A guide to recording UTM process usage using 'atop'

  • Article ID: 120835
  • Rating:
  • 3 customers rated this article 6.0 out of 6
  • Updated: 08 Apr 2015

This article is intended as an introduction to the Linux utility 'atop'.

Atop (Advanced Table of Processes) is a great tool for not only checking resource usage real-time, but also recording system resource usage over a longer time. If for example you are troubleshooting an issue that is not always present and do now know when it will happen next, you can record resource consumption to a log file to refer to later.

Applies to the following Sophos product(s) and version(s)

Sophos UTM
Sophos Anti-Virus for Unix
Sophos Anti-Virus for Linux
SAV Dynamic Interface
PureMessage for Unix

Running 'atop' and monitoring live usage

From the UTM console/SSH backend, simply using the command 'atop' will launch the program.  It takes a few seconds before live statistics will appear, but you will see a screen similar to this (click image to expand):


In this example, you can see at a glance several things worth taking notice of.

  1. The disk is busy - High disk I/O can be due to many things, but can also have knock-on effects.
  2. The postgres process is quite busy - possibly causing the high disk I/O as it writes or reads data.

Recording process usage over a longer period of time

You can run the command below to record snapshots of resource usage at whatever interval you choose.  In this example we use intervals of 5 minutes. (300 seconds)

atop 300 -w /home/login/atop-log &

This records a snapshot of atop output every 5 minutes and writes to a file called /home/login/atop-log

When you have seen the issue you are trying to troubleshoot appear again, you can just kill the process ID for the command as below:

ps auxwww | grep atop
root 25575 0.2 0.2 5560 5240 pts/0 S<L 15:04 0:00 atop 300 -w /home/login/atop-log
root 25691 0.0 0.0 3604 708 pts/0 S+ 15:05 0:00 grep atop

Example to kill the process:

kill -9 25575

For instructions on automating this process, please see this KB.

Reading and searching through atop log file

To read the recorded file run the command below.

atop -r /home/login/atop-log 

atop has a large number of filtering options available, but a brief summary of the most common ones can be found below:

  • t - Skips forwards in time to next snapshot
  • T - When viewing the contents of a raw file, this key can be used to show the previous sample from the file.
  • P - Enter search string - http / postgres etc....
  • b - [Enter time] - When viewing the contents of a raw file, this key can be used to jump to a certain timestamp within the file (either forwards or backwards).
  • r - skip back to start of file with current filter applied

Additional links and resources

http://www.atoptool.nl/ - atop homepage

http://www.atoptool.nl/download/man_atop-1.pdf - atop manual. There are 4 pages of command options, so this is worth a read.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent