Top 4 Linux Monitoring Tools to Diagnose System Issues Quickly

1. iotop

iotop is a top‑like utility that reports disk I/O usage per process. It works by reading the kernel's accounting information from /proc and /sys. Install it from the distribution packages (e.g., sudo apt-get install iotop on Debian/Ubuntu or sudo yum install iotop on RHEL/CentOS). Typical usage examples:

Interactive mode showing only processes that are actually doing I/O: sudo iotop -o Batch mode for scripting, updating every 2 seconds for 5 iterations: sudo iotop -b -d 2 -n 5 Display accumulated I/O instead of current rate: sudo iotop -a Key columns include PID , USER , DISK READ , DISK WRITE , and IO% . This granularity lets administrators pinpoint the exact process that is saturating storage.

2. htop

htop is an enhanced, ncurses‑based replacement for top. It provides a full‑screen, color‑coded view of CPU, memory, swap, and process information, with per‑core CPU bars and graphical memory meters.

Installation: sudo apt-get install htop or sudo yum install htop.

Start with htop. Use F2 to open the setup menu, F3 to search, F4 to filter, F5 for tree view, F9 to kill a selected process (no need to type the PID), and F10 to quit.

Customizable columns: press F2 → “Columns” to add fields such as IO_RATE or PERCENT_CPU.

Because it updates in real time and supports mouse interaction, htop is well suited for quick performance triage on multi‑core systems.

3. IPTraf

IPTraf is a console‑based network statistics monitor that captures traffic on a selected interface and presents it in a menu‑driven UI. It is lighter than full packet analyzers like Wireshark but still provides per‑protocol breakdowns, packet‑size histograms, and connection tables.

Installation: sudo apt-get install iptraf (Debian/Ubuntu) or sudo yum install iptraf (RHEL/CentOS).

Run with root privileges, specifying the interface: sudo iptraf -i eth0.

Key menu items:

"General Statistics" – shows total packets, bytes, and error counts.

"IP Traffic Monitor" – live per‑host traffic.

"TCP/UDP Statistics" – protocol‑level breakdown.

"Filter" – define filters by port, address, or protocol (e.g., port 80 to watch HTTP).

Press Esc to return to the main menu, q to quit.

For deeper packet inspection, tcpdump or tshark can be used, but IPTraf 's menu interface makes it faster for ad‑hoc diagnostics.

4. Monit

Monit is a daemon that monitors system resources, services, files, and directories, and can automatically restart failed services or send alerts. Configuration is done in /etc/monitrc (or /etc/monit/conf.d/ on some distributions).

Typical installation:

Debian/Ubuntu: sudo apt-get install monit RHEL/CentOS: sudo yum install monit Example configuration that restarts an Apache process if it stops, but stops trying after three consecutive failures and sends an email alert:

set daemon 60                # check every 60 seconds
set logfile syslog
set mailserver smtp.example.com
set alert [email protected]

check process httpd with pidfile /var/run/httpd.pid
    start program = "/etc/init.d/httpd start"
    stop  program = "/etc/init.d/httpd stop"
    if failed port 80 protocol http then restart
    if 3 restarts within 5 cycles then timeout

To enable the built‑in web interface, add:

set httpd port 2812 and
    use address localhost
    allow admin:monit

Control the daemon with sudo service monit start|stop|restart or monit status for a quick overview.

Summary

The four tools cover the most common monitoring needs on a Linux host:

iotop – per‑process disk I/O accounting.

htop – interactive, per‑core CPU and memory visualization.

IPTraf – lightweight, menu‑driven network traffic analysis.

Monit – daemon‑level health checking, automatic remediation, and optional web UI.

Combined, they enable rapid diagnosis of I/O bottlenecks, CPU/memory pressure, network anomalies, and service failures without requiring heavyweight GUI tools.