This article is intended as an introduction to the Linux utility 'atop'.
Atop (Advanced Table of Processes) is a great tool for not only checking resource usage real-time, but also recording system resource usage over a longer time. If for example you are troubleshooting an issue that is not always present and do now know when it will happen next, you can record resource consumption to a log file to refer to later.
Applies to the following Sophos product(s) and version(s)
Sophos Anti-Virus for Unix
Sophos Anti-Virus for Linux
SAV Dynamic Interface
PureMessage for Unix
Running 'atop' and monitoring live usage
From the UTM console/SSH backend, simply using the command 'atop' will launch the program. It takes a few seconds before live statistics will appear, but you will see a screen similar to this (click image to expand):
In this example, you can see at a glance several things worth taking notice of.
- The disk is busy - High disk I/O can be due to many things, but can also have knock-on effects.
- The postgres process is quite busy - possibly causing the high disk I/O as it writes or reads data.
Recording process usage over a longer period of time
You can run the command below to record snapshots of resource usage at whatever interval you choose. In this example we use intervals of 5 minutes. (300 seconds)
atop 300 -w /home/login/atop-log &
This records a snapshot of atop output every 5 minutes and writes to a file called /home/login/atop-log
When you have seen the issue you are trying to troubleshoot appear again, you can just kill the process ID for the command as below:
ps auxwww | grep atop
root 25575 0.2 0.2 5560 5240 pts/0 S<L 15:04 0:00 atop 300 -w /home/login/atop-log
root 25691 0.0 0.0 3604 708 pts/0 S+ 15:05 0:00 grep atop
Example to kill the process:
kill -9 25575
For instructions on automating this process, please see this KB.
Reading and searching through atop log file
To read the recorded file run the command below.
atop -r /home/login/atop-log
atop has a large number of filtering options available, but a brief summary of the most common ones can be found below:
- t - Skips forwards in time to next snapshot
- T - When viewing the contents of a raw file, this key can be used to show the previous sample from the file.
- P - Enter search string - http / postgres etc....
- b - [Enter time] - When viewing the contents of a raw file, this key can be used to jump to a certain timestamp within the file (either forwards or backwards).
- r - skip back to start of file with current filter applied
Additional links and resources
http://www.atoptool.nl/ - atop homepage
http://www.atoptool.nl/download/man_atop-1.pdf - atop manual. There are 4 pages of command options, so this is worth a read.