network system descounters are a subset of an object. for any given object, you will have multiple...
TRANSCRIPT
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
1/28
j
Network System Design Assgnment 3
Name SLIIT ID CURTIN ID
T.M.G Buddhika DCN/09/C4-0780 15649142
K.E.H Peiris DIT/07C1-0040 14250860
P.A .D.K Ponnamperuma DCN/09/C3-0611 15647272
1
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
2/28
Windows Performance Monitor (PerfMon) has been around for several generations of
Windows and allows you to monitor, either over time or in real-time, the performance
statistics of a Windows server.
Performance Monitor can capture a plethora of information on a Windows Server and is
useful in diagnosing performance problems. However, to meaningfully analyze the PerfMondata captured when troubleshooting performance issues, it is critical that you have a baseline
of normal system performance for comparison. This article focuses on using PerfMon to
create a performance baseline on a Windows Terminal Server, but the following information
also applies to baselining any Windows-based server.
Using Performance Monitor, performance data can be captured in a variety of granularity,
from total processor utilization on a server down to the processor time used by an individual
Windows process. However, to understand how to obtain the information you want, it is
important to understand the three fundamental levels of monitoring criteria. These three
levels are detailed below:
Objects: Objects are the top-most criteria for monitoring a set of attributes on the server.
Typical objects include Memory, Network, Paging File, Processor, etc.
Counters: Counters are a subset of an object. For any given object, you will have multiple
counters. For example, the Processor object has various counters to choose from: %
processor time, % privileged time, % user time, interrupts/second, etc.
Instances: Each counter can have one or more instances. Using the example above of the
processor object, % processor time would have two instances in a dual-processor system
one for each processor (0 and 1). You have the ability to monitor only one instance of a given
counter if you wish.
Another way to look at this relationship is as follows (figure 1):
Figure 1
You can select the object itself, which includes all counters and all instances of each counter,
a specific counter for an object, which includes all instances for that counter, or you can
select only to view/track a specific instance of a given counter (for example, instance 0 of the
% Processor Time counter of theProcessorobject).
Using Performance Monitor
2
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
3/28
The default screen shows current activity on the system, measuring pages/sec, average disk
queue length and processor utilization.
1. To baseline a system, select Counter Logs underPerformance Logs and Alerts. By
default, there is a basic counter log that measures the same three counters as listed
above. Although you cant delete the sample, you can create your own custom counterlog.
2. Right click on Counter Logs and selectNew Log Settings TheNew Log Settings
screen comes up and prompts you to name the job. As a good rule of thumb, it is best
to make the job name as descriptive as possible to make future references easier.
Include things like the server name and the date that the baseline is being taken.
Enter the job name and clickOK.
3. Now its time to set up the counters. You will notice that there are two buttons
available Add Objects andAdd Counters. Most of the time, you will find that adding
entire objects will result in too much data being collected. For a proper baseline, you
only need to capture the basic information about the performance of a server.Granular items (such asProcessor\Pool Paged Bytes) will have no bearing on the
baseline, so its overkill. Also, with each additional counter added, the server has to
use resources to track that performance data. Adding too many counters by selecting
entire objects can easily put undue strain on a server and skew your baseline results.
Therefore, its best to only add the counters you wish to track.
ClickingAdd Counters button will bring up the following screen (figure 2)
3
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
4/28
Figure 2
By selecting a performance object from the drop-down list, you can drill down to specific
counters and instances of that object.
Below is a list of object counters that make up a good, well-rounded baseline. You should
include all instances of each counter except for the Network counters; they should only
monitor the instances for the NICs that will be included in the baseline (if appropriate). The
details on what each counter gathers will be discussed in part 2 of this article.
Memory
Pages/Sec
Take care to distinguish between these two paging counters:
1) Pages /sec (Hard page faults)
2) Page Faults /sec counter is likely to be at least twice the value of the above.
Two problems with monitoring in general, firstly no counter should be taken in isolation,
secondly spikes should be ignored, or at least played down.
The less paging the better your server's performance. Most authorities agree that Memory:Pages / sec is a key memory counter. This counter measures 'hard' page faults, in other words
4
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
5/28
the page in nowhere in memory, so the VMM (Virtual Memory Manager) has to fetch the
data from the pagefile on the disk; in computing terms that takes an age.
I am reluctant to disagree with other authorities, but from my experience, I would put the
threshold as high as 20 pages /sec, before blaming paging as the bottleneck. Moreover, I
would not trust pages /sec as an indicator of a bottleneck without confirmation from lowAvailable bytes. (see above)
In truth, if you put 5 experts in the same room, they could all spot a memory bottleneck, but
when they wrote up their notes, they would use different time slices and different thresholds,
consequently, it would seem that there was a conflict where none actually existed.
Available Mbytes
Committed Bytes
If the value for committed bytes is greater than physical memory, then more RAM would
help.
Page Faults/Sec
Page faults / sec is the sum of hard and soft page faults. Soft page faults are where the data is
found elsewhere in RAM. For example, Word has opened the spellchecker, and now Outlook
wishes to use it, there is no need for another call to the disk as the spellchecker is already inmemory.
Network Interface
Bytes Total/Sec
Packets/Sec
Paging File
% Usage
Physical Disk
% Disk Time
Avg Disk Bytes/Transfer
Avg Disk Queue Length
Avg Disk Sec/Transfer
Disk Transfers/Sec
5
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
6/28
Processor
% Processor Time
This counter provides a measure of how much time the processor actually spends working on
productive threads and how often it was busy servicing requests. This counter actuallyprovides a measurement of how often the system is doing nothing subtracted from 100%.
This is a simpler calculation for the processor to make. The processor can never be sitting
idle waiting to the next task, unlike our cashier. The CPU must always have something to do.
It's like when you turn on the computer, the CPU is a piece of wire that electric current is
always running through, thus it must always be doing something. NT give the CPU
something to do when there is nothing else waiting in the queue. This is called the idle thread.
The system can easily measure how often the idle thread is running as opposed to having to
tally the run time of each of the other process threads. Then , the counter simply subtracts the
percentage from 100%.
% Privilege Time
This is the total privledge time for all processors on the system collectively. See Processor :
% Privledge Time for more details.
% User Time
The value of this counter helps to determine the kind of processing that is affecting the
system. Of course the resulting value is the total amount of non-idle time that was spent onUser mode operations. This generally means application code.
Interrupts/Sec
The numbers of interrupts the processor was asked to respond to. Interrupts are generated
from hardware components like hard disk controller adapters and network interface cards. A
sustained value over 1000 is usually an indication of a problem. Problems would include a
poorly configured drivers, errors in drivers, excessive utilization of a device (like a NIC on an
IIS server), or hardware failure. Compare this value with the System : Systems Calls/sec. Ifthe Interrupts/sec is much larger over a sustained period, you probably have a hardware issue.
System
Context Switches/Sec
Processes
Processor Queue Length
6
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
7/28
The following counters are for Terminal Servers specifically, and will aid in translating the
output into meaningful information:
Terminal Services
Active Sessions
Total Sessions
Terminal Services Session
% Processor Time
Page Faults/Sec
4. Once you have added any appropriate counters, you can select the sample interval.
The default setting of 15 seconds is usually sufficient, but if the server is utilized
rather heavily, then set the sampling interval to 30 seconds or more to cut down on the
impact that performance monitor may have on normal running conditions.
To set the interval, on the General Tab (figure 3), set theSample data every:
parameter to the desired setting, and the corresponding Units (inseconds, by default).
7
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
8/28
Figure 3
5. On the Log Files tab (figure 4), you can change the type of log file and where they arestored.
8
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
9/28
Figure 4
Typically, a binary log file is sufficient if you will be reviewing the data in PerfMon (typical).However you have the option of using a delimited text file (however, delimited files cannot
be read by PerfMon) or even streaming the data to an SQL database. For the purposes of this
article, we will stick to a binary file.
Clicking on the Configure button will allow you to set both the file name prefix (which
defaults to the job name) and the location of the files. You can also set a maximum size for
your log files to prevent them from growing too large. The default of Maximum limit will
allow the log file to continue to grow until it consumes all space on the drive, so it might be a
good idea to set a maximum file size to prevent this if drive space is short or you will not be
setting an end time/date for the job on the Schedule tab. Once the log file reaches the
specified size, PerfMon will stop logging information.
Another option, however, is to use aBinary Circular File for the log file. Once the log file
grows to the size specified, PerfMon will begin flushing the oldest information in the log file
to make room for the new data. This will ensure you always have the latest performance
statistics when you stop the log, and the log file will never grow beyond the specified size.
6. Finally, the Schedule tab (figure 5) allows you to decide whether the PerfMon job will
start and stop at specified times or will require manual intervention. For baselining,
you would typically set a start and stop time/date. It is always good to set a stop time
if you dont set a maximum log file size. This will prevent the logs from accidentally
filling the drive if you forget to turn off PerfMon. In this example below, Perfmon isset to log data for seven days.
9
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
10/28
Figure 5
7. All that is left is to start collecting data. To manually start the job, right click the jobname in the Counter Logs screen and selectStart. Otherwise, the job will start
automatically when the scheduled time arrives.
Note: No one needs to be logged on to the server for data collection. PerfMon will
automatically start and stop jobs without a user being logged on.
Once the job is started, its icon will turn green in the Counter Logs screen. You can
also view the log file location in Windows Explorer to see the actual log files as they
grow in size.
With the job now running, the PerfMon is collecting data. The best way to get the mostreliable data is to run the server in production as usual. The idea is to allow Performance
Monitor to capture performance statistics as the server is under normal use. This will provide
a good baseline for future comparison.
Part 2 of this article will go into depth on how to interpret the data gathered and how to
effectively use a baseline to troubleshoot future issue.
Netstat
10
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
11/28
Netstat is a useful tool for checking network and Internet connections. Some
useful applications for the average PC user are considered, including
checking for malware connections.
Syntax and switches
The command syntax is netstat [-a] [-b] [-e] [-f] [-n] [-o] [-p proto] [-r] [-s] [-
t] [-v] [interval] A brief description of the switches is given in Table I below. Some
switches are only in certain Windows versions, as noted in the table..Note that switches for
Netstat use the dash symbol "-" rather than the slash "/".
Table I. Switches for Netstat command
Switch Description
-a Displays all connections and listening ports
-b Displays the executable involved in creating each connection or listening port.
(Added in XP SP2.)
-e Displays Ethernet statistics
-fDisplays Fully Qualified Domain Names for foreign addresses. (In Windows
Vista/7 only)
-n Displays addresses and port numbers in numerical form
-o Displays the owning process ID associated with each connection
-p protoShows connections for the protocol specified by proto; proto may be any of:
TCP, UDP, TCPv6, or UDPv6.
-r Displays the routing table
-s Displays per-protocol statistics
11
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
12/28
-t Displays the current connection offload state, (Windows Vista/7)
-v
When used in conjunction with -b, will display sequence of components
involved in creating the connection or listening port for all executables.
(Windows XP SP2, SP3)
[interval]
An integer used to display results multiple times with specified number of
seconds between displays. Continues until stopped by command ctrl+c.
Default setting is to display once,
Applications of Netstat
Netstat is one of a number of command-line tools available to check the functioning of a
network. (See this page for discussion of other tools.) It provides a way to check if various
aspects of TCP/IP are working and what connections are present. In Windows XP SP2, a
new switch "-B" was added that allows the actual executable file that has opened a
connection to be displayed. This newer capability provides a chance to catch malware that
may be phoning home or using your computer in unwanted ways on the Internet. There are
various ways that a system administrator might use the assortment of switches but I will give
two examples that might be useful to home PC users.
Checking TCP/IP connections
TCP and UDP connections and their IP and port addresses can be seen by entering a
command combining two switches: netstat -an An example of the output that is obtained is
shown in Figure 1.
Figure 1. Example output for command "netstat -an"
12
http://commandwindows.com/tcpiputil.htmhttp://commandwindows.com/tcpiputil.htm -
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
13/28
The information that is displayed includes the protocol, the local address, the remote
(foreign) address, and the connection state. Note that the various IP addresses include port
information as well. An explanation of the different connection states is given in Table II>
Table II. Description of various connection states
State Description
CLOSEDIndicates that the server has received an ACK signal from the client and
the connection is closed
CLOSE_WAIT
Indicates that the server has received the first FIN signal from the client
and the connection is in the process of being closed
ESTABLISHEDIndicates that the server received the SYN signal from the client and the
session is established
FIN_WAIT_1 Indicates that the connection is still active but not currently being used
FIN_WAIT_2Indicates that the client just received acknowledgment of the first FIN
signal from the server
13
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
14/28
LAST_ACK Indicates that the server is in the process of sending its own FIN signal
LISTENING Indicates that the server is ready to accept a connection
SYN_RECEIVED Indicates that the server just received a SYN signal from the client
SYN_SEND Indicates that this particular connection is open and active
TIME_WAITIndicates that the client recognizes the connection as still active but not
currently being used
Checking for malware by looking at which programs initiate connections
To find out which programs are making connections with the outside world, we can use the
command netstat -b (Note that for Windows Vista/7, this particular switch requires that the
command prompt have elevated privileges.) Actually, it is better to check over a period of
time and we can add a number that sets the command to run at fixed intervals. Also, it is
best to create a written record of the connections that are made over some period of time.
The command can then be written netstat -b 5 >> C:\connections.txt Note that as
written, this command will run with five-second intervals until stopped by entering "Ctrl+c",
which is a general command to exit. (Some reports say that this can be fairly CPU intensive
so it may cause a slower, single-core machine to run sluggishly. It was not noticeable on my
dual-core machine.) A simple example of the type of output is shown in Figure 2. Note that
the Process ID (PID) is given when using Windows XP. In Windows Vista/7, the switch "o'
has to be added to display PIDs. This command can be combined with other tools such as
Task Manager to analyze what executable files and processes are active and are trying to
make Internet connections.
Figure 2. Sample output for command "netstat -b" in Windows XP
14
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
15/28
Windows XP batch program to check connections and terminate
automatically
The previous example of using "netstat -b" to check connections at intervals has the
disadvantage that it requires manual termination. It is also possible to use a batch file that
runs a specified number of times with a given time interval and then terminates
automatically. In Windows XP we can make use of a command from the Windows 2003
Server Tools called "Sleep". A possible batch file is: @echo off
echo Checking connections
for /L %%X in (1,1,100) do (netstat -b >> C:\connections.txt)&&(sleep 5)
This particular example does 100 iterations of the netstatcommand at 30 second intervals
and writes the results to a file C:\connections.txt. By using different combinations of the
switches in Table I, the type of output can be varied
Batch program to check connections in Windows Vista and Windows 7
Windows Vista and Windows 7 do not require installing the "Sleep" file. A command "
timeout" has been added to these operating systems that serves a similar purpose. A
possible batch file for Windows Vista/7 is:
@echo off
echo Checking connections
for /L %%X in (1,1,100) do (netstat -b >> "%USERPROFILE%\connections.txt")&&
((timeout /t 5 /nobreak)>nul)
This batch file has to be run with administrator privileges.
15
http://commandwindows.com/vista-tips.htm#timeouthttp://commandwindows.com/vista-tips.htm#timeout -
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
16/28
vmstat command
The first tool to use is the vmstat command, which quickly provides compact information
about various system resources and their related performance problems.
The vmstat command reports statistics about kernel threads in the run and wait queue,memory, paging, disks, interrupts, system calls, context switches, and CPU activity. The
reported CPU activity is a percentage breakdown of user mode, system mode, idle time,and waits for disk I/O.Note: If the vmstat command is used without any interval, then it generates a singlereport. The single report is an average report from when the system was started. Youcan specify only the Count parameter with the Interval parameter. If the Intervalparameter is specified without the Count parameter, then the reports are generatedcontinuously.As a CPU monitor, the vmstat command is superior to the iostat command in that its
one-line-per-report output is easier to scan as it scrolls and there is less overheadinvolved if there are many disks attached to the system. The following example can help
you identify situations in which a program has run away or is too CPU-intensive to run in
a multiuser environment.
# vmstat 2
kthr memory page faults cpu
----- ----------- ------------------------ ------------ -----------
r b avm fre re pi po fr sr cy in sy cs us sy id wa
1 0 22478 1677 0 0 0 0 0 0 188 1380 157 57 32 0 10
1 0 22506 1609 0 0 0 0 0 0 214 1476 186 48 37 0 16
0 0 22498 1582 0 0 0 0 0 0 248 1470 226 55 36 0 9
2 0 22534 1465 0 0 0 0 0 0 238 903 239 77 23 0 0
2 0 22534 1445 0 0 0 0 0 0 209 1142 205 72 28 0 0
2 0 22534 1426 0 0 0 0 0 0 189 1220 212 74 26 0 0
3 0 22534 1410 0 0 0 0 0 0 255 1704 268 70 30 0 0
2 1 22557 1365 0 0 0 0 0 0 383 977 216 72 28 0 0
2 0 22541 1356 0 0 0 0 0 0 237 1418 209 63 33 0 4
1 0 22524 1350 0 0 0 0 0 0 241 1348 179 52 32 0 16
1 0 22546 1293 0 0 0 0 0 0 217 1473 180 51 35 0 14
This output shows the effect of introducing a program in a tight loop to a busy multiuser
system. The first three reports (the summary has been removed) show the system
balanced at 50-55 percent user, 30-35 percent system, and 10-15 percent I/O wait.
When the looping program begins, all available CPU cycles are consumed. Because the
looping program does no I/O, it can absorb all of the cycles previously unused because
of I/O wait. Worse, it represents a process that is always ready to take over the CPUwhen a useful process relinquishes it. Because the looping program has a priority equal
16
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
17/28
to that of all other foreground processes, it will not necessarily have to give up the CPU
when another process becomes dispatchable. The program runs for about 10 seconds
(five reports), and then the activity reported by the vmstat command returns to a more
normal pattern.
Optimum use would have the CPU working 100 percent of the time. This holds true in
the case of a single-user system with no need to share the CPU. Generally, ifus + sy
time is below 90 percent, a single-user system is not considered CPU constrained.
However, ifus + sy time on a multiuser system exceeds 80 percent, the processes may
spend time waiting in the run queue. Response time and throughput might suffer.
To check if the CPU is the bottleneck, consider the four cpu columns and the two kthr
(kernel threads) columns in the vmstat report. It may also be worthwhile looking at the
faults column:
cpu
Percentage breakdown of CPU time usage during the interval. The cpu columns are
as follows:
us
The us column shows the percent of CPU time spent in user mode. A UNIX
process can execute in either user mode or system (kernel) mode. When in
user mode, a process executes within its application code and does not require
kernel resources to perform computations, manage memory, or set variables.
sy
The sy column details the percentage of time the CPU was executing a process
in system mode. This includes CPU resource consumed by kernel processes
(kprocs) and others that need access to kernel resources. If a process needs
kernel resources, it must execute a system call and is thereby switched to
system mode to make that resource available. For example, reading or writing
of a file requires kernel resources to open the file, seek a specific location, and
read or write data, unless memory mapped files are used.
id
The id column shows the percentage of time which the CPU is idle, or waiting,
without pending local disk I/O. If there are no threads available for execution
(the run queue is empty), the system dispatches a thread called wait, which is
also known as the idle kproc. On an SMP system, one wait thread per
processor can be dispatched. The report generated by the ps command (with
the -k or -g 0 option) identifies this as kproc or wait. If the ps report shows a
high aggregate time for this thread, it means there were significant periods of
time when no other thread was ready to run or waiting to be executed on the
CPU. The system was therefore mostly idle and waiting for new tasks.
17
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
18/28
wa
The wa column details the percentage of time the CPU was idle with pending
local disk I/O and NFS-mounted disks. If there is at least one outstanding I/O
to a disk when wait is running, the time is classified as waiting for I/O. Unless
asynchronous I/O is being used by the process, an I/O request to disk causes
the calling process to block (or sleep) until the request has been completed.
Once an I/O request for a process completes, it is placed on the run queue. If
the I/Os were completing faster, more CPU time could be used.
A wa value over 25 percent could indicate that the disk subsystem might not be
balanced properly, or it might be the result of a disk-intensive workload.
For information on the change made to wa, see Wait I/O time reporting.
kthr
Number of kernel threads in various queues averaged per second over the sampling
interval. The kthr columns are as follows:
r
Average number of kernel threads that are runnable, which includes threads
that are running and threads that are waiting for the CPU. If this number is
greater than the number of CPUs, there is at least one thread waiting for a CPU
and the more threads there are waiting for CPUs, the greater the likelihood of a
performance impact.
b
Average number of kernel threads in the VMM wait queue per second. This
includes threads that are waiting on filesystem I/O or threads that have been
suspended due to memory load control.
If processes are suspended due to memory load control, the blocked column
(b) in the vmstat report indicates the increase in the number of threads rather
than the run queue.
p
For vmstat -I The number of threads waiting on I/Os to raw devices per
second. Threads waiting on I/Os to filesystems would not be included here.
faults
Information about process control, such as trap and interrupt rate. The faults
columns are as follows:
in
18
http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/wait_io_time_reporting.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/wait_io_time_reporting.htm -
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
19/28
Number of device interrupts per second observed in the interval. Additional
information can be found in Assessing disk performance with the vmstat
command.
sy
The number of system calls per second observed in the interval. Resources are
available to user processes through well-defined system calls. These calls
instruct the kernel to perform operations for the calling process and exchange
data between the kernel and the process. Because workloads and applications
vary widely, and different calls perform different functions, it is impossible to
define how many system calls per-second are too many. But typically, when
the sy column raises over 10000 calls per second on a uniprocessor, further
investigations is called for (on an SMP system the number is 10000 calls per
second per processor). One reason could be "polling" subroutines like the
select() subroutine. For this column, it is advisable to have a baseline
measurement that gives a count for a normal sy value.
cs
Number of context switches per second observed in the interval. The physical
CPU resource is subdivided into logical time slices of 10 milliseconds each.
Assuming a thread is scheduled for execution, it will run until its time slice
expires, until it is preempted, or until it voluntarily gives up control of the CPU.
When another thread is given control of the CPU, the context or working
environment of the previous thread must be saved and the context of thecurrent thread must be loaded. The operating system has a very efficient
context switching procedure, so each switch is inexpensive in terms of
resources. Any significant increase in context switches, such as when cs is a lot
higher than the disk I/O and network packet rate, should be cause for further
investigation
Important stages of vmstat usage.
The vmstat command includes information that you can use to diagnose CPU and virtual
memory problems. The following fields are particularly important:
1. Virtual memory information (memory), including the number of pages that are on the
active list, including inactive pages and Unified Buffer Cache least-recently used
(UBC LRU) pages (act); the number of pages on the free list (free), and the number
of pages on the wire list (wire). Pages on the wire list cannot be reclaimed.
2. The number of pages that have been paged out (pout).
3. Interrupt information (intr), including the number of nonclock device interrupts per
second (in), the number of system calls called per second (sy), and the number of
task and thread context switches per second (cs).
19
http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.prftungd/doc/prftungd/assess_disk_perf_vmstat.htm -
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
20/28
4. CPU usage information (cpu), including the percentage of user time for normal and
priority processes (us), the percentage of system time (sy), and the percentage of idle
time (id). User time includes the time the CPU spent executing library routines.
System time includes the time the CPU spent executing system calls.
df (Unix)
df (abbreviation fordiskfree) is a standardUnixcomputer program used to display the
amount of available disk space forfilesystems on which the invoking user has appropriate
read access. df is usually implemented by reading the mtabfile or using statfs.
df first appeared in Version 1 AT&T UNIX.
o
Usage
The Single UNIX Specification specifications fordf are:
df [-k] [-P|-t] [-del] [file...]
-k
Use 1024-byte units, instead of the default 512-byte units, when writing space figures.-P
Use a standard, portable, output format
-tIfXSI compliant, show allocated space as well[dubiousdiscuss]
-h
Display in Kb, Mb, or Gbfile
Write the amount of free space of the file system containing the specified file
Most Unix and Unix-like operating systems add extra options. The BSD and GNU coreutils
versions include -h, where free space is listed in human readable format, adding units with
the appropriate SI prefix (e.g. 10MB), -i, listing inode usage, and -l, restricting display to
only local filesystems. GNUdf includes -T as well, listing filesystem type information, but
the GNU df shows the sizes in 1K blocks by default.
Specification
The Single Unix Specification (SUS) specifies by default space is reported in blocks of 512
bytes, and that at a minimum, the file system names and the amount of free space.
The use of 512-byte units is historical practice and maintains compatibility with ls and other
utilities. This does not mandate that the file system itself be based on 512-byte blocks. The -k
option was added as a compromise measure. It was agreed by the standard developers that
512 bytes was the best default unit because of its complete historical consistency on SystemV (versus the mixed 512/1024-byte usage on BSD systems), and that a -k option to switch to
20
http://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Filesystemshttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/w/index.php?title=Statfs&action=edit&redlink=1http://en.wikipedia.org/wiki/AT%26T_UNIXhttp://en.wikipedia.org/wiki/Single_UNIX_Specificationhttp://en.wikipedia.org/w/index.php?title=X/Open_System_Interfaces_Extension&action=edit&redlink=1http://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/GNU_coreutilshttp://en.wikipedia.org/wiki/SI_prefixhttp://en.wikipedia.org/wiki/Inodehttp://en.wikipedia.org/wiki/GNUhttp://en.wikipedia.org/wiki/Single_Unix_Specificationhttp://en.wikipedia.org/wiki/Lshttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Computer_programhttp://en.wikipedia.org/wiki/Filesystemshttp://en.wikipedia.org/wiki/Mtabhttp://en.wikipedia.org/w/index.php?title=Statfs&action=edit&redlink=1http://en.wikipedia.org/wiki/AT%26T_UNIXhttp://en.wikipedia.org/wiki/Single_UNIX_Specificationhttp://en.wikipedia.org/w/index.php?title=X/Open_System_Interfaces_Extension&action=edit&redlink=1http://en.wikipedia.org/wiki/Wikipedia:Disputed_statementhttp://en.wikipedia.org/wiki/Talk:Df_(Unix)#Dubioushttp://en.wikipedia.org/wiki/Unixhttp://en.wikipedia.org/wiki/Unix-likehttp://en.wikipedia.org/wiki/BSDhttp://en.wikipedia.org/wiki/GNU_coreutilshttp://en.wikipedia.org/wiki/SI_prefixhttp://en.wikipedia.org/wiki/Inodehttp://en.wikipedia.org/wiki/GNUhttp://en.wikipedia.org/wiki/Single_Unix_Specificationhttp://en.wikipedia.org/wiki/Lshttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/System_Vhttp://en.wikipedia.org/wiki/BSD -
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
21/28
1024-byte units was a good compromise. Users who prefer the more logical 1024-byte
quantity can easily aliasdf to df -k without breaking many historical scripts relying on the
512-byte units.
The output with -P shall consist of one line of information for each specified file system.
These lines shall be formatted as follows:
, , , , ,
In the following list, all quantities expressed in 512-byte units (1024-byte when -k is
specified) shall be rounded up to the next higher unit. The fields are:
The name of the file system, in an implementation-defined format.
total space>
The total size of the file system in 512-byte units. The exact meaning of this figure is
implementation-defined, but should include , , plus any
space reserved by the system not normally available to a user.
The total amount of space allocated to existing files in the file system, in 512-byte
units.
The total amount of space available within the file system for the creation of new files
by unprivileged users, in 512-byte units. When this figure is less than or equal to zero,
it shall not be possible to create any new files on the file system without first deleting
others, unless the process has appropriate privileges. The figure written may be less
than zero.
The percentage of the normally available space that is currently allocated to all fileson the file system. This shall be calculated using the fraction:
/ (+ )
expressed as a percentage. This percentage may be greater than 100 if is
less than zero. The percentage value shall be expressed as a positive integer, with any
fractional result causing it to be rounded to the next highest integer.
The directory below which the file system hierarchy appear
21
http://en.wikipedia.org/wiki/Alias_(Unix_shell)http://en.wikipedia.org/wiki/Alias_(Unix_shell) -
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
22/28
Example
$ df -k
Filesystem 1024-blocks Free %Used Iused %Iused Mounted on
/dev/hd4 32768 16016 52% 2271 14% /usr
/dev/hd2 4587520 1889420 59% 37791 4% /usr/dev/hd9var 65536 12032 82% 518 4% /var
/dev/hd3 819200 637832 23% 1829 1% /tmp
/dev/hd1 524288 395848 25% 421 1% /home
/proc - - - - - /proc
/dev/hd10opt 65536 26004 61% 654 4% /opt
ifconfig Command
About ifconfig
The "ifconfig" command allows the operating system to setup network interfaces and allow
the user to view information about the configured network interfaces.
Syntax
ifconfig [-L] [-m] interface [create] [address_family] [address[/prefixlength]
[dest_address]] [parameters]
ifconfig interface destroy
ifconfig -a [-L] [-d] [-m] [-u] [address_family]
ifconfig -l [-d] [-u] [address_family]
ifconfig [-L] [-d] [-m] [-u] [-C]
address For the DARPA-Internet family, the address is either a host name
present in the host name data base, or a DARPA Internet address
expressed in the Internet standard ``dot notation''.
It is also possible to use the CIDR notation (also known as the slash
notation) to include the netmask. That is, one can specify an address
like 192.168.0.1/16.
addres_family Specify the address family which affects interpretation of the
remaining parameters. Since an interface can receive transmissions in
differing protocols with different naming schemes, specifying the
address family is recommended. The address or protocol families
currently supported are ``inet'', ``inet6'',
dest_address Specify the address of the correspondent on the other end of a point to
point link.
22
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
23/28
interface This parameter is a string of the form `name unit'', for example,
``en0''.
add Another name for thealias parameter. Introduced for compatibility
with BSD/OS.
alias Establish an additional network address for this interface. This is
sometimes useful when changing network numbers, and one wishes to
accept packets addressed to the old interface. If the address is on the
same subnet as the first network address for this interface, a netmask
of 0xffffffff has to be specified.
-alias Remove the network address specified. This would be used if you
incorrectly specified an alias, or it was no longer needed. If you have
incorrectly set an NS address having the side effect of specifying the
host portion, removing all NS addresses will allow you to respecify
the host portion.
anycast (Inet6 only.) Specify that the address configured is an anycast address.
Based on the current specification, only routers may configure anycast
addresses. Anycast address will not be used as source address of any
of outgoing IPv6 packets.
arp Enable the use of the Address Resolution Protocol in mapping
between network level addresses and link level addresses (default).
This is currently implemented for mapping between DARPA Internet
addresses and IEEE 802 48-bit MAC addresses (Ethernet, FDDI, and
Token Ring addresses).
-arp Disable the use of the Address Resolution Protocol
broadcast (Inet only.) Specify the address to use to represent broadcasts to the
network. The default broadcast address is the address with a host part
of all 1's.
debug Enable driver dependent debugging code; usually, this turns on extra
console error logging.
-debug Disable driver dependent debugging code.
delete Another name for the -alias parameter.
down Mark an interface `down''. When an interface is marked `down'', thesystem will not attempt to transmit messages through that interface. If
possible, the interface will be reset to disable reception as well. This
action does not automatically disable routes using the interface.
ether Another name for the lladdr parameter.
lladdraddr Set the link-level address on an interface. This can be used to e.g. set a
new MAC address on an ethernet interface, though the mechanism
used is not ethernet-specific. The address addris specified as a series
of colon-separated hex digits. If the interface is already up when this
option is used, it will be briefly brought down and then brought
backup again in order to ensure that the receive filter in the underlying
23
http://www.computerhope.com/unix/ualias.htmhttp://www.computerhope.com/unix/ualias.htmhttp://www.computerhope.com/unix/ualias.htm -
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
24/28
ethernet hardware is properly reprogrammed.
media type If the driver supports the media selection system, set the media type of
the interface to type. Some interfaces support the mutually exclusive
use of one of several different physical media connectors. For
example, a 10Mb/s Ethernet interface might support the use of eitherAUI or twisted pair connectors. Setting the media type to
``10base5/AUI'' would change the currently active connector to the
AUI port. Setting it to ``10baseT/UTP'' would activate twisted pair.
Refer to the interfaces' driver specific documentation or man page for
a complete list of the available types.
-mediaopt opts If the driver supports the media selection system, set the specified
media options on the interface. The opts argument is a comma
delimited list of options to apply to the interface. Refer to the
interfaces' driver specific man page for a complete list of available
options.tunnelsrc_addr
dest_addr
(IP tunnel devices only.) Configure the physical source and
destination address for IP tunnel interfaces. The argumentssrc_addr
and dest_addrare interpreted as the outer source/destination for the
encapsulating IPv4/IPv6 header.
deletetunnel Unconfigure the physical source and destination address for IP tunnel
interfaces previously configured with tunnel.
create Create the specified network pseudo-device. If the interface is given
without a unit number, try to create a new device with an arbitrary
unit number. If creation of an arbitrary device is successful, the new
device name is printed to standard output.
destroy Destroy the specified network pseudo-device.
plumb Another name for the create parameter. Included for Solaris
compatibility.
unplumb Another name for the destroy parameter. Included for Solaris
compatibility.
metric n Set the routing metric of the interface to n, default 0. The routing
metric is used by the routing protocol. Higher metrics have the effect
of making a route less favorable; metrics are counted as addition hopsto the destination network or host.
mtu n Set the maximum transmission unit of the interface to n, default is
interface specific. The MTU is used to limit the size of packets that
are transmitted on an interface. Not all interfaces support setting the
MTU, and some interfaces have range restrictions.
netmaskmask (Inet only.) Specify how much of the address to reserve for
subdividing networks into subnetworks. The mask includes the
network part of the local address and the subnet part, which is taken
from the host field of the address. The mask can be specified as a
single hexadecimal number with a leading `0x', with a dot-notationInternet address, or with a pseudo-network name listed in the network
24
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
25/28
table. The mask contains 1's for the bit positions in the 32-bit address
which are to be used for the network and subnet parts, and 0's for the
host part. The mask should contain at least the standard network
portion, and the subnet field should be contiguous with the network
portion. The netmask can also be specified in CIDR notation after the
address. See the address option above for more information.
prefixlen len (Inet6 only.) Specify that len bits are reserved for subdividing
networks into sub-networks. The len must be integer, and for
syntactical reason it must be between 0 to 128. It is almost always 64
under the current IPv6 assignment rule. If the parameter is omitted, 64
is used.
remove Another name for the -alias parameter. Introduced for compatibility
with BSD/OS.
link[0-2] Enable special processing of the link level of the interface. These
three options are interface specific in actual effect, how- ever, they arein general used to select special modes of operation. An example of
this is to enable SLIP compression, or to select the connector type for
some Ethernet cards. Refer to the man page for the specific driver for
more information.
-link[0-2] Disable special processing at the link level with the specified
interface.
Up Mark an interface `up''. This may be used to enable an interface after
an ``ifconfigdown''. It happens automatically when setting the first
address on an interface. If the interface was reset when previously
marked down, the hardware will be re-initialized.
Examples
ifconfig eth0
View the network settings on the first Ethernet adapter installed in the computer.
ifconfig -a
Display info on all network interfaces on server, active or inactive.
ifconfig eth0 down
If eth0 exists would take it down causing it cannot send or receive any information.
ifconfig eth0 up
If eth0 exists and in the down state would return it back to the up state allowing to to send
and receive information.
ifconfig eth0 192.168.1.102 netmask 255.255.255.0 broadcast 192.168.1.255
25
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
26/28
Assign eth0 with the above values forIP, netmaskandbroadcast address
du Command
Purpose
Summarizes disk usage.
Syntax
du [ -a | -s ] [ -k ] [ -m ] [ -g ][ -l ] [ -r ] [ -x ] [ -H | -L ]
Description
The du command displays the number of blocks used for files. If the File parameterspecified is actually a directory, all files within the directory are reported on. If no Fileparameter is provided, the du command uses the files in the current directory.
If the File parameter is a directory, then the number of blocks reported is the sum ofblocks allocated for the files in the directory and the blocks allocated for the directoryitself.
If the object of the du command is a file or directory that exists inside a JFS2 snapshot,the du command gives information for the point-in-time object when the snapshot is
created. This information does not include how much space is recovered if the snapshotitself is deleted.
Specifying the -a flag reports the number of blocks in individual files. Whether the -aflag is used or not, individual files specified by the File parameter are always listed.
Specifying the -s flag reports the total blocks for all specified files or all files in adirectory.
The block count includes indirect blocks of each file. Block count is calculated in 512-byte
units independent of the cluster size used by the system. Specifying the -k flagcalculates the block count in 1024-byte units.
Notes:
1. Files with multiple links are counted and written for only one entry.
2. Block counts are based only on file size; therefore, unallocated blocks are not
accounted for in the reported block counts.
3. If du cannot obtain the file attributes or cannot read directories, it reports an
error and the exit status of the command is affected.
26
http://www.computerhope.com/jargon/i/ip.htmhttp://www.computerhope.com/jargon/n/netmask.htmhttp://www.computerhope.com/jargon/b/broadcas.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be3http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be6http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#w6c340bobhttp://www.computerhope.com/jargon/i/ip.htmhttp://www.computerhope.com/jargon/n/netmask.htmhttp://www.computerhope.com/jargon/b/broadcas.htmhttp://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be3http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#a10192be6http://publib.boulder.ibm.com/infocenter/aix/v6r1/topic/com.ibm.aix.cmds/doc/aixcmds2/du.htm#w6c340bob -
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
27/28
Flags
-a
For each file specified, displays the disk usage of the file. For each directory
specified, displays the disk usage of each individual file within the directory,including all subdirectories. Contrast this flag with the -s flag.
-gCalculates the block count in GB units rather than the default 512-byte units.The output values for the disk usage would be in floating point numbers asvalue of each unit in bytes is significantly high.
-HIf a symbolic link is specified on the command line, the du command shall
count the size of the file or file hierarchy referenced by the link.
-kCalculates the block count in 1024-byte units rather than the default 512-
byte units.
-lAllocates blocks evenly among the links for files with multiple links. Bydefault, a file with two or more links is counted only once.
-L
If a symbolic link is specified on the command line or encountered during the
traversal of a file hierarchy, the du command shall count the size of the fileor file hierarchy referenced by the link.
-mCalculates the block count in MB units rather than the default 512-byte units.The output values for the disk usage would be in floating point numbers asvalue of each unit in bytes is significantly high.
-r Reports names of inaccessible files and directories. This is the default.
-sFor each file specified, displays the disk usage of the file. For each directoryspecified, displays the total disk usage of all files within the directory,
including all subdirectories. Contrast this flag with the -a flag.
-x
When evaluating file sizes, evaluates only those files that reside on the samedevice as the file or directory specified by the File parameter. For example,you may specify a directory that contains files on several devices. In thiscase, the -x flag displays block sizes for all files that reside on the same
device as the directory.
If all or any two of the -k, -m and -g flags are specified, the last one specified takes
effect. The output of the disk usage with the flags -m and -g would be rounded off to
the nearest second decimal digit.
Exit Status
This command returns the following exit values:
0 Successful completion.
>0 An error occurred.
Examples
1. To summarize the disk usage of a directory tree and each of its subtrees, enter:
du /home/fran
This displays the number of disk blocks in the /home/fran directory and each of its
subdirectories.
2. To summarize the disk usage of a directory tree and each of its subtrees in 1024-byte blocks, enter:
27
-
7/28/2019 Network System DesCounters are a subset of an object. For any given object, you will have multiple counters. Fo
28/28
du -k /home/fran
This displays the number of 1024-byte disk blocks in the /home/fran directory
and each of its subdirectories.
3. To summarize the disk usage of a directory tree and each of its subtrees in MB
blocks, enter:
du -m /home/fran
This displays the number of MB disk blocks rounded off to nearest 2nd decimal digit
in the /home/fran directory and each of its subdirectories.
4. To summarize the disk usage of a directory tree and each of its subtrees in GB
blocks, enter:
du -g /home/fran
This displays the number of GB disk blocks rounded off to nearest 2nd decimal digit
in the /home/fran directory and each of its subdirectories.
5. To display the disk usage of each file, enter:
du -a /home/fran
This displays the number of disk blocks contained in each file and subdirectory of
the /home/fran directory. The number beside a directory is the disk usage of that
directory tree. The number beside a regular file is the disk usage of that file alone.
6. To display only the total disk usage of a directory tree, enter:
du -s /home/fran
The -s flag instructs the du command to display only the sum total disk usage of
the /home/fran directory and the files it contains. By default, the du command
displays an error message if it cannot read a file or directory.
7. To display the disk usage of the files and file hierarchies referenced by all the
symbolic links in addition to the normal files found during traversal of a the
/home/fran directory, type:
du -L /home/fran
8. To report the disk usage of the file or file hierarchy referenced by the symbolic
link mylink, type:
du -H mylink