The “sar” command (System Activity Reporter) is a powerful tool for monitoring and collecting performance-related data on Linux systems. It comes with the “sysstat” package, which you can install using your package manager if it’s not already installed. In this following post, you will learn how to use sar command effectively in linux.
Here’s a basic guide on how to use the “sar” command to monitor Linux system performance:
Installation:
Ensure the “sysstat” package is installed. You can install it using the package manager for your Linux distribution:
– For Debian/Ubuntu-based systems:
sudo apt-get install sysstat
– For Red Hat-based systems:
sudo yum install sysstat
To verify:
sar --version
Ensure the service is started and enabled(made persistent to start after reboot):
systemctl start sysstat
and
systemctl enable sysstat
or by combining above two commands, you can execute below single command.
systemctl enable –now sysstat
Usage:
1. Real time general usage of sar:
sar
This will display real-time system statistics. Press “Ctrl+C” to stop it.
2. View historical data:
To analyze historical data with specific date and time or duration using the “sar” command, you’ll typically use the “-f” option to specify the data file from the “/var/log/sa” directory. The data files are named according to the day of the month (e.g., “sa01”, “sa02”, etc.).
Here are some examples:
A] Analyzing data for a specific day:
sar -u -f /var/log/sa/saXX
Replace “XX” with the specific day’s data file you want to analyze.
B] Analyzing data for a specific date and time range:
sar -u -f /var/log/sa/saXX -s HH:MM:SS -e HH:MM:SS
Replace “XX” with the specific day’s data file, and “HH:MM:SS” with the start and end times for the analysis.
C] Analyzing data for a specific duration:
sar -u -f /var/log/sa/saXX -s HH:MM:SS -d XX
Replace “XX” with the specific day’s data file, “HH:MM:SS” with the start time, and “XX” with the duration in minutes.
Examples:
#Example 1: Analyzing data for a specific day (e.g., 15th of the month):
sar -u -f /var/log/sa/sa15
#Example 2: Analyzing data for a specific date and time range:
sar -u -f /var/log/sa/sa15 -s 10:00:00 -e 12:00:00
This example analyzes CPU utilization data for the 15th of the month between 10:00 AM and 12:00 PM.
#Example 3: Analyzing data for a specific duration:
sar -u -f /var/log/sa/sa15 -s 10:00:00 -d 60
This example analyzes CPU utilization data for the 15th of the month starting from 10:00 AM for a duration of 60 minutes.
Remember to adjust the options (“-u” for CPU utilization in these examples) based on the specific aspect of system performance you want to analyze. Additionally, the availability and format of data provided by “sar” may vary depending on your Linux distribution and version.
To gather data for a specific duration (e.g., 10 minutes or 1 hour) using the “sar” command for CPU, memory, disk, and network, you can use the “-s” (start time) and “-d” (duration) options. Here are examples for each metric:
NOTE:
As you are installed and started sar service today only, you will not get the historical data. The data will be available from the duration when the service is active and ensure the required disk space is available on the system.
CPU Utilization for 1 hour:
sar -u -f /var/log/sa/saXX -s HH:MM:SS -d 3600 > cpu_output-sar
Replace “HH:MM:SS” with the desired start time, and “3600” with the duration in seconds (1 hour in this case) and “XX” with specific date of the month. And store all the data in cpu_output-sar file for future reference.
Memory Utilization for 10 minutes:
sar -r -f /var/log/sa/saXX -s HH:MM:SS -d 600
Replace “HH:MM:SS” with the desired start time, and “600” with the duration in seconds (10 minutes in this case) and “XX” with specific date of the month.
Disk I/O for 1 hour:
sar -d -f /var/log/sa/saXX -s HH:MM:SS -d 3600
Replace “HH:MM:SS” with the desired start time, and “3600” with the duration in seconds (1 hour in this case) and “XX” with specific date of the month.
Network Activity for 10 minutes:
sar -n DEV -f /var/log/sa/saXX -s HH:MM:SS -d 600
Replace “HH:MM:SS” with the desired start time, and “600” with the duration in seconds (10 minutes in this case). “-n DEV” is used to specify network devices and “XX” with specific date of the month.
Remember to replace “HH:MM:SS” with the actual start time you are interested in. Adjust the metrics (“-u” for CPU, “-r” for memory, “-d” for disk, and “-n DEV” for network) based on the specific aspect of system performance you want to monitor.
Also, note that the availability and format of data provided by “sar” may vary depending on your Linux distribution and version.
3. Capture/VIew live data of CPU using sar :
sar -u 1 5
This example displays CPU utilization every 1 second for a total of 5 iterations. You can adjust the interval and count as needed.
– “-u”: CPU utilization
– “1”: Sampling interval in seconds
– “5”: Number of iterations
4. Capture/View live data of memory usage :
sar -r 1 5
This example displays memory statistics every 1 second for a total of 5 iterations.
– “-r”: Memory utilization
5. Capture/View live data of disk activity:
sar -d 1 5
This example displays disk I/O statistics every 1 second for a total of 5 iterations.
– “-d”: Disk I/O
6. Capture/View live data of network activity:
sar -n DEV 1 5
This example displays network statistics every 1 second for a total of 5 iterations.
– “-n DEV”: Network devices
7. Capture/View live data of process-related information:
sar -q 1 5
This example displays the queue length and load averages every 1 second for a total of 5 iterations.
– “-q”: Queue length and load averages
Additional Tips:
– You can redirect the output to a file for later analysis:
sar -u 1 5 > output.txt
– Use the “man sar” command to explore more options and customize the output according to your needs.
If the status of the “sysstat” service is “active (exited)” on a Linux system, it indicates that the service was active at some point but has exited or stopped. The “active (exited)” status typically means that the service performed its task and then terminated.
Why sysstat service status is active (exited) in linux?
Here are a few possible reasons for this status:
1. Scheduled Execution Completed:
“sysstat” is often used for collecting system performance data at regular intervals. If the service is configured as a cron job or a systemd timer, it may be set to run periodically, collect data, and then exit.
2. Data Collection Interval Elapsed:
The “sysstat” service, which includes tools like “sar” for system activity reporting, is configured to collect data at specific intervals. After collecting the required data, the service may exit until the next scheduled interval.
3. Manually Invoked Command:
If you manually ran a “sysstat” command (e.g., “sar”) in the terminal, it could show as “active (exited)” once the command completes its execution.
You can check the specific status and logs for “sysstat” by looking at the system logs or using the following commands:
– Check service status:
systemctl status sysstat
– Check recent logs:
journalctl -u sysstat
These commands will provide more detailed information about the current state and recent activities of the “sysstat” service.
Remember that the exact behavior and status messages might vary based on the Linux distribution and configuration. If “sysstat” is configured as a systemd service or a cron job, it will run periodically, collect data, and then exit, leading to an “active (exited)” status when checked.
How do you feel about this post? Drop your comments below..
