10.6 监控io性能
- iostat 磁盘以及CPU使用概况(与vmstat用法相似)
[root@linux-5 ~]# iostat
Linux 3.10.0-693.el7.x86_64 (linux-5) 2018年05月07日 _x86_64_ (1 CPU)
avg-cpu: %user %nice %system %iowait %steal %idle
0.08 0.00 0.16 0.00 0.00 99.75
Device: tps kB_read/s kB_wrtn/s kB_read kB_wrtn
sda 1.09 24.00 6.73 234034 65620
sdb 0.01 0.43 0.00 4172 0
scd0 0.00 0.11 0.00 1028 0
- iostat -x 查看磁盘使用情况
其中,%util这项参数非常重要,它表示CPU等待io时间所占的百分比。cpu有部分时间给进程计算,也有一部分时间是用来等待io的,等待磁盘读和写,这个时间比是多少,占比是多大呢,这个就是%util。如果这个数字很大,达到50%~60%及以上,那说明硬盘的io性能太差,它非常的忙,数字很大,读和写也很大。如果读和写两列不大,但是%util这列很大,说明你的硬盘存在问题和故障。如果你的硬盘很慢,肯定会影响你的性能,即使你的CPU再快再厉害,硬盘速度跟不上,系统整体性能也会存在很大的瓶颈。
- iotop 查看具体进程的io性能
10.7 free命令
- free 查看内存使用情况
[root@linux-5 ~]# free
total used free shared buff/cache available
Mem: 1867024 131548 1401004 8800 334472 1540284
Swap: 4194300 0 4194300
- free -m/-g/-h 使被查看的参数后带有相应的单位
[root@linux-5 ~]# free -h
total used free shared buff/cache available
Mem: 1.8G 128M 1.3G 8.6M 326M 1.5G
Swap: 4.0G 0B 4.0G
其中,total代表内存总量,used代表已使用的内存量buffer,free代表空闲内存(不完全等同于剩余内存),buffer代表缓冲,cache代表缓存,available代表真正剩余内存
buffer与cache在Linux系统内存中是被预先分配的
buffer与cache的区别:数据流向不同
磁盘(数据) --》 内存(起缓存作用cache) --》 cpu
cpu (数据) --》 内存(起缓冲作用buffer) --》 磁盘
total=used+free+buff/cache
available包含了free以及buff/cache中未被使用的部分
10.8 ps命令
ps aux/-elf 查看系统当前所有进程(将所有进程以快照的形式进行展现)
[root@linux-5 ~]# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 128164 6844 ? Ss 14:09 0:02 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
root 2 0.0 0.0 0 0 ? S 14:09 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 14:09 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 14:09 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S 14:09 0:00 [migration/0]
root 8 0.0 0.0 0 0 ? S 14:09 0:00 [rcu_bh]
...
USER 用户
PID 进程标志数,/proc文件里面有跟pid相同名字的目录;进程的id,这个id很有用,在linux中内核管理进程就得靠pid来识别和管理某一个进程,比如我想终止某一个进程,则用 kill 进程的pid 。有时并不能杀掉,则需要加一个-9选项了 kill -9 进程pid;当某个进程有问题时,我想知道它是哪个目录下的,这时也需要用到pid(pid都在proc这个目录下,每一个pid就是一个目录)
VSZ 虚拟内存大小
RSS 真正内存大小
TTY 从哪里启动,pts/0 当前终端
STAT 进程的状态
S 表示休眠sleep
s 主进程,父进程
< 高优先级,优先得到cpu的资源
N 低优先级
+ 前台运行进程
R runing,正在运行的进程(某个时间段使用到cpu资源的进程)
L 被锁的进程
l 多线程的进程
Z 僵尸进程
x 已经死掉的进程
T 暂停的进程ctrl+z
D 不能被终端的进程,比如IO,很少见。
| 多线程进程
S<s 高优先级的主进程,休眠状态
START 进程启动时间
TIME 占用cpu多长时间
COMMAND 进程名称
ps与top的区别:ps是将进程以快照的形式静态显示,top是将进程动态呈现
ps aux |grep 进程名称 //检查进程是否运行
10.9 查看网络状态
- netstat 查看网络状态
- netstat -lnp 查看监听端口
- netstat -an 查看系统的网络连接状况
- netstat -lntp 只看出tcp的,不包含socket
- ss -an 和netstat异曲同工
netstat 命令是用来查看网络连接状态,系统所有开放端口,路由表等信息
监听端口的作用是与外部进行通信
- netstat -lnp 用来监听有哪些端口
[root@linux-5 ~]# netstat -lnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 889/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1114/master
tcp6 0 0 :::22 :::* LISTEN 889/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1114/master
udp 0 0 127.0.0.1:323 0.0.0.0:* 540/chronyd
udp6 0 0 ::1:323 :::* 540/chronyd
raw6 0 0 :::58 :::* 7 584/NetworkManager
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name Path
unix 2 [ ACC ] STREAM LISTENING 15443 1/systemd /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 12656 1/systemd /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 19764 1114/master private/tlsmgr
unix 2 [ ACC ] SEQPACKET LISTENING 12718 1/systemd /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 19767 1114/master private/rewrite
unix 2 [ ACC ] STREAM LISTENING 19770 1114/master private/bounce
unix 2 [ ACC ] STREAM LISTENING 19773 1114/master private/defer
unix 2 [ ACC ] STREAM LISTENING 19776 1114/master private/trace
unix 2 [ ACC ] STREAM LISTENING 19779 1114/master private/verify
unix 2 [ ACC ] STREAM LISTENING 19785 1114/master private/proxymap
unix 2 [ ACC ] STREAM LISTENING 19791 1114/master private/smtp
unix 2 [ ACC ] STREAM LISTENING 19788 1114/master private/proxywrite
unix 2 [ ACC ] STREAM LISTENING 19794 1114/master private/relay
unix 2 [ ACC ] STREAM LISTENING 19800 1114/master private/error
unix 2 [ ACC ] STREAM LISTENING 19803 1114/master private/retry
unix 2 [ ACC ] STREAM LISTENING 19806 1114/master private/discard
unix 2 [ ACC ] STREAM LISTENING 19809 1114/master private/local
unix 2 [ ACC ] STREAM LISTENING 19812 1114/master private/virtual
unix 2 [ ACC ] STREAM LISTENING 19815 1114/master private/lmtp
unix 2 [ ACC ] STREAM LISTENING 19818 1114/master private/anvil
unix 2 [ ACC ] STREAM LISTENING 19821 1114/master private/scache
unix 2 [ ACC ] STREAM LISTENING 12770 1/systemd /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 8422 1/systemd /run/systemd/journal/stdout
unix 2 [ ACC ] STREAM LISTENING 19753 1114/master public/pickup
unix 2 [ ACC ] STREAM LISTENING 19757 1114/master public/cleanup
unix 2 [ ACC ] STREAM LISTENING 19760 1114/master public/qmgr
unix 2 [ ACC ] STREAM LISTENING 19782 1114/master public/flush
unix 2 [ ACC ] STREAM LISTENING 12787 1/systemd /run/lvm/lvmpolld.socket
unix 2 [ ACC ] STREAM LISTENING 19797 1114/master public/showq
unix 2 [ ACC ] STREAM LISTENING 16373 529/VGAuthService /var/run/vmware/guestServicePipe
- netstat -lntp 查看监听的端口
[root@linux-5 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 889/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1114/master
tcp6 0 0 :::22 :::* LISTEN 889/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1114/master
查看监听的接口后,服务端到底跟哪些客户端进行通信,以及客户端跟我们服务端通信过程到底是一个什么样的状态?
是连接进行数据传输还是两者刚刚建立连接,还是通信完成后保持一个连接而正在等待:要用netstat -an 来查看
- netstat -an 查看所有连接的TCP状态
- 查看服务端和客户端之间的状态
- 用这个值去衡量服务器有没有压力,有没有并发,并发是多少
- netstat -an |grep 122.122.69.86:80|grep -ic estab -i是忽略大小写 -c符合要求的行数
这台服务器的并发数是884的意思是在这一秒或者这一个时刻内有884个连接。
- netstat -an tcp IP
[root@linux-5 ~]# netstat -an tcp IP
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 52 192.168.88.5:22 192.168.88.1:56815 ESTABLISHED
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:25 :::* LISTEN
udp 0 0 127.0.0.1:323 0.0.0.0:*
udp6 0 0 ::1:323 :::*
raw6 0 0 :::58 :::* 7
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 15443 /var/run/dbus/system_bus_socket
unix 2 [ ACC ] STREAM LISTENING 12656 /run/systemd/private
unix 2 [ ACC ] STREAM LISTENING 19764 private/tlsmgr
unix 2 [ ACC ] SEQPACKET LISTENING 12718 /run/udev/control
unix 2 [ ACC ] STREAM LISTENING 19767 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 19770 private/bounce
unix 2 [ ACC ] STREAM LISTENING 19773 private/defer
unix 2 [ ACC ] STREAM LISTENING 19776 private/trace
...
.sock linux,unix 中特有的文件,可以使进程间通讯
Path 状态
TIME_WAIT 传输完成 链接保持着 等待下一次通讯
ESTABLTSHED 已经建立链接正在通讯
FIN_WAIT2 状态详情,可参考【TCP/IP 三次握手】
netstat -an |grep 112.112.69.86:80 查看80端口 并发状态
netstat -an |grep 112.112.69.86:80 |grep -ic estab 统计链接(ESTABLTSHED)正在通讯的链接总数 (前端 静态网页 2到3万 后端 有php mysql等 2000到3000 左右
- netstat -an | awk '/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}' 查看所有连接状态的数字
[root@linux-5 ~]# netstat -an | awk '/^tcp/ {++sta[$NF]} END {for(key in sta) print key,"\t",sta[key]}'
LISTEN 4
ESTABLISHED 1
10.10 linux下抓包
tcpdump 工具
如果没有这个工具需要安装一下;yum install -y tcpdump
- tcpdump -i ens33
[root@linux-5 ~]# tcpdump -i ens33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10:41:15.050051 IP linux-5.ssh > 192.168.88.1.56815: Flags [P.], seq 3103189466:3103189678, ack 2479336344, win 318, length 212
10:41:15.050291 IP 192.168.88.1.56815 > linux-5.ssh: Flags [.], ack 212, win 257, length 0
10:41:15.050693 IP linux-5.54252 > 211.140.197.58.domain: 41781+ PTR? 1.88.168.192.in-addr.arpa.(43)
3 packets captured
11 packets received by filter
0 packets dropped by kernel
- tcpdump -n -i ens33
[root@linux-5 ~]# tcpdump -n -i ens33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10:43:09.543832 IP 192.168.88.5.ssh > 192.168.88.1.56815: Flags [P.], seq 3104226270:3104226482, ack 2479338196, win 318, length 212
10:43:09.544140 IP 192.168.88.1.56815 > 192.168.88.5.ssh: Flags [.], ack 212, win 257, length 0
10:43:09.544333 IP 192.168.88.5.ssh > 192.168.88.1.56815: Flags [P.], seq 212:504, ack 1, win 318, length 292
10:43:09.544532 IP 192.168.88.5.ssh > 192.168.88.1.56815: Flags [P.], seq 504:668, ack 1, win 318, length 164
10:43:09.544751 IP 192.168.88.1.56815 > 192.168.88.5.ssh: Flags [.], ack 668, win 255, length 0
10:43:09.545021 IP 192.168.88.5.ssh > 192.168.88.1.56815: Flags [P.], seq 668:928, ack 1, win 318, length 260
10:43:09.545235 IP 192.168.88.5.ssh > 192.168.88.1.56815: Flags [P.], seq 928:1092, ack 1, win 318, length 164
10:43:09.545402 IP 192.168.88.1.56815 > 192.168.88.5.ssh: Flags [.], ack 1092, win 253, length 0
10:43:09.545504 IP 192.168.88.5.ssh > 192.168.88.1.56815: Flags [P.], seq 1092:1352, ack 1, win 318, length 260
10:43:09.545709 IP 192.168.88.5.ssh > 192.168.88.1.56815: Flags [P.], seq 1352:1516, ack 1, win 318, length 164
10:43:09.545906 IP 192.168.88.1.56815 > 192.168.88.5.ssh: Flags [.], ack 1516, win 258, length 0
...
加一个n就是ip以数字的形式打印出来,如果不加就会显示主机名
- tcpdump -nn -i ens33
[root@linux-5 ~]# tcpdump -nn -i ens33
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10:45:51.110614 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 3104481666:3104481878, ack 2479339532, win 318, length 212
10:45:51.110924 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 212, win 257, length 0
10:45:51.111362 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 212:504, ack 1, win 318, length 292
10:45:51.111792 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 504:668, ack 1, win 318, length 164
10:45:51.112007 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 668, win 255, length 0
10:45:51.112139 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 668:928, ack 1, win 318, length 260
10:45:51.112363 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 928:1092, ack 1, win 318, length 164
10:45:51.112562 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 1092, win 253, length 0
10:45:51.112674 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 1092:1352, ack 1, win 318, length 260
10:45:51.112864 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 1352:1516, ack 1, win 318, length 164
10:45:51.113060 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 1516, win 258, length 0
10:45:51.113207 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 1516:1776, ack 1, win 318, length 260
10:45:51.113417 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 1776:1940, ack 1, win 318, length 164
10:45:51.113612 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 1940, win 257, length 0
10:45:51.113717 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 1940:2200, ack 1, win 318, length 260
10:45:51.114003 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 2200:2364, ack 1, win 318, length 164
10:45:51.114310 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 2364, win 255, length 0
10:45:51.114549 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 2364:2624, ack 1, win 318, length 260
10:45:51.115043 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 2624:2788, ack 1, win 318, length 164
10:45:51.115375 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 2788, win 253, length 0
...
第二个n是端口,tcpdump -nn -i ens33 加上第二个n 就会显示ip,端口形式显示
tcpdump 命令:
- -i:指定网卡
- host:指定ip
- port:指定端口
- -c :指定包数量
- -w :写入指定文件里,将包的内容写入文件里面,如果不加-w直接在屏幕上显示的不是数据包,而是数据流向
- length 长度
附:tcpdump参数解析及使用详解
- tcpdump -nn -i ens33 port 22
[root@linux-5 ~]# tcpdump -nn -i ens33 port 22
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10:52:00.892331 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 3106645586:3106645798, ack 2479341724, win 318, length 212
10:52:00.892652 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 212, win 258, length 0
10:52:00.893665 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 212:504, ack 1, win 318, length 292
10:52:00.894074 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 504:668, ack 1, win 318, length 164
10:52:00.894349 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 668, win 256, length 0
10:52:00.894510 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 668:928, ack 1, win 318, length 260
10:52:00.894792 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 928:1092, ack 1, win 318, length 164
10:52:00.895109 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 1092, win 255, length 0
- tcpdump -nn -i ens33 port 22 -c 6
[root@linux-5 ~]# tcpdump -nn -i ens33 port 22 -c 6
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
10:53:14.412578 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 3106745018:3106745230, ack 2479342068, win 318, length 212
10:53:14.412819 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 212, win 257, length 0
10:53:14.413086 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 212:504, ack 1, win 318, length 292
10:53:14.413280 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 504:668, ack 1, win 318, length 164
10:53:14.413413 IP 192.168.88.1.56815 > 192.168.88.5.22: Flags [.], ack 668, win 255, length 0
10:53:14.413487 IP 192.168.88.5.22 > 192.168.88.1.56815: Flags [P.], seq 668:928, ack 1, win 318, length 260
6 packets captured
6 packets received by filter
0 packets dropped by kernel
- tcpdump -nn -i ens33 port 22 -c 6 -w /tmp/1.cap 写入指定文件里,将包的内容写入文件里面,是真正的包,如果不加-w直接在屏幕上显示的不是数据包,而是数据流向
[root@linux-5 ~]# tcpdump -nn -i ens33 port 22 -c 6 -w /tmp/1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
6 packets captured
6 packets received by filter
0 packets dropped by kernel
- tcpdump -r 查看数据流向,不是数据包
[root@linux-5 ~]# tcpdump -r /tmp/1.cap
reading from file /tmp/1.cap, link-type EN10MB (Ethernet)
10:54:20.933907 IP linux-5.ssh > 192.168.88.1.56815: Flags [P.], seq 3106748910:3106749058, ack 2479344264, win 318, length 148
10:54:20.934381 IP 192.168.88.1.56815 > linux-5.ssh: Flags [.], ack 148, win 253, length 0
10:54:50.704612 IP 192.168.88.1.56815 > linux-5.ssh: Flags [P.], seq 1:53, ack 148, win 253, length 52
10:54:50.744392 IP linux-5.ssh > 192.168.88.1.56815: Flags [.], ack 53, win 318, length 0
10:55:50.711528 IP 192.168.88.1.56815 > linux-5.ssh: Flags [P.], seq 53:105, ack 148, win 253, length 52
10:55:50.711567 IP linux-5.ssh > 192.168.88.1.56815: Flags [.], ack 105, win 318, length 0
wireshark 工具
如果没有需要先安装一下 yum install -y wireshark
[root@linux-5 ~]# yum install -y wireshark
- 用法:tshark 只需要记住这条命令;用的时候复制一下,用于查看web服务情况
tshark -n -t a -R http.request -T fields -e "frame.time" -e "ip.src" -e "http.host" -e "http.request.method" -e "http.request.uri"