Essential Linux Ops Tricks: xargs, nohup, ps, multitail, netstat & SSH Port Forwarding

Introduction

After years of working in operations, the author reflects on early habits of writing overly long and inefficient scripts, and now shares a concise collection of advanced Linux commands that can simplify daily admin tasks.

1. Practical xargs Usage

The find / -name *.conf -type f -print | xargs file command feeds the list of .conf files directly to file, avoiding the need for intermediate files. It can also be combined with tar to archive matched files:

find / -name *.conf -type f -print | xargs tar cjf test.tar.gz

2. Running Commands in the Background

Use nohup to keep long‑running tasks alive after the terminal closes. Example for exporting all MySQL databases:

nohup mysqldump -uroot -pYOUR_PASSWORD --all-databases > ./alldatabases.sql &

If you prefer not to expose the password on the command line, omit the trailing & and enter the password interactively:

nohup mysqldump -uroot -pYOUR_PASSWORD --all-databases > ./alldatabases.sql

After starting a foreground job, you can suspend it with Ctrl+Z and resume in the background using bg. The output of nohup is stored in nohup.out in the current directory.

3. Finding High‑Memory Processes

To list the top memory‑consuming processes:

ps -aux | sort -rnk 4 | head -20

4. Finding High‑CPU Processes

To list the top CPU‑consuming processes:

ps -aux | sort -rnk 3 | head -20

The third column is CPU usage percentage; the last column shows the corresponding process.

5. Viewing Multiple Logs Simultaneously

The multitail tool can display several log files in one terminal with highlighting and filtering. Install it with:

wget ftp://ftp.is.co.za/mirror/ftp.rpmforge.net/redhat/el6/en/x86_64/dag/RPMS/multitail-5.2.9-1.el6.rf.x86_64.rpm

yum -y localinstall multitail-5.2.9-1.el6.rf.x86_64.rpm

Example: watch /var/log/secure for the keyword “Accepted” while simultaneously pinging a host:

multitail -e "Accepted" /var/log/secure -l "ping baidu.com"

6. Continuous Ping Logging

Record ping results with timestamps to a log file, useful for post‑mortem analysis:

ping api.jpush.cn | awk '{ print $0 "    " strftime("%Y-%m-%d %H:%M:%S",systime()) }' >> /tmp/jiguang.log &

7. Checking TCP Connection States

Show the state of TCP connections (e.g., for port 80) to help diagnose hangs or attacks:

netstat -nat | awk '{print $6}' | sort | uniq -c | sort -rn

8. Finding Top 20 IPs Requesting Port 80

Identify potential attackers by listing the IPs with the most connections to port 80:

netstat -anlp | grep 80 | grep tcp | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | head -n20

9. SSH Port Forwarding

SSH can forward local ports to remote hosts, useful when a bastion host must proxy access to an internal service. Example: forward local port 9200 on the bastion (192.168.1.15) to Elasticsearch on 192.168.1.19:

ssh -p 22 -C -f -N -g -L 9200:192.168.1.19:9200 [email protected]

After establishing the tunnel, accessing 192.168.1.15:9200 reaches the Elasticsearch instance at 192.168.1.19:9200. The prerequisite is that SSH keys have been exchanged.