Essential Linux Shell Commands for System Monitoring and Troubleshooting

This article provides a curated list of Linux shell commands useful for system administrators and DevOps engineers to perform routine monitoring, diagnostics, and maintenance tasks.

Common System Administration Commands

1. Delete zero‑byte files find -type f -size 0 -exec rm -rf {} \; 2. View processes sorted by memory usage (largest first) PS -e -o "%C : %p : %z : %a" | sort -k5 -nr 3. View processes sorted by CPU utilization (largest first) ps -e -o "%C : %p : %z : %a" | sort -nr 4. Print URLs cached in the web cache

grep -r -a jpg /data/cache/* | strings | grep "http:" | awk -F'http:' '{print "http:"$2;}'

5. Show HTTP concurrent request count and TCP connection states

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

6. Replace "no" with "yes" for the Root line in sshd_config sed -i '/Root/s/no/yes/' /etc/ssh/sshd_config 7. Kill MySQL processes

ps aux | grep mysql | grep -v grep | awk '{print $2}' | xargs kill -9
killall -TERM mysqld
kill -9 `cat /usr/local/apache2/logs/httpd.pid`

8. List services started at runlevel 3 ls /etc/rc3.d/S* | cut -c 15- 9. Display multiple messages using a heredoc (EOF)

cat << EOF
+--------------------------------------------------------------+
|       === Welcome to Tunoff services ===                    |
+--------------------------------------------------------------+
EOF

10. Use a for‑loop to create symbolic links for MySQL binaries

cd /usr/local/mysql/bin
for i in *
do
  ln /usr/local/mysql/bin/$i /usr/bin/$i
done

11. Retrieve the IP address of eth0

ifconfig eth0 | grep "inet addr:" | awk '{print $2}' | cut -c 6-
# or
ifconfig | grep 'inet addr:' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'

12. Get total memory (in MB) free -m | grep "Mem" | awk '{print $2}' 13. Show established connections on port 80

netstat -an -t | grep ":80" | grep ESTABLISHED | awk '{printf "%s %s
",$5,$6}' | sort

14. Count total JPEG file sizes

find / -name *.jpg -exec wc -c {} \; | awk '{print $1}' | awk '{a+=$1} END {print a}'

15. Kill processes listening on port 80

lsof -i :80 | grep -v "ID" | awk '{print "kill -9",$2}' | sh

16. Show CPU count (including hyper‑threaded cores) cat /proc/cpuinfo | grep -c processor 17. Display current CPU load averages cat /proc/loadavg 18. Detailed CPU statistics mpstat 1 1 19. Show memory usage free 20. Check swap usage free 21. Monitor swap activity vmstat 1 5 22. Disk space usage df -h 23. Find top‑consuming files or directories du -cks * | sort -rn | head -n 10 24. Disk I/O load iostat -x 1 2 25. Network load sar -n DEV 26. Network errors netstat -i 27. Count active network connections

netstat -an | grep -E "^(tcp)" | cut -c 68- | sort | uniq -c | sort -n

28. Total number of processes ps aux | wc -l 29. Number of runnable processes vmwtat 1 5 30. Top process tree top -id 1 31. List logged‑in users who | wc -l 32. View system logs for errors

# cat /var/log/rflogview/*errors
grep -i error /var/log/messages
grep -i fail /var/log/messages

33. Kernel messages dmesg 34. System date and time date 35. Count open file descriptors lsof | wc -l 36. Run logwatch and configure email reports

# logwatch –print
# logwatch –print –range all
# logwatch –print –detail high

Common Regular Expressions

1. Match Chinese characters:

[\u4e00-\u9fa5]

Useful for detecting Chinese text.

2. Match double‑byte characters (including Chinese):

[^\x00-\xff]

Can be used to calculate string length where double‑byte chars count as two.

3. Match blank lines:

\s*\r

Helps remove empty lines.

4. Match HTML tags:

<(\S*?)[^>]*>.*?</\1>|<.*? />

Works for simple tags; complex nesting may fail.

5. Trim leading and trailing whitespace:

^\s*|\s*$

Removes spaces, tabs, and line‑break characters at the start or end of a line.

6. Match email addresses:

\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*

Commonly used for form validation.

7. Match URLs:

[a-zA-Z]+://[^\s]*

Basic pattern sufficient for most cases.

8. Match valid usernames (letter start, 5‑16 characters, letters/numbers/underscores): ^[a-zA-Z][a-zA-Z0-9_]{4,15}$ 9. Match Chinese phone numbers: \d{3}-\d{8}|\d{4}-\d{7} 10. Match Tencent QQ numbers (starting from 10000): [1-9][0-9]{4,} 11. Match Chinese postal codes (six digits): [1-9]\d{5}(?!\d) 12. Match Chinese ID numbers (15 or 18 digits): \d{15}|\d{18} 13. Match IP addresses: \d+\.\d+\.\d+\.\d+ 14. Match various numeric formats (integers, floats, non‑negative, etc.) – examples omitted for brevity.

15. Match alphabetic strings:

^[A-Za-z]+$   // only letters
^[A-Z]+$     // only uppercase letters
^[a-z]+$     // only lowercase letters
^[A-Za-z0-9]+$ // letters and numbers
^\w+$       // letters, numbers, underscore

Fundamental patterns used in many validation scenarios.