Linux System Monitoring | Bash

Monitoring system resources in Linux is essential for maintaining the stability, performance, and security of a system. By continuously monitoring metrics such as CPU usage, memory consumption, disk I/O, and network activity, administrators can identify performance bottlenecks, predict potential failures, and optimize resource utilization.

This proactive approach allows for efficient allocation of resources, preventing underutilization or overutilization issues that can lead to system slowdowns or crashes. Additionally, monitoring helps in diagnosing and troubleshooting system problems by providing valuable insights into resource usage patterns, enabling administrators to quickly identify and resolve issues before they escalate.

Ensuring the security of Linux systems

Monitoring system resources is crucial for ensuring the security of Linux systems. By tracking resource usage and analyzing anomalies, administrators can detect unauthorized access attempts, security breaches, or malicious activities such as denial-of-service attacks. Continuous monitoring allows for the early detection of suspicious behavior, enabling administrators to take prompt action to mitigate security risks and protect sensitive data.

Additionally, monitoring helps in compliance with regulatory standards and internal policies by providing audit trails and reports on resource usage, ensuring that systems meet security and operational requirements. Overall, monitoring system resources in Linux is essential for maintaining system integrity, optimizing performance, and safeguarding against security threats.

Understanding System Resources

In Linux, key system resources to monitor include:

  1. CPU:Central Processing Unit usage (overall and per-core)
  2. Memory:Physical and swap memory usage, free/available memory
  3. Disk:Disk space usage, I/O operations (reads/writes, speed)
  4. Network:Network traffic (incoming/outgoing, bandwidth)
  5. Processes:Running processes, resource usage (CPU, memory, I/O)

Command-Line Tools for Monitoring

Real-Time Monitoring


top is a command-line utility that provides a dynamic overview of system resource usage. It displays information about CPU utilization, memory usage, running processes, and more. Here's an example of using top:

$ top

This command launches top, and you'll see an updating list of processes, CPU usage, memory usage, and other system metrics. You can press "q" to exit top.

In the top display, you can see details such as the PID (Process ID), user, CPU usage percentage, memory usage percentage, and command.


htop is an interactive and visually appealing alternative to top, offering enhanced features such as improved sorting, filtering, and navigation. Here's an example of using htop:

$ htop

This command launches htop, presenting a colorful and interactive interface with sortable columns and filtering options. You can navigate through processes using arrow keys, sort them based on various criteria (e.g., CPU usage), and even kill processes directly from the interface.

In the htop display, you can see similar information to top, but with enhanced visual cues and sorting capabilities.

In-Depth Analysis


vmstat reports information about processes, memory, paging, block IO, traps, and CPU activity. It offers a comprehensive view of system resource usage.

$ vmstat 1

This command displays system-wide information every second. You can adjust the interval by changing the number after vmstat. The output includes columns for processes, memory, swap, I/O, and CPU statistics.


iostat provides input/output statistics for devices, partitions, and network filesystems. It displays disk I/O information, including reads/writes, transfers, and average response times.

$ iostat -d -x 1

This command displays disk I/O statistics every second, including extended information like utilization percentages and average service times.


free shows information about system memory usage, including total, used, free, shared, and buffered/cache memory. It presents data in human-readable formats.

$ free -m

This command displays memory usage in megabytes. You can also use the -h option for a more human-readable output (e.g., KB, MB, GB).


df reports disk space usage for mounted filesystems. It displays total, used, and available space for each filesystem.

$ df -h

This command shows disk space usage in a human-readable format (e.g., KB, MB, GB).


du calculates disk space usage for specified directories or files. It provides a summary of space usage for each directory or file.

$ du -sh /path/to/directory

This command shows the total disk space used by the specified directory in a human-readable format.


netstat displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships.

$ netstat -tuln

This command shows TCP and UDP listening sockets (-l) along with their numeric addresses (-n) and ports (-u for UDP, -t for TCP).


ps lists running processes with details such as PID, user, CPU usage, memory usage, and command.

$ ps aux

This command displays a detailed list of all processes running on the system, including system processes and user processes, along with their resource usage information.

System-Wide Monitoring (Graphical)

System-wide monitoring tools with graphical interfaces offer a user-friendly way to visualize and analyze system resource usage. Here are two examples:

GNOME System Monitor

GNOME System Monitor is a default tool in many GNOME-based desktop environments, providing comprehensive overviews of system resource usage. It offers graphical representations of CPU, memory, disk, and network usage, making it easy for users to monitor system performance. Here's how you can launch GNOME System Monitor:

You can typically find GNOME System Monitor in the application menu of GNOME-based desktop environments. Alternatively, you can launch it from the terminal:

$ gnome-system-monitor

Once launched, GNOME System Monitor presents tabs for CPU, Memory, Processes, File Systems, and Network, allowing users to navigate between different system metrics and analyze resource usage in detail.

KDE System Monitor

KDE System Monitor is available in KDE Plasma desktop environments, offering detailed information about system resource usage. It provides graphs and statistics for CPU, memory, disk I/O, network activity, and more. Here's how you can launch KDE System Monitor:

You can typically find KDE System Monitor in the application menu of KDE Plasma desktop environments. Alternatively, you can launch it from the terminal:

$ ksysguard

Once launched, KDE System Monitor presents various tabs and panels for monitoring system resources. Users can customize the display by adding or removing widgets and arranging them according to their preferences.

Long-Term Monitoring


sar (System Activity Reporter) is a command-line utility that records system activity statistics to files for later analysis. It collects and reports system performance metrics such as CPU utilization, memory usage, disk activity, and network activity at regular intervals. These statistics provide valuable insights into system behavior and performance trends over time. Here's how you can use sar:

To display CPU utilization statistics for the current day:

$ sar -u

To display memory usage statistics for the current day:

$ sar -r

To display disk I/O statistics for the current day:

$ sar -b

collectl is a versatile command-line tool for collecting and storing metrics for multiple system resources at configurable intervals. It offers a wide range of monitoring capabilities, including CPU, memory, disk, network, and more. collectl can be configured to collect data at intervals as short as 1 second, providing detailed insights into system behavior. Here's how you can use collectl:

To collect and display CPU utilization statistics:

$ collectl -sc

To collect and display memory usage statistics:

$ collectl -sm

To collect and display disk I/O statistics:

$ collectl -sd

Nagios and Icinga are enterprise-grade monitoring solutions designed for alerting and reporting on system health and performance. They offer extensive monitoring capabilities for various aspects of IT infrastructure, including servers, networks, applications, and services. Nagios and Icinga can monitor system resources in real-time, generate alerts based on predefined thresholds or conditions, and provide detailed reports for analysis and troubleshooting. Here's how you can use Nagios/Icinga:

To monitor CPU usage on a remote server and generate alerts if it exceeds a certain threshold:

# Define a service check command in Nagios/Icinga configuration define service{ use generic-service host_name your_remote_server service_description CPU Usage check_command check_nrpe!check_cpu_usage }

To monitor disk space usage on a remote server and generate alerts if it reaches a critical level:

# Define a service check command in Nagios/Icinga configuration define service{ use generic-service host_name your_remote_server service_description Disk Space check_command check_nrpe!check_disk_space }

Monitoring Specific Services

Monitoring specific services often requires using service-specific tools tailored to the application or component being monitored. Here's an explanation of monitoring tools for specific services along with examples:

mysqladmin (for MySQL):

mysqladmin is a command-line utility for administering MySQL servers. It can also be used to monitor MySQL server performance and status. Here's how you can use mysqladmin to monitor MySQL:

To check the status of the MySQL server:

$ mysqladmin -u username -p status

To display information about current MySQL server threads:

$ mysqladmin -u username -p processlist

To check the uptime of the MySQL server:

$ mysqladmin -u username -p version
apache2ctl (for Apache HTTP Server):

apache2ctl is a command-line utility for controlling and monitoring the Apache HTTP Server. It provides various commands for managing Apache server instances and obtaining status information. Here's how you can use apache2ctl to monitor Apache:

To check the status of the Apache server:

$ apache2ctl status

To restart the Apache server:

$ apache2ctl graceful

To check the syntax of the Apache configuration files:

$ apache2ctl configtest
systemctl (for systemd-based services):

systemctl is a command-line utility for managing systemd-based services on Linux systems. It can be used to start, stop, restart, enable, disable, and monitor services. Here's how you can use systemctl to monitor systemd-based services:

To check the status of a specific service (e.g., SSH):

$ systemctl status ssh

To display a list of active services and their status:

$ systemctl list-units --type=service

Best Practices

  1. Choose the tools that align with your monitoring needs: real-time vs. historical, basic vs. in-depth.
  2. Consider automation through scripts or cron jobs for regular monitoring and alerting.
  3. Define thresholds for resource usage to trigger notifications or actions when exceeded.
  4. Correlate data from different tools to gain a holistic view of system health.
  5. Use monitoring data to make informed decisions about resource allocation, performance optimization, and troubleshooting.


In order to do the monitoring of resources in Linux, it is necessary to constantly and continuously check metrics such as CPU usage, memory utilization, disk I/O and network activity all the time. Implimenting this type of procedure allows the administrators to tune up system performance, detect and repair the problems without delay, get the best resource utilization, and improve system security. By implementing a set of command-line and graphical utilities targeted at particular monitoring requirements, administrators ensure proper functioning of system and thus attain capacity and performance objectives.