Essential Linux Shell Commands for System Monitoring and Troubleshooting

System Monitoring Commands

1. Delete zero‑byte files find -type f -size 0 -exec rm -rf {} \; 2. List processes sorted by memory usage (largest first) ps -e -o "%C : %p : %z : %a" | sort -k5 -nr 3. List processes sorted by CPU utilization (largest first) ps -e -o "%C : %p : %z : %a" | sort -nr 4. Print URLs cached in /data/cache

grep -r -a jpg /data/cache/* | strings | grep "http:" | awk -F'http:' '{print "http:"$2;}'

5. Show HTTP concurrent request count and TCP connection states

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

6. Replace "no" with "yes" in the Root line of sshd_config sed -i '/Root/s/no/yes/' /etc/ssh/sshd_config 7. Kill MySQL processes

ps aux | grep mysql | grep -v grep | awk '{print $2}' | xargs kill -9

killall -TERM mysqld

kill -9 `cat /usr/local/apache2/logs/httpd.pid`

8. Show services enabled at runlevel 3 ls /etc/rc3.d/S* | cut -c 15- 9. Display multiple messages in a shell script using EOF

cat << EOF
+--------------------------------------------------------------+
|       === Welcome to Tunoff services ===                |
+--------------------------------------------------------------+
EOF

10. Use a for‑loop to create soft links for MySQL binaries

cd /usr/local/mysql/bin
for i in *
do
    ln /usr/local/mysql/bin/$i /usr/bin/$i
done

11. Get IP address of eth0

ifconfig eth0 | grep "inet addr:" | awk '{print $2}' | cut -c 6-

ifconfig | grep 'inet addr:' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'

12. Show total memory (in MB) free -m | grep "Mem" | awk '{print $2}' 13. List established TCP connections on port 80

netstat -an -t | grep ":80" | grep ESTABLISHED | awk '{printf "%s %s
",$5,$6}' | sort

14. Show Apache concurrent requests and TCP states

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

15. Sum sizes of all jpg files

find / -name *.jpg -exec wc -c {} \; | awk '{print $1}' | awk '{a+=$1} END {print a}'

16. Number of CPU cores cat /proc/cpuinfo | grep -c processor 17. Show CPU load averages cat /proc/loadavg 18. Detailed CPU statistics mpstat 1 1 19. Check free memory free 20. Disk space usage df -h 21. Find top‑10 largest files or directories in the current partition du -cks * | sort -rn | head -n 10 22. Disk I/O load iostat -x 1 2 23. Network load sar -n DEV 24. Network errors netstat -i 25. Count total number of network connections

netstat -an | grep -E "^(tcp)" | cut -c 68- | sort | uniq -c | sort -n

26. Total number of processes ps aux | wc -l 27. Number of runnable processes vmwtat 1 5 28. Top processes (sorted by CPU) top -id 1 29. Number of logged‑in users who | wc -l 30. Search system logs for errors or failures

# cat /var/log/rflogview/*errors

grep -i error /var/log/messages

grep -i fail /var/log/messages

31. Kernel log dmesg 32. System date and time date 33. Count open file descriptors lsof | wc -l 34. Generate daily log reports with logwatch # logwatch –print 35. Kill processes listening on port 80 lsof -i :80 | grep -v "ID" | awk '{print "kill -9",$2}' | sh 36. Remove zombie processes ps -eal | awk '{ if ($2 == "Z") {print $4}}' | kill -9 37. Capture packets on port 80 with tcpdump tcpdump -c 10000 -i eth0 -n dst port 80 > /root/pkts 38. Sort duplicate IP addresses from captured packets

# less pkts | awk '{printf $3"
"}' | cut -d. -f 1-4 | sort | uniq -c | awk '{printf $1" "$2"
"}' | sort -n -t\ +0

39. Count active php‑cgi processes netstat -anp | grep php-cgi | grep ^tcp | wc -l 40. List services set to start at boot (runlevel 3) chkconfig --list | awk '{if ($5=="3:on") print $1}' 41. Show network card model with kudzu

kudzu --probe --class=network

Common Regular Expressions

1. Match Chinese characters [\u4e00-\u9fa5] 2. Match double‑byte characters (including Chinese) [^\x00-\xff] 3. Match blank lines \n\s*\r 4. Match HTML tags <(\S*?)[^>]*>.*?</\1>|<.*? /> 5. Trim leading and trailing whitespace ^\s*|\s*$ 6. Match email addresses \w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)* 7. Match URLs [a-zA-Z]+://[^\s]* 8. Validate usernames (letters first, 5‑16 characters, letters/numbers/underscores) ^[a-zA-Z][a-zA-Z0-9_]{4,15}$ 9. Match Chinese telephone numbers \d{3}-\d{8}|\d{4}-\d{7} 10. Match Tencent QQ numbers [1-9][0-9]{4,} 11. Match Chinese postal codes [1-9]\d{5}(?!\d) 12. Match Chinese ID numbers (15 or 18 digits) \d{15}|\d{18} 13. Match IP addresses \d+\.\d+\.\d+\.\d+ 14. Match specific numbers (integers, floats, etc.)

^[1-9]\d*$   // positive integer
^-[1-9]\d*$   // negative integer
^-?[1-9]\d*$   // any integer
^[1-9]\d*|0$   // non‑negative integer
^-[1-9]\d*|0$   // non‑positive integer
^[1-9]\d*\.\d*|0\.\d*[1-9]\d*$   // positive float
^-([1-9]\d*\.\d*|0\.\d*[1-9]\d*)$   // negative float
^-?([1-9]\d*\.\d*|0\.\d*[1-9]\d*|0?\.0+|0)$   // any float

15. Match alphabetic strings

^[A-Za-z]+$   // letters only
^[A-Z]+$   // uppercase only
^[a-z]+$   // lowercase only
^[A-Za-z0-9]+$   // alphanumeric
^\w+$   // letters, digits, underscore