Admin as a service with sysstat for ex-post monitoring

Facts, Figures, and Data

RAM

RAM is also regarded as an indispensable parameter and is queried with the sar -r command. Kilobytes is the unit of measure, which makes it difficult to read on modern systems. The fields have friendly names: kbmemfree shows free memory, and %memuser is percent memory. The individual values are all described in the man page.

Poor performance does not necessarily have to be the result of a lack of RAM or CPU power. Either sar or top checks the CPU load and memory consumption. If you think both are OK and are still surprised by a high load average, the problem is often a low I/O rate. If the kernel always has to wait for slow read-only memory, especially for database applications, even the fastest processors are useless.

The command sar -b outputs the current I/O indicators. The tps parameter measures transfers per second, whereas rtps and wtps differentiate between read and write processes. The number of bytes read per second is reported as bread/s , and bwrtn/s shows the bytes written per second.

If the I/O values are also without complaint (i.e., if the values for tps are not significantly worse than usual), the network could be the bottleneck. Poor values for rsize and wsize for mounted NFS shares can have a strong influence on performance, which in turn causes processes that are waiting for network transfers to freeze.

kSar

You can go quite a long way with text-based statistics, but graphs are even more informative. Although the project appears to be inactive, kSar [1] is still the tool of choice for graphically processing sar measurement data. The tool, written in Java, requires the matching runtime environment. On Debian and Ubuntu, you can easily install a suitable development environment by typing

sudo apt install default-jdk

Installing kSar on server systems makes little sense, because it requires a graphical interface and you will also potentially need it on every system. The recommendation is to install on your own workstation.

The main window appears spartan at first glance. The entry point is the Data menu. You can read from local files or use the output of local commands or remote commands over SSH. The SSH connection didn't help me because it only implements password authentication, and my systems rely entirely on public keys for authentication. I tend to write short shell scripts that establish the SSH connection with a key and run the respective command on the target host:

#!/bin/bash
ssh thomas@raspi02 'LC_ALL=C sar -A -f'

Enter the path to the script as the Local Command and press OK to confirm. kSar then prompts you for the Date Format ; I chose MM/DD/YY 23:59:59 because Automatic Detection has obvious weaknesses. After pressing OK , the navigation section on the left-hand side of the kSar window fills up (Figure 2). After clicking on the tree, you can also view the graphs for the matching sar query without having to copy files from servers.

Figure 2: kSar shows clear-cut graphs with all the data you need for the various CPUs.

Conclusions

Taken on their own, many of the measured values determined by sar are ultimately of little use. Instead, you can plot statistics over the course of time to compare values. Therefore, it makes perfect sense to evaluate the target state graphically. On this basis, anomalies can be easily detected later and correlated with logfiles.

The Author

Thomas Reuß is a passionate Linux admin who is hugely interested in security. He is currently working as a consultant in the SAP environment.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus