Ten Tops I

N\g`Zbk_\kfgk\eKfgkffcj KFG:FEK

BY MARKUS FEILNER AND SASCHA SPREITZER

eak loads, I/ O issues, and inex- The top tools in this category – with [2] to query information on the clients plicable system behavior pose one exception – all have one thing in connected to the X server. The XRes- Gproblems for administrators day common: They display the resources QueryClients, XResQueryClientResources, after day. Why is the database using so used by a service or a server in a syntax and XresQueryClientPixmapBytes func- much swap memory? Why is my laptop that is reminiscent of the legendary tions provide the data from which battery discharging so quickly? The leg- Top utility. The rankings here are based Xrestop generates a Top-style view. acy command-line utility Top specializes on how useful the tool is for trouble- Xrestop was originally designed by the in problems like these. shooting. X.org community to help developers lo- Top was the first in a long line of self- cate memory or performance holes in refreshing resource monitoring tools. ('1Oi\jkfg the X server, but in the course of , it Now numerous imitators vie for the ad- Xrestop [1] shows X11 users which X has gained popularity as a daily adminis- ministrator’s attention. With the help of client programs are using the most re- tration tool. Admins today often use a Magazine jury, we tried out doz- sources, organizing the results neatly by Xrestop to locate undesirable resource ens of wannabe top performers, and now pixmap memory usage (Figure 1). The killers. Although you can locate a proudly present the top 10 Tops. tool relies on the X resource extension crashed or hanging X Window applica-

DECEMBER 2008 ISSUE 97 45

045-049_toptools.indd 45 16.10.2008 16:50:02 Uhr I

cent versions of . According to Ntop developer Luca Deri, the next version of Ntop will include the far compre- hensive Packet Shell (Pksh [4]). But until it is released, Ntop does not offer a com- mand-line client. Thus, despite its enormous feature set, the excellent web interface, and the scope of the information it collects, Ntop comes in at number nine. /18gXZ_\Kfg =`^li\(1Oi\jkfgj_fnjk_\g`odXgd\dfipljX^\]fik_\XZk`m\O((Xggc`ZXk`fej%K_\ ApacheTop [5] is a lean tool that offers jZi\\ej_fknXjkXb\en`k_BJeXgj_fk#n_`Z_\ogcX`ejn_pk_\BJeXgj_fkkffc`jfekfgf] information on current Apache web k_\`jk% server access, the pages Apache serves up, the number of hits per second, and tion easily, you will need to use another The tool shows the admin details of many other statistics. The helper appli- tool to the culprit. Because Xrestop network connections on an interface, cation finds the necessary information in only helps you troubleshoot issues with sorting them by time, host, protocol, or Apache’s access_log files (Figure 3). X applications and does not offer much various other options. Clear RRD-based Some options change the appearance in the line of options, the tool just diagrams give administrators an at-a- of the queries: -q keeps the query scrapes into 10th place on the list. glance view of unusual goings on. used by, for example, PHP scripts, -l Although you don’t need to customize forces lower case, and -s number defines 01Ekfg Ntop before you start, the information it the number of numeric sections in the Ntop [3] is a popular instant monitoring collects is volatile and disappears com- URL. Finally, -r resolves host names to tool that gives the admin an overview of pletely if you restart. A workaround for their matching IPs. the network interface card, its through- this is to use Ntop with a database back A web administrator can use the com- put, and all of its connections. The mass end, although this solution will entail far mand line to tell ApacheTop how long to of information that Ntop collects and more configuration. keep statistics before refreshing and de- presents in its neat web interface guar- Until recently, Ntop also included the leting them. To do this, you can define a antees a top 10 spot for the 10-year-old Intop command-line tool, which displays number of hits (-H Hits) or specify a Ntop project. Figure 2 shows just some a continually updated Top-style view of value in seconds (-T seconds), as well as of the statistics that Ntop collects. the current network connections. The set the delay between two refreshes (-d Intop tool, however, is missing from re- seconds). Table 1: Ptop Shortcuts Q Shows the query for a PID entry. E The query plan for the PID. The PostgreSQL EXPLAIN and - PLAIN_ANALYZE functions are used for this (Figure 4). L Shows locks. R Shows statistics (Figure 5). X Shows index data.

Table 2: Dnstop Shortcuts S Shows the query source. D The target; that is, the DNS server used. T Shows a list of DNS query types sent by the machine. O The opcodes. Under normal cir- cumstances you will only see query- lines here. 1, 2, 3 Allows the administrator to ex- tend the view in the server list to top-level, second-level, and third-level domain names, re- spectively.

Ctrl+R Resets the counter. =`^li\)18kn_Xkk`d\`jk_\MGEj\im\iYlj`\jk6EkfgXejn\ijk_`jhl\jk`feXe[dfi\n`k_ Ctrl+X Quits the program. `kje\Xkn\Y`ek\i]XZ\%

46 ISSUE 97 DECEMBER 2008

045-049_toptools.indd 46 16.10.2008 16:50:03 Uhr Top Ten Tops I

but with a complete third-level domain name (Figure 6). If you use Dnstop on a router, you can also detect undesirable DNS tunnels. A client on a local network that exchanges a large volume of data via a DNS server will be exposed quickly. ,1@]kfg Snapshots and a traffic overview for all active network connections are ’s [9] specialty. Just like Top, it sorts con- nections by activity and offers a jam- =`^li\*18n\Yj\im\ile[\i`em\jk`^Xk`feYp8gXZ_\Kfg18lj\i`jZlii\ekcpXZZ\jj`e^ packed action set while doing so (see Jhl`ii\cDX`c% Figure 7). Administrators can press H to view on- The tool loses a couple points because To launch Ptop, enter pg_top -d data- line help and configure the view. it is fairly ancient and has not been de- base -U database_user -W password. The Throughput is not only displayed as a veloped actively since 2005. Despite the command takes the user to an interac- figure, but also by a bar chart. Iftop ad- drawbacks, administrators have in- tive shell, where a number of shortcuts justs the scale at the top of the screen to stalled Fam and Portmap on their web are available (Table 1). reflect the amount of bandwidth used. servers will ApacheTop a practical Ptop is available for Linux, BSD, and Various options allow users to disable live analysis tool for Apache, with many Mac OS. For more screenshots and de- DNS name resolution, hide sources and applications in production use. tails, go to the website [7]. targets, and on various columns. At Unfortunately, the feature scope is re- the bottom edge of the display, you can stricted to command-line options, which -1;ejkfg see the average and accumulated values makes it hard for ApacheTop to keep Dnstop [8] uses the library to filter and sums for the Ethernet device sorted pace with some of its more feature-rich all the DNS queries on a computer’s net- by input and output. competitors. work interface and list them neatly. The The comprehensive filtering options dnstop network_device -t -s command are really exciting for network adminis- .1Gkfg gives you a list of DNS queries in a Top- trators and can be entered either in inter- Two database tools appear in the top 10. style, configurable view. Table 2 shows active mode (after entering iftop -f op- At seventh place is Ptop [6] (see Figure some Dnstop shortcuts. tions) or by pressing the F key. For exam- 4). Any administrator who has worked When you enter a question mark, ?, ple, -f icmp displays ICMP packages only. with PostgreSQL will be interested in Dnstop displays the integrated online The familiar Tcpdump style can be in- this tool because Ptop provides an over- help. At the same time, Dnstop offers verted by making a selection – for exam- view of all your database processes, at two combined views that give users sev- ple: not port ssh. the same time displaying information eral pieces of information at a glance. The -F option tells Iftop to automati- such as the SQL statements currently The @ entry lets you display the source cally filter out individual hosts, or com- being processed. But that’s not all: Ptop of the query along with the second-level plete networks, leaving only those that also gives you details of locks and statis- domain target-side, along with the vol- match the selected network mask: iftop tics for individual tables and indices ume and percentage of all DNS traffic. -F 192.168.0.0/24 is an example for a (Figure 5). The # option gives you the same results, local network. For more information on

=`^li\+1Gkfg^`m\jpfl[\kX`cjf]cfZbjXe[jkXk`jk`Zj]fi`e[`m`[lXc =`^li\,1GkfgËjIfgk`fe^`m\jpfljkXk`jk`Zj#`eZcl[`e^[\kX`cjc`b\ kXYc\jXe[`e[`Z\j%Gkfgn`cc^`m\pflk_\hl\ipgcXe]fiXepZlii\ekcp k_\eldY\if]j\hl\ek`Xci\X[jXe[ni`k\j]ifdXe[kfk_\Gfjk$ XZk`m\hl\ip#gifm`[`e^pfljk`glcXk\<]fi

DECEMBER 2008 ISSUE 97 47

045-049_toptools.indd 47 16.10.2008 16:50:04 Uhr I

to discover the MySQL statement behind a selected thread. H toggles the header line on and off in the display. Pressing Shift+I lets you output a complete status report on the Inno DB back ends, K terminates a thread, and P takes a break. O changes the sorting order and R (for Reset) sends a FLUSH STATUS statement to the server. Pressing S changes the refresh inter- val, and T toggles to the thread view. If all of these key presses are too much for you, you might want to refer to the lon- =`^li\-1

user=sspreitzer host=192.168.0.222 pass=mysecretpassword =`^li\/1K_\8kfggifZ\jjc`jk`j[\kX`c\[Ylk`ek\iXZk`m\%

48 ISSUE 97 DECEMBER 2008

045-049_toptools.indd 48 16.10.2008 16:50:05 Uhr Top Ten Tops I

and on BSD, Linux, many embedded systems, and Mac OS X. The tool, which has been an administrative evergreen since 1984, runs on mainframes, work- stations, desktops, and clusters. Version 3.7, or Beta 3.8 of unixtop, is available for download [15]. But who needs to download when your favorite distribution already includes the tool and even installs it as part of the mini- mal installation? Administrators will be familiar with the various switches, options, and pa- rameters. The fills several screens – again thanks to the number of operating systems Top supports. :feZclj`fe Any Linux or Unix book that covers sys- tem administration provides at least a =`^li\01Efkffc`jY\kk\ik_Xe?kfgXkZ_Xe^`e^k_\E`Z\c\m\c]fiXcc8gXZ_\gifZ\jj\j% few pages on the essential Top utility. 8[d`ejZXegi\jj=-kfjfik#k_\jgXZ\YXikfj\c\Zk#Xe[=-fi=.kf[`]pk_\gi`fi`k`\jf] The original Top is still number one k_\\eki`\j% today, but the winner shouldn’t get com- placent: Talented newcomers – some of even guesses the current power con- is available at the bottom of the screen: them specialists, others simply modern sumption for the more popular mobile F6 is for sorting – the administrator can clones of the original – are getting closer processors. use a kind of drop-down menu to select to center stage. Htop, for instance, is The battle for the last reserves of en- the column – and F7 reduces and F8 in- shaping up nicely. p ergy is fascinating. According to success creases a program’s priority. Be- stories on the project homepage, Power- cause the user can press the space bar to INFO Top can even double your battery life. multiple selections, priority [1] Xrestop: http://www. freedesktop. Because the tool is only available for changes are easier and faster with Htop org/ wiki/ Software/ xrestop Intel CPUs and the latest kernel (2.6.22 than with almost any other system tool. [2] X resource extension library: or newer), it only takes third place de- The information that Atop provides is http:// linux. die. net/ man/ 3/ xres spite its gaming feeling and undeniable more useful to an advanced administra- [3] Ntop: http:// www. ntop. org cult factor. tor wanting to investigate minute details [4] Pksh: http:// pksh. tecsiel. it of individual processes. [5] ApacheTop: )18kfgXe[?kfg In the standard view, Atop supplies http:// spork. qfe3. net/ apachetop/ The number two spot is taken by two advanced information on memory usage [6] Ptop: top clones, Atop [13] and Htop [14]. Be- (M), scheduling (S), and command-line http:// ptop. projects. postgresql. org cause both are close to their role model parameters (C) and various details on [7] Ptop screenshots: http:// ptop. with respect to feature scope and presen- processes (V). projects. postgresql. org/ screenshots tation, they share their good ranking. A specially patched kernel additionally [8] Dnstop: The advantages offered by Atop, and the lets you display disk (D) and network http://dns. measurement-factory. com/ tools/ dnstop Atopsar program that comes with the usage (N). Thanks to Atopsar, admins package, include a detailed view of the can even access the Sysstat data of the [9] Iftop: http:// www. ex-parrot. com/ ~pdw/ iftop monitored processes (Figure 8). past few days or weeks, assuming you [10] Iftop manual: http://www. fifi. org/ In contrast, Htop convinces with its launch the Sar daemon on your system. cgi-bin/ man2html/ usr/ share/ man/ sensible overview and its ability to let man8/ iftop. 8. gz administrators influence processes di- Jk`ccEldY\i(1Kfg [11] Mytop: http://jeremy. zawodny. com/ rectly. For example, the software will Despite all the advantages of the pro- mysql/ mytop sort a process list by name or PID with grams we just looked at, the Linux [12] PowerTop by Lesswatts.org: the use of just a couple of shortcuts, and Magazine jury’s favorite is the legacy http://www. lesswatts. org/ projects/ it can assign a different Nice priority and legendary Unix tool Top by William powertop level to all Apache processes (Figure 9). LeFebvre and others. [13] Atop: http://www. atcomputing. / Another nice thing is that the controls Top is installed everywhere, it is com- Tools/ atop are self-explanatory: Htop’s interface is a prehensively documented, and it gives [14] Htop: http:// htop. sourceforge. net mix of Midnight Commander and Top. A you the more or less identical controls [15] Top: http://sourceforge. net/ projects/ menu with the most important functions and behavior on any conceivable Unix unixtop

DECEMBER 2008 ISSUE 97 49

045-049_toptools.indd 49 16.10.2008 16:50:06 Uhr