Essential Linux Shell Commands for System Monitoring and Troubleshooting

This article provides a curated list of Linux shell commands useful for system administrators and DevOps engineers to perform routine monitoring, diagnostics, and maintenance tasks.

Common System Administration Commands

1. Delete zero‑byte files

<code>find -type f -size 0 -exec rm -rf {} \;</code>

2. View processes sorted by memory usage (largest first)

<code>PS -e -o "%C : %p : %z : %a" | sort -k5 -nr</code>

3. View processes sorted by CPU utilization (largest first)

<code>ps -e -o "%C : %p : %z : %a" | sort -nr</code>

4. Print URLs cached in the web cache

<code>grep -r -a jpg /data/cache/* | strings | grep "http:" | awk -F'http:' '{print "http:"$2;}'</code>

5. Show HTTP concurrent request count and TCP connection states

<code>netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'</code>

6. Replace "no" with "yes" for the Root line in sshd_config

<code>sed -i '/Root/s/no/yes/' /etc/ssh/sshd_config</code>

7. Kill MySQL processes

<code>ps aux | grep mysql | grep -v grep | awk '{print $2}' | xargs kill -9
killall -TERM mysqld
kill -9 `cat /usr/local/apache2/logs/httpd.pid`</code>

8. List services started at runlevel 3

<code>ls /etc/rc3.d/S* | cut -c 15-</code>

9. Display multiple messages using a heredoc (EOF)

<code>cat << EOF
+--------------------------------------------------------------+
|       === Welcome to Tunoff services ===                    |
+--------------------------------------------------------------+
EOF</code>

10. Use a for‑loop to create symbolic links for MySQL binaries

<code>cd /usr/local/mysql/bin
for i in *
do
  ln /usr/local/mysql/bin/$i /usr/bin/$i
done</code>

11. Retrieve the IP address of eth0

<code>ifconfig eth0 | grep "inet addr:" | awk '{print $2}' | cut -c 6-
# or
ifconfig | grep 'inet addr:' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'</code>

12. Get total memory (in MB)

<code>free -m | grep "Mem" | awk '{print $2}'</code>

13. Show established connections on port 80

<code>netstat -an -t | grep ":80" | grep ESTABLISHED | awk '{printf "%s %s\n",$5,$6}' | sort</code>

14. Count total JPEG file sizes

<code>find / -name *.jpg -exec wc -c {} \; | awk '{print $1}' | awk '{a+=$1} END {print a}'</code>

15. Kill processes listening on port 80

<code>lsof -i :80 | grep -v "ID" | awk '{print "kill -9",$2}' | sh</code>

16. Show CPU count (including hyper‑threaded cores)

<code>cat /proc/cpuinfo | grep -c processor</code>

17. Display current CPU load averages

<code>cat /proc/loadavg</code>

18. Detailed CPU statistics

<code>mpstat 1 1</code>

19. Show memory usage

<code>free</code>

20. Check swap usage

<code>free</code>

21. Monitor swap activity

<code>vmstat 1 5</code>

22. Disk space usage

<code>df -h</code>

23. Find top‑consuming files or directories

<code>du -cks * | sort -rn | head -n 10</code>

24. Disk I/O load

<code>iostat -x 1 2</code>

25. Network load

<code>sar -n DEV</code>

26. Network errors

<code>netstat -i</code>

27. Count active network connections

<code>netstat -an | grep -E "^(tcp)" | cut -c 68- | sort | uniq -c | sort -n</code>

28. Total number of processes

<code>ps aux | wc -l</code>

29. Number of runnable processes

<code>vmwtat 1 5</code>

30. Top process tree

<code>top -id 1</code>

31. List logged‑in users

<code>who | wc -l</code>

32. View system logs for errors

<code># cat /var/log/rflogview/*errors
grep -i error /var/log/messages
grep -i fail /var/log/messages</code>

33. Kernel messages

<code>dmesg</code>

34. System date and time

<code>date</code>

35. Count open file descriptors

<code>lsof | wc -l</code>

36. Run logwatch and configure email reports

<code># logwatch –print
# logwatch –print –range all
# logwatch –print –detail high</code>

Common Regular Expressions

1. Match Chinese characters:

<code>[\u4e00-\u9fa5]</code>

Useful for detecting Chinese text.

2. Match double‑byte characters (including Chinese):

<code>[^\x00-\xff]</code>

Can be used to calculate string length where double‑byte chars count as two.

3. Match blank lines:

<code>\n\s*\r</code>

Helps remove empty lines.

4. Match HTML tags:

<code>&lt;(\S*?)[^&gt;]*&gt;.*?&lt;/\1&gt;|&lt;.*? /&gt;</code>

Works for simple tags; complex nesting may fail.

5. Trim leading and trailing whitespace:

<code>^\s*|\s*$</code>

Removes spaces, tabs, and line‑break characters at the start or end of a line.

6. Match email addresses:

<code>\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*</code>

Commonly used for form validation.

7. Match URLs:

<code>[a-zA-Z]+://[^\s]*</code>

Basic pattern sufficient for most cases.

8. Match valid usernames (letter start, 5‑16 characters, letters/numbers/underscores):

<code>^[a-zA-Z][a-zA-Z0-9_]{4,15}$</code>

9. Match Chinese phone numbers:

<code>\d{3}-\d{8}|\d{4}-\d{7}</code>

10. Match Tencent QQ numbers (starting from 10000):

<code>[1-9][0-9]{4,}</code>

11. Match Chinese postal codes (six digits):

<code>[1-9]\d{5}(?!\d)</code>

12. Match Chinese ID numbers (15 or 18 digits):

<code>\d{15}|\d{18}</code>

13. Match IP addresses:

<code>\d+\.\d+\.\d+\.\d+</code>

14. Match various numeric formats (integers, floats, non‑negative, etc.) – examples omitted for brevity.

15. Match alphabetic strings:

<code>^[A-Za-z]+$   // only letters
^[A-Z]+$     // only uppercase letters
^[a-z]+$     // only lowercase letters
^[A-Za-z0-9]+$ // letters and numbers
^\w+$       // letters, numbers, underscore</code>

Fundamental patterns used in many validation scenarios.