Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Atop

Get lowest memfree for given analysis date

atopsar \
    -r /var/log/atop/atop_20240703 \
    -m \
    -R 1 \
    | awk 'NR<7{print $0;next}{print $0| "sort -k 3,4"}' \
    | head -11

Get top 3 mem procs for given analysis date

atopsar \
    -G \
    -r /var/log/atop/atop_20240710

Identify top 5 most frequently executed procs during logging period

atop \
    -r /var/log/atop/atop_20241123 \
    -P PRG \
    | grep -oP "(?<=\()[[:alnum:]]{1,}(?=\))" \
    | sort \
    | uniq -c \
    | sort -k1rn \
    | head -5

Count num of times a proc has been detected during logging period

atop \
    -r /var/log/atop/atop_20241123 \
    -P PRG \
    | egrep "docker" \
    | awk '{print $5}' \
    | uniq -c -w5

Generate a chart of the num of instances of proc during logging period

atop \
    -r /var/log/atop/atop_20241123 \
    -P PRG \
    | egrep "docker" \
    | awk '{print $5}' \
    | uniq -c -w8 \
    | \
    gnuplot -e \
        "set terminal dumb 80 20; \
        unset key; \
        set style data labels; \
        set xdata time; \
        set xlabel 'Time'; \
        set ylabel 'docker'; \
        set timefmt '%H:%M:%S'; \
        plot '-' using 2:1:ytic(1) with histeps"

Generate PNG chart of num of instances of proc during logging period

atop \
    -r /var/log/atop/atop_20241123 \
    -P PRG \
    | egrep "docker" \
    | awk '{print $5}' \
    | uniq -c -w8 \
    | \
    gnuplot -e \
        "set title 'Process Count'; \
        set offset 1,1,1,1; \
        set autoscale xy; \
        set mxtics; \
        set mytics; \
        set style line 12 lc rgb '#ddccdd' lt 1 lw 1.5; \
        set style line 13 lc rgb '#ddccdd' lt 1 lw 0.5; \
        set grid xtics mxtics ytics mytics \
        back ls 12, ls 13; \
        set terminal png size 1920,1080 enhanced font \
        '/usr/share/fonts/liberation/LiberationSans-Regular.ttf,10'; \
        set output 'plot_$(date '+%Y-%m-%d_%H:%M:%S')_${RANDOM}.png'; \
        set style data labels; \
        set xdata time;
        set xlabel 'Time' font \
        '/usr/share/fonts/liberation/LiberationSans-Regular.ttf,8'; \
        set ylabel 'Count' font \
        '/usr/share/fonts/liberation/LiberationSans-Regular.ttf,8'; \
        set timefmt '%H:%M:%S'; \
        plot '-' using 2:1 with histeps"

Identify top 10 most frequently executed binaries from /sbin or /usr/sbin during logging period

for i in $(atop \
    -r /var/log/atop/atop_20241123 \
    -P PRG \
    | grep -oP "(?<=\()[[:alnum:]]{1,}(?=\))" \
    | sort \
    | uniq -c \
    | sort -k1rn \
    | head -10); do
    which "${i}" 2>/dev/null | grep sbin;
done

Identify disks with over 90% activity during logging period

atopsar \
    -r /var/log/atop/atop_20241123 \
    -d \
    | egrep '^[0-9].*|(9[0-9]|[0-9]{3,})%'

Identify procs responsible for most disk I/O during logging period

atopsar \
    -r /var/log/atop/atop_20241123 \
    -D \
    | sed 's/\%//g' \
    | awk -v k=50 '$4 > k || $8 > k || $12 > k' \
    | sed -r 's/([0-9]{1,})/%/5;s/([0-9]{1,})/%/7;s/([0-9]{1,})/%/9'

Identify periods of heavy swap activity during logging period

atopsar \
    -r /var/log/atop/atop_20241123 \
    -s \
    | awk -v k=1000 '$2 > k || $3 > k || $4 > k'

Identify procs consuming > half of all CPUs

(( k = $(grep -c proc /proc/cpuinfo) / 2 * 100 ))
atopsar \
    -r /var/log/atop/atop_20241123 \
    -P \
    | sed 's/\%//g' \
    | awk -v k=$k '$4 > k || $8 > k || $12 > k' \
    | sed -r 's/([0-9]{1,})/%/5;s/([0-9]{1,})/%/7;s/([0-9]{1,})/%/9'

Identify time of peak mem utilization

atopsar \
    -r /var/log/atop/atop_20241123 \
    -m \
    -R 1 \
    | awk 'NR<7{print $0;next}{print $0| "sort -k 3,3"}' \
    | head -15