Archive for January, 2013

Monitoring Tools

Posted: January 26, 2013 in Basic, LINUX

Linux Free Command

Posted on : 19-10-2011 | By : admin | In : Monitoring Tools

Tags:

0

The command /bin/free or /usr/bin/free displays information about the total amount of free and used memory (including swap) on the system. It also includes information about the buffers and cache used by the kernel. Helpful for the admins to get the quick information about the memory usage in their servers. Sample output

Linux Free Command

Free Command

When using free, remember the Linux memory architecture and the way the virtual memory manager works. Below is the screen-caps of free command output stats (system with 4GB of RAM)

Linux Free Command

Free stats

Free command include the following syntax :

-b, -k, -m, -g Display values in bytes, kilobytes, megabytes, and gigabytes

-l Distinguishes between low and high memory

-c <count> Displays the free output <count> number of times

Listing the Memory zone

Using the -l option, you can see how much memory is used in each memory zone. Following is the output of 32 bit and 64 bit systems. 32 Bit :

Linux Free Command

Free Command 32 bit

Output on 64 Bit systems :

Linux Free Command

Free command 64 bit

Notice that 64-bit systems no longer use high memory. You can also determine how many chunks of memory are available in each zone using /proc/buddyinfo file (cat /proc/buddyinfo).

TcpFlow

Posted on : 12-02-2011 | By : admin | In : Monitoring Tools

Tags:

0

Similar to the TCPdump / Tcptrack tools the TcpFlow is another kind of tool which helps the administrators to investigate or manage their network by capturing the data flow transmitted on a TCP/IP network. Tcpflow can be installed in any different flavor of Linux or freebsd.

Installing TcpFlow

If you are using  CentOS or RHEL you can use the rpm to install this package and rpm can be found here . I have explained how to install from source below. Ssh your server as root.

If you are getting ” Can’t find the pcap library (libpcap.a); install the pcap library ” make sure that you have installed the libpcap & libpcap-devel packages in your system (Tcpflow uses the pcap library to capture the packets). After installing use tcpflow -h to display the help menu.

Working with TcpFlow

Tcpflow is designed to work in the background. You will enter a command in the terminal window and results will also show in the terminal window. To start with just use the command with following syntax and you will get the overall data flow on your eth0 interface.

  • # tcpflow -c -i eth0

To capture data only on a specific port(for example port 80), just use

  • # tcpflow -c -i eth0 tcp 80
  • # tcpflow -c -i eth0 udp <port>

You can also redirect the output to a separate file for later analysis.

  • # tcpflow -c -i eth0 tcp 80 > /root/data.txt

If you are using your system as a router and want to capture data of a specific host.

  • # tcpflow -c -i eth0 host host.hostname.com
  • # tcpflow -c -i eth0 host <ipaddress>

I have attached a sample screen-caps below while monitoring the tcp port 80 traffic.

TcpFlow

TcpFlow

0

DnsTOPis an excellent tool to monitor the BIND (named) service traffic and also live queries like A, MX, PTR, CNAME record on real time. This tool comes with multiple options which helps us to sort the max TLD traffic, query types, source ips, no of hits etc.

Installing Dnstop

Dnstop source code is available here , if you are using centOS or RHEL the easy way of installing is by using rpm click here to download rpm and before you install the dnstop rpm make sure the libpcap-devel and ncurses-devel are already installed and if not you can install it using yum

  • # yum install libpcap-devel ncurses-devel

Dnstop help

To start with this tool, just use dnstop with the interface name. For example

  • # dnstop <interface-name>
    # dnstop eth0

The output will look similar below.

DnsTOP

Dnstop Interface

To reset the counter, use ^R and to exit from dnstop use ^X

Finding out maximum traffic generating by TLD’s

  • # dnstop eth0

Press 1 while running the dnstop and the output will look similar below.

DnsTOP

Dnstop Tld Traffic

And to find the actual domain names press 2 while dnstop is running to get the output similar to below.

DnsTOP

Press t to get the record based hits as below

DnsTOP

Dnstop record query

PowerTOP

Posted on : 23-01-2011 | By : admin | In : Monitoring Tools

Tags:

0

PowerTOP tool was developed by Intel which helps the user to find and isolate the misbehaving programs while the server or laptop is on idle mode. Since the Linux kernel went tickless from the 2.6.21 version, and no longer has a fixed 1000Hz timer tick. The result is huge power savings because the CPU stays in low power mode for longer periods during system idle.

PowerTOP combines various sources of information from the kernel into one convenient screen so that you can see how well your system is doing at saving power, and which components are the biggest problems.

Installing PowerTOP

PowerTOP rpms for CentOS / RHEL can be found at http://packages.sw.be/powertop/

Before installing the rpm, however make sure that your kernel running version is > 2.6.21 which has the NO_HZ feature enabled. If you are compiling from source. You can find the option from ” General setup  —> Kernel hacking  —> Collect kernel timers statistics “. The older kernel does not support this feature so installing the powertop pack will not work if you got the lower version running.

Once you have installed the powertop rpm, you can find the help menu using ‘ powertop -h ‘ command. Just run the ” powertop ” command from the shell to view the powerstats in top like interface.

Screen-Caps :

PowerTOP
PowerTOP

Ftop

Posted on : 19-01-2011 | By : admin | In : Monitoring Tools

Tags:

0

Ftop is a new and excellent top like tool which helps the administrators to monitor the progress of all open files and file systems and it is also possible even to monitor regular users and for a particular process like httpd, mysql etc. Ftop supports two output modes, full (using ncurses) and limited (simple plain text). The output mode can be specified at invocation, or changed dynamically as the program runs.

Installing Ftop

Ftop source can be downloaded from :  http://code.google.com/p/ftop/downloads/list

Ftop rpms are available at http://packages.sw.be/ftop/

Running Ftop

Ftop includes rich set of command line options which make our life easier to filter the results. Just type “  ftop ” from the command prompt to monitor the file system.

Ftop

To see a real-time graphic representation of all mounted ext3.

  • # ftop -QAy ext3

Ftop

Ftop Graphical

To list only the files opened by the process (for example mysql or even a PID)

  • # ftop -p mysql (or) PID

To list only the file system or partition of /home

  • # ftop -f /home

Lot more features are in-build with this tool. Just use ” man ftop ” to list all the syntax available with on this command.

Useful Links :

Ftop Home page

darkstat

Posted on : 13-01-2011 | By : admin | In : Monitoring Tools

Tags:

0

Darkstat a stable and fast network monitoring tool which helps the network administrators to monitor their router/firewall and server bandwidth and traffic. The biggest advantage of using this tool is that we can get per host/ip traffic stats which will be very helpful for the administrators to analysis the problem. If includes the following features.

  • In-build web-server which can run on any TCP ports.
  • Enabled deflate compression on the web server.
  • Traffic graphs, reports per host, shows ports for each host.
  • RDNS look-ups using a child process.
  • Portable and single threaded.
  • Very easy to install and configure.

Installing Darkstat

Installation can be done either via rpm or source. Before installing the tool make sure that you have installed the libcap package (yum install libcap).
Darkstat rpm available at : http://packages.sw.be/darkstat/

Download Darkstat source from : http://dmr.ath.cx/net/darkstat/darkstat-3.0.713.tar.bz2

It should go fine without any errors. I have tested in my latest CentoS 5.x /RHEL 6 and Fedora and all went fine without any errors.

Starting the Darkstat web server

Since it is having a tiny web server with dflate compression enabled, just execute the following command to start the web server on
the specific server. For example if you like to run it it on port 81 to monitor the eth0 interface and also make sure that port 81 is open in your firewall.

  • # darkstat -p 81 -i eth0

Use the lsof -i tcp:81 and make sure the web-server is running on port 81.

Open your web browser and type http://<serverIP or Hostname>:81 to open the web interfaces like in the below screen-caps.
In order to bind a certain port to a specific interface, you can use the option “-b”. In the following example to the local loopback address:

  • # darkstat -b 127.0.0.1 (or) <yournewIP>

Persistent DNS-Resolution can be prevented by the parameter “-n”. This may be good for people without a flatrate or a dedicated line.

  • # darkstat -n

Use option “-P” to prevent “darkstat” from putting the interface into “promiscuous mode”.

  • # darkstat -P

With parameter “-e” you can perform a packet filter expression.

  • # darkstat -e “port not 22″

Parameter “-d” you can specify the directory where “darkstat” creates its database.

  • # darkstat -d /directory

Option “-v” activates the “verbose mode”:

  • darkstat -v

Useful Links :

Darkstat Home Page

Darkstat Man Page

Screen-Caps :

darkstat

darkstat

darkstat

vnStat

Posted on : 10-01-2011 | By : admin | In : Monitoring Tools

Tags:

0

vnstat is an excellent and simple tool to monitor your server or interface bandwidth and the results can be displayed both on the server console and on the web interface (with vnStat phpFrontend). Vnstat has the following features included with the new version.

  • Quick installation in less than 2 minutes
    Gathered statistics persists through system reboots
    Multiple Interface monitoring
    Summary, daily, weekly and monthly reports
    Very light and uses only less system resource
    Can install and monitor even without root permission

Installing vnStat

Vnstat can be install either via rpm or from source. Rpm installation is pretty easy, you can download and install it in just one run.


Vnstat rpm
available at : http://packages.sw.be/vnstat/
Select and download the right rpm of your distribution.

Once you install, just edit the /etc/vnstat.conf config file and setup the following lines with according to your needs (in my case the network interface is eth0)

  • # default interface
    Interface “eth0″

If you want to store it in a separate database or directory just edit the following lines and change it to your new path/directory.

  • # location of the database directory
  • DatabaseDir “/var/lib/vnstat”

Running vnstat as a deamon

vnStat init script are available at http://humdi.net/vnstat/init.d/ . Just download the corerct os version of your server and copy it inside the /etc/init.d/ . Then enable the daemon by (for centos /rhel / fedora)

  • # chmod 755 /etc/init.d/vnstat
    # chkconfig vnstat on
    # service vnstat start

Installing the vnStat php Frontend.

Download the vnstat php frontend tool directly from http://www.sqweek.com/sqweek/files/vnstat_php_frontend-1.5.1.tar.gz . Copy or move the folder to your document-root directory (say for example /var/www/html )

Edit the following lines in the config.php to setup the language and the interface list and title to finish the setup.

  • $language = ‘en’;
  • $iface_list = array(‘eth1′, ‘sixxs’);
  • $iface_title[‘eth1’] = ‘Internal’;
  • $iface_title[‘sixxs’] = ‘SixXS IPv6′;

Try access the vnstat url now to display the stats. It is advisable to setup a password protect directory to avoid unauthorized access. Try my password protect tutorial.

P.S : You can use the same installation/setup instruction to install it in the cpanel , Plesk and Directadmin control panels.

Useful links :

vnStat Cgi-demo

vnStat man page

Screen-caps :

vnStat

VnStat Summary

vnStat

Vnstat Daily Graph

vnStat

Vnstat Monthly Stats

0

NmonNmon is an excellent tool which can be used to monitor almost everything in a linux server (CPU, memory, network, disks,file systems, NFS, top processes, resources and on Power micro-partition information. This tool can also be use for benchmarking and recording disk, cpu stats after tuning the sub-sytems.

Data can be saved in a separate file and can be used with nmon Analyser Excel 2000 spreadsheet, which loads the nmon output file and automatically creates dozens of graphs ready for you to study or write performance reports.

Installing nmon

Nmon RPM’s : http://packages.sw.be/nmon/

Just download and install the right release and arch based on your server. For example

For other Linux releases you can download and install it from the pre-compiled binaries.
nmon source : http://nmon.sourceforge.net/pmwiki.php?n=Site.Download
Once you have installed just execute “ nmon -? ” to list the command help.
nmon -?

Outputs a hint on nmon use:

Hint: nmon [-h] [-s <seconds>] [-c <count>] [-f -d <disks> -t -r <name>] [-x]
-h FULL help information

Interactive-Mode:
read startup banner and type: “h” once it is running
For Data-Collect-Mode (-f)
-f spreadsheet output format [note: default -s300 -c288]
optional
-s <seconds>  between refreshing the screen [default 2]
-c <number>   of refreshes [default millions]
-d <disks>    to increase the number of disks [default 256]
-t spreadsheet includes top processes;
-x capacity planning (15 min for 1 day = -fdt -s 900 -c 96)

To generate the graphs you can use the nmonanalyser tool. Please check with the links below :

Nmon

Nmon

Usefull links

Nmon Screen-shots :  http://nmon.sourceforge.net/pmwiki.php?n=Site.ScreenShots

nmonanalyser : http://www.ibm.com/developerworks/wikis/display/WikiPtype/nmonanalyser

Nmon complete IBM manual : http://www.ibm.com/developerworks/wikis/display/WikiPtype/nmon+Manual

nLoad

Posted on : 09-01-2011 | By : admin | In : Monitoring Tools

Tags:

0

A simple and a real time network traffic and bandwidth console based monitoring tools which helps the administrators to monitor their server network traffic using simple command syntax.

Installing nLoad

Nload source are available at http://sourceforge.net/projects/nload/ where you can download and compile install from source. Ssh your server as root.

You can also install the nload from rpm for CentOS / Fedora / RHEL based servers

Nload rpm : http://packages.sw.be/nload/

nLoad Syntax


Once you have installed the nload either using source or rpm. You can use any of the following syntax to monitor your bandwidth.

To monitor your specific Ethernet interface (For Example : eth1)

  • # nload eth1

The output should be similar to.

nLoad

nLoad

To monitor your specific Ethernet interface with MByte/s instead of the default KByte/s

  • nload -u M eth1

Execute the following command to monitor the multiple ethernet interfaces in the server.

  • nload -m eth0 eth1 -u M

Which will output the results for all the interfaces in Mbytes

nLoad

nload multiple interface

0

Network administrators may need a command or tool that will display all the live hosts in their network/subnet to keep track of all the activities and for that you can try using fping tool which works based on the ICMP echo request.

Fping rpm : http://packages.sw.be/fping/

To install via yum on centos/fedora/rhel

  • # yum insall fping

After installing just execute the following command :

  • fping -g 192.168.1.0/24 | grep “alive”

(or)

  • fping -g 192.168.1.0 192.168.1.255 | grep “alive”

Fping

Fping

Fping Man Page : http://fping.sourceforge.net/man/

Iotop

Posted on : 09-10-2010 | By : admin | In : Monitoring Tools

Tags:

0

What is iotop?

Iotop is a top like command utility which helps the administrator to monitor the disk i/o and to figure out the exact process or user using high disk read/writes. Its a Python based tool makes use of the kernel accounting function (similar to the bi and bo on vmstat) to display the values. The following figure show the screen-caps of iotop.

Iotop

Iotop

Installing iotop on centos

Installation in not easy if you are running an old version of Python and kernel version below 2.6.20. You have to met the following requirements to install and run the tool successfully.

  • – Linux >= 2.6.20 with-I/O accounting support (CONFIG_TASKSTATS, CONFIG_TASK_DELAY_ACCT, CONFIG_TASK_IO_ACCOUNTING)
    – Python >= 2.5 or Python 2.4 with the ctypes module

Upgrading Python :

Latest version are available at http://www.python.org/download/releases/2.6/ , you can download and install/upgrade it from source, python rpm version can also on http://rpm.pbone.net/

Upgrading kernel via rpm :

Download and install the latest kernel rpm(version 2.6.20 and above) from your distribution website or you can try the mirror http://www.centos.toracat.org/ajb/kernel/mainline/ to download the latest versions. If you planning for kernel source upgrade, download the latest source from ftp.kernel.org and on the make menu config you can find the “I/O accounting support” under General setup  —>

Iotop

I-O-accounting-support.png

Reboot the system with the new kernel so you have the supported version of Python & kernel to run the iotop tool now. Next step is to download the iotop source or rpm and install it.

iotop tar download : http://guichaz.free.fr/iotop/files/iotop-0.4.1.tar.gz
iotop rpm download : http://guichaz.free.fr/iotop/files/iotop-0.4.1-1.noarch.rpm

  • rpm -ivh iotop-0.4.1-1.noarch.rpm

Thats it. You have done.

tcpkill command

Posted on : 03-10-2010 | By : admin | In : Monitoring Tools

Tags:

0

Tcpkill is a command line tool which comes with dsnif package to kill/terminate the tcp connections on a LAN/WAN/INTERNET from ports or hosts. To install the dsnif packages read my another post regarding the dsnif installation.

Tcpkill Syntax :

  • # tcpkill [-i interface] [-1…9] expression

OPTIONS


  • -i interface Specify the interface to listen on.
  • -1…9 Specify the degree of brute force to use in killing a connection. Fast connections may require a higher number in order to land a RST in the moving receive window. Default is 3.

{expression} Specify a tcpdump(8) filter expression to select the connections to kill.

Kill all outgoing SMTP (port 25) connection:

  • # tcpkill -i eth0 port 25

tcpkill command

Tcpkill

To prevent any connections to the host http://www.gmail.com or an ip 192.168.1.1 use this command:

To kill all IP packets between 192.168.1.1 and any host except 192.168.1.2 :

  • # tcpkill ip host 192.168.1.1 and not 192.168.1.2

Killing all packets arriving at or departing from host 192.168.1.1


  • # tcpkill host 192.168.1.1
    # tcpkill host hostname.com

Useful Links :

Killing FIN connections using tcpkill perl script

Dsniff tutorial

Tethereal Utility

Posted on : 03-10-2010 | By : admin | In : Monitoring Tools

Tags:

0

Tethereal is part of the Ethereal (wireshark) distribution.Just like tcpdump, ethereal is based on the libpcap interface. There are two main versions of ethereal. There is the text version called “tethereal” and the GUI based version called “Wireshark”. The text based version is very similar in syntax to the tcpdump command syntax. Once again, this is because they use the same underlying libpcap engine.

Tethereal Examples

  • # tethereal –w /tmp/ethereal.out –ni eth1

Tethereal Utility

Tethereal-1

  • tethereal –r /tmp/ethereal.out

Tethereal Utility

Tethereal-2

Using Filter Expressions

It may be easy to identify specific traffic streams on small or idle networks. It will be much harder to accomplish this on large WAN or saturated networks.The ability to use filter expressions is extremely important in these cases to cut out unwanted “noise” packets from the traffic in question. Fortunately, both the libpcap based utilities and the snoop utility all use the same filter syntax.

There are many ways to filter traffic in all utilities, the most common filters are by port, protocol, and host. The following example tracks only SMTP traffic and host 192.168.1.101:

  • gnutoolbox~]# tethereal –ni eth0 port 25 and host 192.168.1.101

The tethereal utility provides the ability to print the entire Ethernet frame in detail. The following example displays the Ethernet portion of a single packet:

  • tethereal -nVi eth0 -c 1

Tethereal Utility

tethereal-3

In the following example,the tethereal command captures just broadcast traffic and picks up an SMB enabled device broadcasting over Ethernet:

# tethereal –nVi eth0 broadcast

Tethereal Utility

The tethereal displays the entire header format of the ARP request and reply.

  • # tethereal -V -c 2 -ni eth0 arp

Tethereal Utility

tethereal-arp

Capturing ICMP exchange between two host using tethereal

  • # ping 192.168.1.220
  • # tethereal –nVi eth0 icmp

Tethereal Utility

tethereal-ping

The default output of tethereal is less detailed than the tcpdump output.The differences are listed below:

Packet numbering – the first column of output shows the packet number relative to the order of the capture

  • • Relative time – the time (in seconds) the packet was captured relative to the start of the capture (0.0 seconds)
    • Application summary data – all packets summarized by application type (TLS Application Data , for example)

The default output of tethereal is less detailed than the tcpdump output. The differences are listed below:

  • • Packet numbering – the first column of output shows the packet number relative to the order of the capture
    • Relative time – the time (in seconds) the packet was captured relative to the start of the capture (0.0 seconds)
    • Application summary data – all packets summarized by application type (TLS Application Data , for example)

Useful Links :

Tethereal man page :

Tethereal rpm download :

Tload

Runs in a terminal and displays a text-only “graph” of current system load averages, garnered from /proc/loadavg. It is part of the base installation on most GNU/Linux systems (comes under procps package). Which is extremely useful for watching a system’s performance over SSH, often within a GNU Screen session.

The only trouble is, it’s not really obvious what the graph means. The man page isn’t terribly helpful; it just says tload gets its numbers from the /proc/loadavg file, and there’s no man page for that file.

SYNOPSIS

tload [-V] [-s scale] [ -d delay ] [tty]

Tload Options

The -s scale option allows a vertical scale to be specified for the display (in characters between graph ticks); thus, a smaller value represents a larger scale, and vice versa.

The -d delay sets the delay between graph updates in seconds.

Tload Command

Tload screencaps

0

You are the administrator of a big LAN for which physical access is difficult to control. You know that viruses and data theft can happen due to external machines that connect to the LAN without authorization. You must to monitor these illegal connections. This is where Arpalert can help you.

Installing Arpalert

Start by downloading the Arpalert archive on the official web site. http://www.arpalert.org/index.php?page=download

You must compile the source code because packages are not provided.

  • ./configure –prefix=/usr/local/arpalert && make && make install

with root privileges will install the application on your computer. You can specify the install base directory with the parameter –prefix after the ./configure command. By default the base directory is /usr/local/arpalert.

Configure Arpalert

A default config file is located in

  • /usr/local/arpalert/etc/arpalert/arpalert.conf

These defaults parameters are usable in most configurations.

Continuing with root privileges, launch the program with the command

  • /usr/local/arpalert/sbin/arpalert -d

The option -d launches the program in daemon mode. If you always want to run Arpalert in daemon mode, you must to edit config file and replace daemon = false by daemon = true. If you watch the /var/log/messages file, you will see all the machines detected on the network. These machines are recorded in the following file.

  • /usr/local/arpalert/var/lib/arpalert/arpalert.leases

When all the local network machines are discovered, copy the file /usr/local/arpalert/var/lib/arpalert/arpalert.leases into the maclist.allow file

  • cat /usr/local/arpalert/var/lib/arpalert/arpalert.leases > /usr/local/arpalert/etc/arpalert/maclist.allow

Don’t hesitate to add new mac addresses to this file. Restart the deamon, and the program will run. Now all the new computers detected are probably intruders and they are logged. You can run Arpalert with a script to alert you by e-mail (for example). Script examples are in the directory “scripts”.

Arpalert

arpalert

Useful Links

TCP connection monitoring using TCPTRACK

Server Monitoring Using DSTAT

Bandwidth and Disk Monitoring using BWM-NG

Server Monitoring using DSTAT

Posted on : 19-09-2010 | By : admin | In : Monitoring Tools

Tags:

0

DSTAT an excellent tool which combines the overall stats of vmstat, iostat, netstat and ifstat. Dstat allows us to view all of the system resources in the real-time including the network bandwidth, network I/O , IRQ etc which helps the administrator to get an clear picture of what is going on in their server. It also reduces the headache of opening a separate shell/terminal to view the stats during bench tests.

Installing Dstat

Dstat rpm can be found here http://packages.sw.be/dstat/ make sure you are installing the right os version/arch of rpm. You can also use yum to install the rpm if you are having RHEL / FEDORA / CENTOS distributions

  • yum install dstat

Getting started with dstat

To get a full stats using dstat

  • dstat –full

Server Monitoring using DSTAT

Full Stats

To find the most CPU time (in ms)

  • dstat –top-cputime

Server Monitoring using DSTAT

CPU

To check the NIC alone with the IRQ’s

  • dstat -dnyc -N eth0 -C total -f 5

Server Monitoring using DSTAT

NIC stats

Useful link :

Dstat RPM download

Dstat Manual Page

Network Monitoring using BWM-NG

Server Monitoring using H-top

TCP/IP connection monitoring using Tcptrack

Tcptrack

Posted on : 10-09-2010 | By : admin | In : Monitoring Tools

Tags:

0

Install Tcptrack to monitor TCP connections | RHEL/CentOS

Tcptrack is an excellent tool to monitor your server network connections and bandwidth quickly, installation is pretty easy and can be done either via rpm or source.

Install Tcptrack from rpm


Download Tcptrack rpm  from http://packages.sw.be/tcptrack/ by selecting your OS and arch :

Install TCPtrack from source

Download TCPtrack source from :  http://www.rhythm.cx/~steve/devel/tcptrack/release/


  • tar zxvf tcptrack-1.3.0.tar.gz
  • cd tcptrack-1.3.0
  • ./configure ; make & make install

Run ‘ tcptrack -h ‘ to list help menu :

Usage: tcptrack [-dfhvp] [-r <seconds>] -i <interface> [<filter expression>]


TCPtrack can monitor only one nic at once with only one parameter to run (if you have two nic ie.. eth0 & eth1 )

  • # tcptrack -i eth0
  • # tcptrack -i eth1

Tcptrack can also take a pcap filter expression as an argument. The format of this filter expression is the same as that of tcpdump(8) and other libpcap-based sniffers. The following example will only show connections from host 68.36.45.78:

  • # tcptrack -i eth0 src or dst 68.36.45.78

To monitor the specific ports (ie..port 80 and 22):

  • # tcptrack -i eth0 port 80
  • # tcptrack -i eth0 port 22

Tcptrack is little resouce intensive, try to use -f option for fast  average recalculation under less resource usage.

Externel links :

Tcptrack official website :

Install Mrtg for Cpanel :

Install Htop :

Tcptrack

TcpTrack

BWM-NG

Posted on : 19-09-2010 | By : admin | In : Monitoring Tools

Tags:

0

Monitoring Network Bandwidth and Disk I/O using BWM-NG

BWN-NG (Bandwidth-NG) is old and simple tool to monitor the bandwidth and disk I/O including the RAMdisk usage, this tool really helps the administrator to quickly monitor the bandwidth and disk I/O usages. Installation is pretty simple which can be done in just 2 minutes.The latest version 0.6 includes the disk I/O monitoring features but the older version does not have this features enabled. So make sure you have the 0.6 version if you setting up bwn-ng to monitor your disk I/O.

Features

  • * supports /proc/net/dev, netstat, getifaddr, sysctl, kstat, /proc/diskstats /proc/partitions, IOKit, devstat and libstatgrab
    * unlimited number of interfaces/devices supported
    * interfaces/devices are added or removed dynamically from list
    * white-/blacklist of interfaces/devices
    * output of KB/s, Kb/s, packets, errors, average, max and total sum
    * output in curses, plain console, CSV or HTML
    * configfile

Install bwm-ng

Installation bwm-ng from source is pretty simple, just download the tar from http://www.gropp.org/bwm-ng/

Type bwm-ng -h and make sure you are able to see the command help menu

Network Monitoring using bwm-ng

Use the

  • bwm-ng -u bits -d
    bwm-ng -u bytes -d

Options to see all the NIC status in bits and bytes and -d is for dynamic output which displays in the KB/s and MB/s dynamically.

BWM NG

Network Monitoring

Disk I/O monitoring using bwn-ng

Monitoring disk I/O is pretty simple with bwn-ng

  • bwm-ng -u bytes  -i disk

Will list all the usage including the RAMdisk/dm and RAID I/O etc

BWM NG

Disk Usage

Useful links :

TCP connection monitoring using TCPtrack

Server Monitoring using Tload Command

Installing HTOP

HotSSH

Posted on : 06-12-2010 | By : admin | In : Admin Tools

Tags:

0

 

HotSSH

 

GNOME HotSSH


GNOME recently released its advanced version of its local terminal Windows it also comes with many of the features like tags, SFTP, Quick connector etc and the main features like.

  • * Fast search-based interface for new connections
  • * Also display and search of local (Avahi) SSH servers
  • * Tabbed display with automatic session saving (Firefox style)
  • * Status bar with information like latency to server and output of remote uptime
  • * Close integration with OpenSSH features like connection sharing (near-instant new tabs)
  • * NetworkManager integration to easily reconnect after a network change, great for laptops

Installing HotSSH

Before you start the installation make sure you have already install the following packs.

  • Python >= 2.4
  • OpenSSH
  • GTK+ 2.10

Installing can be done via the tar or rpms. Download the source from (make sure you have ssh as root user)

Once installed you will see the Hotssh tool on your desktop application. If you are lazy you can also download and install the tool from rpm. HotSSH rpm for various distributions are available at : http://rpm.pbone.net/

 

Screen-caps :

 

HotSSH

Hotssh

Multiple Tabs:

 

 

HotSSH

Hotssh-multiple-tabs

 

Useful-links

 

HotSSH Homepage :  http://projects.gnome.org/hotssh/

Dmidecode

Posted on : 27-11-2010 | By : admin | In : Admin Tools

Tags:

0

Dmidecode is an excellent tool useful for administrators to list all the hardware information described in your system BIOS according to the SMBIOS/DMI standard. The information typically list the following information like

  • system manufacturer
    model name
    serial number
    BIOS version
    CPU sockets
    expansion slots (e.g. AGP, PCI, ISA)
    memory module slots
    List of I/O ports (e.g. serial, parallel, USB)

Dmidecode also comes with three additional tools :

  • biosdecode
    ownership
    ownership

Installing Dmidecode

 

Dmidecode rpm can be download from here

To install it from source

 


Usage: dmidecode [OPTIONS]

Options are:
-d, –dev-mem FILE Read memory from device FILE (default: /dev/mem)
-h, –help Display this help text and exit
-q, –quiet Less verbose output
s, –string KEYWORD Only display the value of the given DMI string
-t, –type TYPE Only display the entries of given type
-u, –dump Do not decode the entries
-V, –version Display the version and exit

Click here for sample output

Useful Links : Dmidecode home page

0

Here is a small binary tool developed by hdsentinel.com to examine harddisk temperature, Lifetime, health, Serial/Model no & performance.

 

List of features

 

  • Display hard disk / solid state disk information on the terminal
    Create comprehensive report about the disk system
    Display and manage acoustic setting of hard disks
    offers outputs for both users and scripts/other applications to process
    temperature, health and performance values
    power on time (days, hour, minutes – if supported)
    Can generate reports in txt / xml etc

 

Installating the tool

 

You must be on root shell to execute this tool

 

 

You will get an output similar to below where you can find all the information’s about the disk(s) you have installed in your server.

 

Examining Hard drive Configuration tool

Hard disk Information

 

 

 

Advertisements

Finding Harddrive Serial Using hdparm

Posted: January 26, 2013 in Basic, LINUX

Finding Harddrive Serial Using hdparm

Posted on : 20-10-2011 | By : admin | In : Tips

Tags:

1

Hdparm ( get/set hard disk parameters ) can be used to find hard drive serials. If you have several hard drives installed and if you want to list all the model and serial numbers of the installed drive. You can retrieve them using

 

 

  • # hdparm -I /dev/sd?|grep -E “Number|/dev”

 

If you dont have hdparm installed in your system, just use yum install hdparm to install it from rpm repos. The output will look similar to below.

 

 

Finding Harddrive Serial Using hdparm

Hdparm Serial Output

 

Finding Files in Linux

Posted: January 26, 2013 in Basic, LINUX

Finding Files in Linux

Posted on : 24-10-2011 | By : admin | In : Tips

Tags:

1

Find command

 

Find is a tool(comes with  findutils) which looks for files on a filesystem. find has a large number of options which can be used to customise the search (refer to the manual/info pages). Here are few of them work with regular expressions.

Basic example:

 

  • # find / −name file

 

This would look for a file named “file” and start at the root directory (it will search all directories including those that are mounted filesystems). The ‘−exec‘ option is one of the more advanced find operations. It executes a command on the files it finds. For example.

 

  • # find / −name ‘*.doc’ −exec cp ‘{}’ /tmp/ ‘;’

 

The above command would find any files with the extension ‘.doc‘ and copy them to your /tmp directory, obviously this command is quite useless, it’s just an example of what find can do. Note that the quotation marks are there to stop bash from trying to interpret the other characters as something.

 

  • # find / −path ‘/mnt/win_c’ −prune −o −name “string” −print

 

This example will search your entire directory tree (everything that is mounted under it) excluding /mnt/win_c and all of the subdirectories under /mnt/win_c. When using the −path option you can use wildcards.

 

To search ‘expr’ in this dir and below.

 

  • # find -name ‘*.[ch]‘ | xargs grep -E ‘expr’

 

To search all regular files for ‘example’ in this dir and below

  • # find -type f -print0 | xargs -r0 grep -F ‘example’

To search all regular files for ‘example’ in this dir

 

  • # find -maxdepth 1 -type f | xargs grep -F ‘example’

Process each item with multiple commands (in while loop)

 

  • # find -maxdepth 1 -type d | while read dir; do echo $dir; echo cmd2; done

 

To find files not readable by all

  • # find -type f ! -perm -444

 

Find dirs not accessible by all

  • # find -type d ! -perm -111

Make archive of subset of dir/ and below

  • # find dir/ -name ‘*.txt’ | tar -c –files-from=- | bzip2 > dir_txt.tar.bz2

Make copy of subset of dir/ and below

  • # find dir/ -name ‘*.txt’ | xargs cp -a –target-directory=dir_txt/ –parents

 

slocate / Locate tools

 

Mlocate includes both the slocate and locate binaries. Slocate (secure locate) is a replacement for locate, both have identical syntax. On most distributions locate is an alias to slocate.

Syntax :

  • # slocate string
  • # locate string

 

Search cached index for names. This re is like glob *file*.txt

 

  • # locate -r ‘file[^/]*\.txt’

 

This won’t work unless You need to run either updatedb (as root) or slocate −u (as root) for slocate to work.

 

Whereis tool

 

whereis (comes with the util-linux packs) locates the binary, source, and manual page for a particular program, it uses exact matches only, if you only know part of the name use slocate.

Syntax :

  • # whereis program_name

Which tool

 

Virtually the same as whereis (comes with which package), except it only finds the executable (the physical program). It only looks in the PATH (environment variable) of a users shell.
Use the −a option to list all occurrences of the particular program_name in your path (so if theres more than one you can see it).

Command syntax:

  • # which program_name

Linux File Sharing Using Twistd

Posted: January 26, 2013 in Basic, LINUX

Linux File Sharing Using Twistd

Posted on : 26-09-2011 | By : admin | In : Admin Tools

Tags:

1

To share your directory with others on your network or even on the internet, you can use the twisted tool to share your folders (similar to web and ftp or even on other ports).

 

How to install twisted on CentOS?

 

Twisted is a python based tool, you need rpms like python-twisted-core, pyOpenSSL, python-zope-interface to install the too. You can make use of the RPMforge rpm repo on yum to install the tool on your server or destop easily.

 

Ssh your server as root.

 

Download and install the correct repo based on your os arch and version.

Now install the Twistd tool using.

 

  • # yum install python-twisted-core
    # yum install python-twisted-web

 

Sharing your folder on the web.

 

Just execute the following command from your root shell to start sharing the directory online.

 

  • # twistd web –path /home/ –port 8081 &

To kill or end the twistd, use.

 

  • # killall -9 twistd

The above will start a web server on port 8081 sharing your /home directory. You can use http://<server-ip&gt;:8081 to get the full list of /home directory on your web browser.

Sharing your folder on FTP.

 

Similar to http you can also use ftp protocol to start sharing. Just execute.

 

  • # twistd -n ftp -r /home/ &

This will start the ftp service on the default port 2121, you can use your ftp client on port 2121 to connect with your server.

 

This tool is extremely useful for the admins to share the directory/files on inter or intranet when scp or rsync tools are not much useful. Also you need to make sure you have the ports opened on your server/desktop end.

Linux Compression Tools

Posted: January 26, 2013 in Basic, LINUX

Linux Compression Tools

Posted on : 25-10-2011 | By : admin | In : Admin Tools

Tags:

0

There are two main compression utilities used in GNU/Linux. It’s normal to first “tar” a bunch of files (using the tar program of course) and then compress them with either bzip2 or gzip. Of course either of these tools could be used without tar, although they are not designed to work on more than one file (they use the UNIX tools philosophy, let tar group the files, they will do the compression…this simplifies their program). It’s normal to use tar and then use these tools on them, or use tar with the correct options to use these compression programs.

 

 

Linux Compression Tools

GNU zip (gzip)

zip is the GNU zip compression program and probably the most common compression format on UNIX−like operating systems.

  • # gzip your_tar_file.tar

This will compress a tar archive with GNU zip, usually with a .gz extension. Gzip can compress any type of file, it doesn’t have to be a tar archive.

  • # gunzip your_file.gz

This will decompress a gzipped file, and leave the contents in the current directory.

 

 

Linux Compression Toolsbzip2

 

 

 

bzip2 is a newer compression program taht offers superior compression to gzip at the cost of more processor time.

 

  • # bzip2 your_tar_file.tar

 

This will compress a tar archive with the bzip2 compression program, usually with a .bz extension. bzip2 can compress any type of file, it doesn’t have to be a tar archive.

 

  • # bunzip2 your_file.tar.bz2

 

This will decompress a file compressed by bzip2, and leave the contents in the current directory.

 

Linux Compression Toolszipinfo

 

 

 

Use zipinfo to find detailed information about a zip archive (the ones usually generally used by ms−dos and windows, for example winzip).

 

Command syntax:

 

  • # zipinfo zip_file.zip

 

 

Linux Compression Toolszipgrep

Will run grep to look for files within a zip file (ms−dos style, for example winzip) without manually decompressing the file first.

 

 

Command syntax:

  • # zipgrep pattern zip_file.zip

 

 

bzip2recover

 

Used to recover files from a damaged bzip2 archive. It simply extracts out all the working blocks as there own bzip2 archives, you can than use bzip2 −t on each file to test the integrity of them and extract the working files.

  • # bzip2recover filename

 

bzme

 

Will convert a file that is zipped or gzipped to a file compressed using bzip2.

Command syntax:

  • # bzme filename

 

Both gzip and bzip2 supply tools to work within compressed files for example listing the files within the archive, running less on them, using grep to find files within the archive et cetera. For gzip the commands are prefixed with z, zcat, zless, zgrep. For bzip2 the commands are prefixed with bz, bzcat, bzless, bzgrep.

 

Extundelete

Posted: January 26, 2013 in Basic, LINUX
Extundelete

Recovering deleted files from ext3 / ext4 filesystems using extundelete tool |  GNU Tool Box 


Extundelete is a simple and effective tool helps to recover files / directory from ext3 and ext4 filesystems. Although many recovery tools are available this tool is really so simple and a real life saver for admins or user who accidently removed any important files or directory. Extundelete uses the information stored in the partition’s journal to attempt to recover a file that has been deleted from the partition.

 

Installing Extundelete

 

Source installation is simple and it can be done in just 2 minutes. Before installing it from source, make sure you have already installed the e2fsprogs version 1.41 and e2fslibs packages (for centOS / rhel based system package names are e2fsprogs  & e2fsprogs-libs). Ssh your server as root.

 

 

 

How to use Extundelete

 

Let us try a demo delete / recovery files / folders to get familer with this tool. I have tried a testing in one of my drive partiton /dev/sdb1 mounted as /backup. Create a folder named gnutool-delete under /backup and copy some of the files/directories inside this folder. For example

 

  • # mkdir -p /backup/gnutool-delete
    # cd /backup/gnutool-delete
    # man man > file1-test.txt
    # man man > file2-test.txt
    #mkdir folder1; cd folder1; man man > file1-test.txt

 

Now delete the folder using rm -rf

 

  • # rm -rf /backup/gnutool-delete

 

Once you have removed the folder you have to act quicker and either unmount or remount the partiton as read-only (For how to remount as readonly click here) as soon as possible to avoid overwritting of files/folder with new inodes. Since i have the /backup mounted on /dev/sdb1, all i did was

 

  • # umount /backup

 

Recovering deleted files using Extundelete

 

Extundelete will restore any files it finds to a subdirectory of the current directory named “RECOVERED_FILES”. To run the program, type “extundelete –help” to see various options available to you.  To recover all the deleted folder files :

 

  • # extundelete /dev/sdb1 –restore-all

 

This will take a couple of minutes to read the directory structure and looking for a recoverable file within it. It will start recovering the files under the sub directory “RECOVERED_FILES” of the current directory. If you want to recover a large sized data files make sure your current directory is capable of holding the size.

 

  • # cd RECOVERED_FILES
    # ls

 

You will be able to see the directory “gnutool-delete” with all the files which was deleted before. You can also use the following syntax if you just want to recover the deleted folder “gnutool-delete” instead of recovering all.

 

  • # extundelete /dev/sdb1 —-restore-directory /backup/gnutool-delete

 

Recovering the / partition files

 

If you have deleted something under the / primary partiton for example /etc/passwd and want to recover that file. Try (i assume that you have addition harddrive to store the recovered file).

 

  • # mount -o remount,ro /
    # cd /secondarydrive (should have read/write access)
    # extundelete / —-restore-files /etc/passwd
    # cd RECOVERED_FILES
    # ls

 

You should be able to see the passwd file which was removed before.

 

NOTE : There is no guarantee that any particular file will be able to be undeleted, so always try to have a good backup system in place, or at least put one in place after recovering your files!

 

UseFul Links

 

Extundelete home page
Extundelete command line options
How to mount filesystem as readonly

Installing ibus-avro on Ubuntu 12.10

Posted: January 20, 2013 in LINUX
Tags:

ibus-avro

Avro Phonetic Bangla typing for Linux

Installing ibus-avro on Ubuntu 12.10

Open Terminal and enter the following commands one by one.

Step 1: Add ibus-avro repository

sudo add-apt-repository "deb http://download.opensuse.org/repositories/home:/sarimkhan/xUbuntu_12.10/ ./"

Step 2: Add key

wget -q http://download.opensuse.org/repositories/home:/sarimkhan/xUbuntu_12.10/Release.key -O- | sudo apt-key add -

Step 3: Update package list

sudo apt-get update

Step 4: Install ibus-avro

sudo apt-get install ibus-avro-quantal

Using ibus-avro

Run IBus (Applications -> System Tools -> IBus) from Dash