Atop
Get lowest memfree for given analysis date
atopsar \
-r /var/log/atop/atop_20240703 \
-m \
-R 1 \
| awk 'NR<7{print $0;next}{print $0| "sort -k 3,4"}' \
| head -11
Get top 3 mem procs for given analysis date
atopsar \
-G \
-r /var/log/atop/atop_20240710
Identify top 5 most frequently executed procs during logging period
atop \
-r /var/log/atop/atop_20241123 \
-P PRG \
| grep -oP "(?<=\()[[:alnum:]]{1,}(?=\))" \
| sort \
| uniq -c \
| sort -k1rn \
| head -5
Count num of times a proc has been detected during logging period
atop \
-r /var/log/atop/atop_20241123 \
-P PRG \
| egrep "docker" \
| awk '{print $5}' \
| uniq -c -w5
Generate a chart of the num of instances of proc during logging period
atop \
-r /var/log/atop/atop_20241123 \
-P PRG \
| egrep "docker" \
| awk '{print $5}' \
| uniq -c -w8 \
| \
gnuplot -e \
"set terminal dumb 80 20; \
unset key; \
set style data labels; \
set xdata time; \
set xlabel 'Time'; \
set ylabel 'docker'; \
set timefmt '%H:%M:%S'; \
plot '-' using 2:1:ytic(1) with histeps"
Generate PNG chart of num of instances of proc during logging period
atop \
-r /var/log/atop/atop_20241123 \
-P PRG \
| egrep "docker" \
| awk '{print $5}' \
| uniq -c -w8 \
| \
gnuplot -e \
"set title 'Process Count'; \
set offset 1,1,1,1; \
set autoscale xy; \
set mxtics; \
set mytics; \
set style line 12 lc rgb '#ddccdd' lt 1 lw 1.5; \
set style line 13 lc rgb '#ddccdd' lt 1 lw 0.5; \
set grid xtics mxtics ytics mytics \
back ls 12, ls 13; \
set terminal png size 1920,1080 enhanced font \
'/usr/share/fonts/liberation/LiberationSans-Regular.ttf,10'; \
set output 'plot_$(date '+%Y-%m-%d_%H:%M:%S')_${RANDOM}.png'; \
set style data labels; \
set xdata time;
set xlabel 'Time' font \
'/usr/share/fonts/liberation/LiberationSans-Regular.ttf,8'; \
set ylabel 'Count' font \
'/usr/share/fonts/liberation/LiberationSans-Regular.ttf,8'; \
set timefmt '%H:%M:%S'; \
plot '-' using 2:1 with histeps"
Identify top 10 most frequently executed binaries from /sbin or /usr/sbin during logging period
for i in $(atop \
-r /var/log/atop/atop_20241123 \
-P PRG \
| grep -oP "(?<=\()[[:alnum:]]{1,}(?=\))" \
| sort \
| uniq -c \
| sort -k1rn \
| head -10); do
which "${i}" 2>/dev/null | grep sbin;
done
Identify disks with over 90% activity during logging period
atopsar \
-r /var/log/atop/atop_20241123 \
-d \
| egrep '^[0-9].*|(9[0-9]|[0-9]{3,})%'
Identify procs responsible for most disk I/O during logging period
atopsar \
-r /var/log/atop/atop_20241123 \
-D \
| sed 's/\%//g' \
| awk -v k=50 '$4 > k || $8 > k || $12 > k' \
| sed -r 's/([0-9]{1,})/%/5;s/([0-9]{1,})/%/7;s/([0-9]{1,})/%/9'
Identify periods of heavy swap activity during logging period
atopsar \
-r /var/log/atop/atop_20241123 \
-s \
| awk -v k=1000 '$2 > k || $3 > k || $4 > k'
Identify procs consuming > half of all CPUs
(( k = $(grep -c proc /proc/cpuinfo) / 2 * 100 ))
atopsar \
-r /var/log/atop/atop_20241123 \
-P \
| sed 's/\%//g' \
| awk -v k=$k '$4 > k || $8 > k || $12 > k' \
| sed -r 's/([0-9]{1,})/%/5;s/([0-9]{1,})/%/7;s/([0-9]{1,})/%/9'
Identify time of peak mem utilization
atopsar \
-r /var/log/atop/atop_20241123 \
-m \
-R 1 \
| awk 'NR<7{print $0;next}{print $0| "sort -k 3,3"}' \
| head -15