TTY TIME CMD 480 ? 00:00:00 sshd 481 pts/0 00:00:00 bash 707 pts/0 00:00:00 ps 8

9. top Apresentação iterativa de informações de processos 9

10. 10

11. $ top -h top: procps version 3.2.3 usage: top -hv | -bcisS -d delay -n iterations [-u user | -U user] -p pid [,pid ...] 11

12. 12

13. netstat Lista sockets, conexões e estatísticas de interfaces 13

14. 14

15. 15

16. $ netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 atlantico.seatecnolog:45081 viewvc:ldap ESTABLISHED tcp 0 0 localhost:53094 localhost:8009 ESTABLISHED tcp 0 0 atlantico.seatecnolog:45888 viewvc:ldap ESTABLISHED tcp 0 0 atlantico.seatecnolog:48511 viewvc:ldap ESTABLISHED tcp 0 0 localhost:mysql localhost:33856 ESTABLISHED tcp 0 0 localhost:mysql localhost:33857 ESTABLISHED tcp 0 0 localhost:mysql localhost:32796 ESTABLISHED tcp 0 0 localhost:mysql localhost:32793 ESTABLISHED tcp 0 0 atlantico.seatecnolog:41514 viewvc:ldap ESTABLISHED tcp 0 0 localhost:mysql localhost:35863 ESTABLISHED tcp 0 0 localhost:44443 localhost:8009 ESTABLISHED tcp 0 0 localhost:44442 localhost:8009 ESTABLISHED tcp 0 0 localhost:44441 localhost:8009 ESTABLISHED tcp 0 0 localhost:42265 localhost:8009 ESTABLISHED tcp 0 0 localhost:42218 localhost:8009 ESTABLISHED tcp 0 0 localhost:42223 localhost:8009 ESTABLISHED tcp 0 0 localhost:47238 localhost:8009 ESTABLISHED tcp 0 0 localhost:47236 localhost:8009 ESTABLISHED tcp 0 0 localhost:47235 localhost:8009 ESTABLISHED tcp 0 0 localhost:47232 localhost:8009 ESTABLISHED tcp 0 0 localhost:47233 localhost:8009 ESTABLISHED tcp 0 0 localhost:47230 localhost:8009 ESTABLISHED tcp 0 0 localhost:47231 localhost:8009 ESTABLISHED tcp 0 0 localhost:47228 localhost:8009 ESTABLISHED tcp 0 0 localhost:47229 localhost:8009 ESTABLISHED tcp 0 0 localhost:mysql localhost:33855 ESTABLISHED tcp 0 0 atlantico.seatecnolog:54489 viewvc:http ESTABLISHED tcp 0 0 atlantico.seatecnolog:49894 viewvc:ldap ESTABLISHED tcp 0 0 atlantico.seatecnolog:44141 ::ffff:192.168.1.6:mysql ESTABLISHED tcp 0 0 localhost:8009 localhost:44443 ESTABLISHED 16

17. $ netstat -an | grep -i list tcp 0 0 0.0.0.0:2144 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:873 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:9102 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN tcp 0 0 192.168.1.4:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN tcp 0 0 :::32804 :::* LISTEN tcp 0 0 ::ffff:127.0.0.1:8005 :::* LISTEN tcp 0 0 :::8009 :::* LISTEN tcp 0 0 :::1099 :::* LISTEN tcp 0 0 :::80 :::* LISTEN tcp 0 0 :::8080 :::* LISTEN tcp 0 0 :::22 :::* LISTEN tcp 0 0 :::443 :::* LISTEN 17

18. vmstat relatório da memória virtual 18

19. 19

20. 20

21. 21

22. 22

23. http://en.wikipedia.org/wiki/Slab_allocator 23

24. $ vmstat procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 0 0 56020 21864 21848 73660 0 0 5 11 2 10 3 0 97 0 $ vmstat 2 procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 1 0 56020 17684 25224 74536 0 0 5 11 2 10 3 0 97 0 0 0 56020 17684 25232 74536 0 0 0 16 1015 330 0 0 100 0 0 0 56020 17684 25240 74536 0 0 0 12 1012 329 0 0 100 0 0 0 56020 17684 25248 74536 0 0 0 26 1015 328 0 0 100 0 0 0 56020 17684 25248 74536 0 0 0 0 1012 329 0 0 100 0 0 0 56020 17684 25256 74536 0 0 0 6 1015 225 63 0 37 0 0 0 56020 17560 25264 74536 0 0 0 10 1032 367 0 0 100 0 0 0 56020 17560 25264 74536 0 0 0 0 1013 321 0 0 100 0 0 0 56020 17560 25272 74536 0 0 0 14 1031 351 0 0 100 0 0 0 56020 17560 25272 74536 0 0 0 0 1012 321 0 0 100 0 24

25. lsof lista “arquivos” abertos 25

26. 26

27. $ lsof -? lsof 4.77 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/ latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man usage: [-?abhlnNoOPRstUvV] [+|-c c] [+|-d s] [+D D] [+|-f[cfgGn]] [-F [f]] [-g [s]] [-i [i]] [-k k] [+|-L [l]] [-m m] [+|-M] [-o [o]] [-p s] [+|-r [t]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names] Defaults in parentheses; comma-separated set (s) items; dash-separated ranges. -?|-h list help -a AND selections (OR) -b avoid kernel blocks -c c cmd c, /c/[bix] +c w COMMAND width (9) +d s dir s files -d s select by FD set +D D dir D tree *SLOW?* -i select IPv[46] files -l list UID numbers -n no host names -N select NFS files -o list file offset -O avoid overhead *RISK -P no port names -R list paRent PID -s list file size -t terse listing -T disable TCP/TPI info -U select Unix socket -v list version info -V verbose search +|-w Warnings (+) -- end option scan +f|-f +filesystem or -file names +|-f[cfgGn] Ct Fstr flaGs Node -F [f] select fields; -F? for help -k k kernel symbols (/mach_kernel) +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0) -m m kernel memory (/dev/kmem) +|-M portMap registration (-) -o o o 0t offset digits (8) -p s exclude(^)|select PIDs -S [t] t second stat timeout (15) -T fqs TCP/TPI Fl,Q,St (s) info -g [s] exclude(^)|select and print process group IDs -i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list] +|-r [t] repeat every t seconds (15); + until no files, - forever -u s exclude(^)|select login|UID set s -x [fl] cross over +d|+D File systems or symbolic Links names select named files or files on named file systems Only root can list all files; /dev warnings enabled; kernel ID check disabled. 27

28. $ lsof COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME ATSServer 173 alegomes cwd VDIR 14,2 1428 2 / ATSServer 173 alegomes 0r VCHR 3,2 0t0 61137924 /dev/null ATSServer 173 alegomes 1w VCHR 3,2 0t0 61137924 /dev/null ATSServer 173 alegomes 2w VCHR 3,2 0t1428748 61137924 /dev/null ATSServer 173 alegomes 3r 0x03a8a220 file struct, ty=0x3, op=0x384768 ATSServer 173 alegomes 4r 0x03a8a5a0 file struct, ty=0x3, op=0x384768 ATSServer 173 alegomes 5u VREG 14,2 225280 282757 /Library/Caches/com.apple.ATS/501/filetoken.db ATSServer 173 alegomes 6u VREG 14,2 204800 282758 /Library/Caches/com.apple.ATS/501/fonts.db ATSServer 173 alegomes 7u VREG 14,2 53248 282759 /Library/Caches/com.apple.ATS/501/qdfams.db ATSServer 173 alegomes 8u VREG 14,2 57344 282760 /Library/Caches/com.apple.ATS/501/annex.db ATSServer 173 alegomes 9u VREG 14,2 7445316 282761 /Library/Caches/com.apple.ATS/501/annex_aux ATSServer 173 alegomes 10r VREG 14,2 1135530 261575 /System/Library/Frameworks/ ApplicationServices.framew ork/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/SynthDB.rsrc loginwind 176 alegomes cwd VDIR 14,2 2380 231123 /Users/alegomes loginwind 176 alegomes 0u VCHR 3,2 0t0 61137924 /dev/null loginwind 176 alegomes 1u VCHR 0,0 0t140 61140100 /dev/console loginwind 176 alegomes 2u VCHR 0,0 0t140 61140100 /dev/console loginwind 176 alegomes 3r 0x03a8aba0 file struct, ty=0x3, op=0x384768 loginwind 176 alegomes 4u unix 0x03a9adb0 0t0 ->0x03a9c7d0 loginwind 176 alegomes 5r 0x03a8ab50 file struct, ty=0x3, op=0x384768 28

29. iostat estatísticas e I/O 29

30. 30

31. $ iostat -h iostat: illegal option -- h usage: iostat [-CdIKoT?] [-c count] [-n devs] [-w wait] [drives] 31

32. $ iostat disk0 cpu KB/t tps MB/s us sy id 20.11 3 0.06 42 17 41 $ iostat -c 10 disk0 cpu KB/t tps MB/s us sy id 20.11 3 0.06 42 17 41 0.00 0 0.00 66 20 14 0.00 0 0.00 63 26 11 12.56 8 0.10 67 20 13 6.30 15 0.09 70 20 10 32

33. sar relatório de atividades do sistema 33

34. 34

35. $ sar sar: failed to open input file [-1][/var/log/sa/sa21] /usr/bin/sar [-Adgpu] [-n { DEV | EDEV | PPP } ] [-o filename] t [n] /usr/bin/sar [-Adgpu] [-n { DEV | EDEV | PPP }] [-e time] [-f filename] [-i sec] [-s time] 35

36. $ sar 5 10 18:16:10 %usr %sys %idle 18:16:15 66 21 14 18:16:20 74 17 10 18:16:25 66 21 13 18:16:30 70 18 12 18:16:35 69 17 14 18:16:40 69 17 14 18:16:45 64 20 16 18:16:50 70 16 14 18:16:55 70 18 11 18:17:00 68 18 14 Average: 68 18 13 36

37. nmap Utilitário de segurança (investigador de portas?) 37

38. 38

39. $ nmap Nmap 3.70 Usage: nmap [Scan Type(s)] [Options] <host or net list> Some Common Scan Types ('*' options require root privileges) * -sS TCP SYN stealth port scan (default if privileged (root)) -sT TCP connect() port scan (default for unprivileged users) * -sU UDP port scan -sP ping scan (Find any reachable machines) * -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only) -sV Version scan probes open ports determining service & app names/versions -sR RPC scan (use with other scan types) Some Common Options (none are required, most can be combined): * -O Use TCP/IP fingerprinting to guess remote operating system -p <range> ports to scan. Example range: 1-1024,1080,6666,31337 -F Only scans ports listed in nmap-services -v Verbose. Its use is recommended. Use twice for greater effect. -P0 Don't ping hosts (needed to scan www.microsoft.com and others) * -Ddecoy_host1,decoy2[,...] Hide scan using many decoys -6 scans via IPv6 rather than IPv4 -T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy -n/-R Never do DNS resolution/Always resolve [default: sometimes resolve] -oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile> -iL <inputfile> Get targets from file; Use '-' for stdin * -S <your_IP>/-e <devicename> Specify source address or network interface --interactive Go into interactive mode (then press h for help) Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*' SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES 39

40. $ nmap 192.168.1.4 Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2009-05-20 16:09 BRT Interesting ports on atlantico.seatecnologia.com.br (192.168.1.4): (The 1648 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 53/tcp open domain 80/tcp open http 111/tcp open rpcbind 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 873/tcp open rsync 3306/tcp open mysql 8009/tcp open ajp13 8080/tcp open http-proxy Nmap run completed -- 1 IP address (1 host up) scanned in 0.436 seconds 40

41. tcpdump analisador de tráfego de rede 41

42. 42

43. $ tcpdump -? tcpdump version 3.9.7 libpcap version 0.8.3 Usage: tcpdump [-aAdDefKlLnNOpqRStuUvxX] [-c count] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -Z user ] [ expression ] 43

44. $ sudo tcpdump tcpdump: WARNING: en0: no IPv4 address assigned tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 96 bytes 44

45. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 45

46. $ sudo tcpdump -i en1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en1, link-type EN10MB (Ethernet), capture size 96 bytes 16:19:03.878034 IP 10.0.0.26.51679 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:03.879256 arp who-has 10.0.0.26 tell 10.0.0.27 16:19:04.389924 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.391950 arp who-has 10.0.0.26 tell 10.0.0.28 16:19:04.393171 IP 10.0.0.26.51681 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.491944 arp who-has 10.0.0.26 tell 10.0.0.30 16:19:04.582324 IP 10.0.0.11.60163 > 192.168.1.4.domain: 5460+ PTR? 26.0.0.10.in-addr.arpa. (40) 16:19:04.583625 IP 192.168.1.4.domain > 10.0.0.11.60163: 5460 NXDomain 0/1/0 (105) 16:19:04.595073 IP 10.0.0.26.51680 > 10.0.0.255.netbios-ns: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST 16:19:04.606453 IP 10.0.0.11.64925 > 192.168.1.4.domain: 2313+ PTR? 255.0.0.10.in-addr.arpa. (41) 16:19:04.614775 IP 192.168.1.4.domain > 10.0.0.11.64925: 2313 NXDomain 0/1/0 (106) 16:19:04.631329 IP 10.0.0.11.51358 > 192.168.1.4.domain: 48670+ PTR? 27.0.0.10.in-addr.arpa. (40) 16:19:04.640138 IP 192.168.1.4.domain > 10.0.0.11.51358: 48670 NXDomain 0/1/0 (105) 16:19:04.706174 IP 10.0.0.11.60513 > 192.168.1.4.domain: 40476+ PTR? 28.0.0.10.in-addr.arpa. (40) 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) ... 16:19:04.707379 IP 192.168.1.4.domain > 10.0.0.11.60513: 40476 NXDomain 0/1/0 (105) 45

52. NDT Network Diagnostic Tools 46

53. 47

54. ➊ Acompanhar, com comandos Unix, o consumo de CPU, memória e tráfego de rede durante testes de carga de alguma aplicação Web. 48

55. P&R

Unix Monitoring Tools

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Unix Monitoring Tools

Similar to Unix Monitoring Tools (20)

More from SEA Tecnologia

More from SEA Tecnologia (20)

Recently uploaded

Recently uploaded (20)

Unix Monitoring Tools

Editor's Notes