Essential Linux Shell Commands for System Monitoring & Troubleshooting

1 Delete 0‑byte files find -type f -size 0 -exec rm -rf {} \; 2 List processes sorted by memory usage (largest first) ps -e -o "%C : %p : %z : %a" | sort -k5 -nr 3 List processes sorted by CPU utilization (largest first) ps -e -o "%C : %p : %z : %a" | sort -nr 4 Print URLs cached in the /data/cache directory

grep -r -a jpg /data/cache/* | strings | grep "http:" | awk -F'http:' '{print "http:"$2;}'

5 Show concurrent HTTP requests and TCP connection states

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

6 Replace "no" with "yes" for the Root line in sshd_config sed -i '/Root/s/no/yes/' /etc/ssh/sshd_config 7 Kill MySQL processes

ps aux | grep mysql | grep -v grep | awk '{print $2}' | xargs kill -9

killall -TERM mysqld

kill -9 `cat /usr/local/apache2/logs/httpd.pid`

8 Show services enabled at runlevel 3 ls /etc/rc3.d/S* | cut -c 15- 9 Display multiple messages in a SHELL script using EOF

cat << EOF
+--------------------------------------------------------------+
|       === Welcome to Tunoff services ===                |
+--------------------------------------------------------------+
EOF

10 Create symbolic links for MySQL binaries

cd /usr/local/mysql/bin
for i in *
do ln /usr/local/mysql/bin/$i /usr/bin/$i
done

11 Retrieve IP address

ifconfig eth0 | grep "inet addr:" | awk '{print $2}' | cut -c 6-

ifconfig | grep 'inet addr:' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'

12 Show total memory size free -m | grep "Mem" | awk '{print $2}' 13 List established connections on port 80

netstat -an -t | grep ":80" | grep ESTABLISHED | awk '{printf "%s %s
",$5,$6}' | sort

14 Show Apache concurrent requests and TCP states

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

15 Sum sizes of all JPG files on the server

find / -name *.jpg -exec wc -c {} \; | awk '{a+=$1} END {print a}'

16 Show number of CPU cores cat /proc/cpuinfo | grep -c processor 17 Show CPU load average cat /proc/loadavg 18 Show per‑CPU load with mpstat mpstat 1 1 19 Show memory usage free 20 Show swap usage free 21 Monitor swap activity vmstat 1 5 22 Show disk space usage df -h 23 Find top disk consumers du -cks * | sort -rn | head -n 10 24 Check disk I/O load iostat -x 1 2 25 Show network load sar -n DEV 26 List network errors netstat -i 27 Count network connections

netstat -an | grep -E "^(tcp)" | cut -c 68- | sort | uniq -c | sort -n

28 Count total processes ps aux | wc -l 29 Show runnable processes vmwtat 1 5 30 List top processes by CPU top -id 1 31 Show logged‑in users who | wc -l 32 View system logs for errors

# cat /var/log/rflogview/*errors

grep -i error /var/log/messages

grep -i fail /var/log/messages

33 Display kernel messages dmesg 34 Show system date date 35 Count open files lsof | wc -l 36 List open file descriptors # logwatch –print 37 Kill processes listening on port 80

lsof -i :80 | grep -v "ID" | awk '{print "kill -9",$2}' | sh

38 Remove zombie processes

ps -eal | awk '{ if ($2 == "Z") {print $4}}' | kill -9

39 Capture packets on port 80 with tcpdump

tcpdump -c 10000 -i eth0 -n dst port 80 > /root/pkts

40 Count duplicate IPs in captured packets

less pkts | awk '{printf $3"
"}' | cut -d. -f 1-4 | sort | uniq -c | awk '{printf $1" "$2"
"}' | sort -n -t +0

41 Count active php‑cgi processes netstat -anp | grep php-cgi | grep ^tcp | wc -l 42 List services set to start at runlevel 3

chkconfig --list | awk '{if ($5=="3:on") print $1}'

43 Show network card model

kudzu --probe --class=network

Common Regular Expressions

1. Match Chinese characters: [\u4e00-\u9fa5] 2. Match double‑byte characters (including Chinese): [^\x00-\xff] 3. Match blank lines: \n\s*\r 4. Match HTML tags: <(\S*?)[^>]*>.*?</\1>|<.*? /> 5. Trim leading/trailing whitespace: ^\s*|\s*$ 6. Match email addresses: \w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)* 7. Match URLs: [a-zA-Z]+://[^\s]* 8. Validate usernames (letter start, 5‑16 chars, letters/numbers/underscore): ^[a-zA-Z][a-zA-Z0-9_]{4,15}$ 9. Match Chinese phone numbers: \d{3}-\d{8}|\d{4}-\d{7} 10. Match QQ numbers: [1-9][0-9]{4,} 11. Match Chinese postal codes: [1-9]\d{5}(?!\d) 12. Match ID numbers (15 or 18 digits): \d{15}|\d{18} 13. Match IP addresses: \d+\.\d+\.\d+\.\d+ 14. Match integers and floating‑point numbers (various forms) – see source for detailed patterns.