Discover 15 essential sar command examples to monitor CPU, memory, disk, and network performance in Linux for better server health.
Monitoring system performance is crucial for any Linux administrator, software developer, or IT professional who wants to ensure optimal server health and efficiency. Among the many performance monitoring tools available, the sar (System Activity Reporter) command stands out as one of the most powerful utilities in the sysstat package. It provides valuable insights into CPU usage, memory utilization, disk activity, network performance, and more, helping administrators identify bottlenecks and troubleshoot performance issues effectively.
In this guide, we’ll explore 15 essential sar Linux command examples that every system administrator should know. Whether you’re a beginner looking to understand system performance metrics or an experienced professional fine-tuning your monitoring skills, these sar command examples will equip you with the knowledge to analyze and optimize your Linux server’s health.
Before we dive into the examples, ensure you’ve installed the sysstat package and enabled data collection:
For Oracle Linux/RHEL:
sudo dnf install sysstat -y
sudo systemctl enable sysstat --now
For Ubuntu:
sudo apt install sysstat -y
sudo systemctl enable sysstat --now
Once sysstat is running, you’re ready to explore how sar can simplify your day-to-day tasks.
1. Monitor Real-Time CPU Usage
Command:
sar -u 1 5
Explanation:
Displays CPU usage in real time, refreshing every second for five iterations. You’ll see breakdowns for user time (%user), system time (%system), and idle time (%idle).
Use Case:
You’re investigating why an application feels sluggish. Running this command lets you quickly determine if the CPU is overloaded, such as high %user usage caused by compute-heavy tasks or excessive %system due to I/O wait.
2. Check Historical CPU Usage Trends
Command:
sar -u -f /var/log/sa/sa10
Explanation:
Retrieves CPU usage data from the log file for the 10th day of the month.
Use Case:
A production server experienced a slowdown three days ago at a specific time. By analyzing historical data, you can identify if CPU spikes contributed to the issue and correlate it with application activity.
3. Analyze Memory Usage in Real Time
Command:
sar -r 1 5
Explanation:
Displays real-time memory usage, including free memory and swap statistics, every second for five iterations.
Use Case:
An application crashes frequently, and you suspect it’s due to memory exhaustion. With this command, you can monitor available memory (kbmemfree) and swap utilization to confirm the issue.
4. Review Historical Memory Usage
Command:
sar -r -f /var/log/sa/sa11
Explanation:
Fetches historical memory usage from the logs for the 11th day of the month.
Use Case:
If a server experienced a performance dip overnight, this command helps you identify if low memory or excessive swapping was the root cause.
5. Monitor Disk I/O Performance
Command:
sar -b 1 5
Explanation:
Shows disk I/O stats, including the number of transfers per second and blocks read/write per second.
Use Case:
A database query is taking longer than usual. This command lets you see if high disk activity, such as excessive read/write operations, is causing the slowdown.
6. Identify Specific Disk Bottlenecks
Command:
sar -d 1 5
Explanation:
Provides detailed I/O statistics for individual block devices.
Use Case:
If a RAID array or SAN storage seems to underperform, this command pinpoints which specific device is experiencing high load or latency.
7. Monitor Network Traffic by Interface
Command:
sar -n DEV 1 5
Explanation:
Reports network activity on all interfaces, including transmitted (txpck/s) and received packets (rxpck/s).
Use Case:
When users report slow connections, this command helps identify which network interface is experiencing heavy traffic or whether there’s an unexpected data spike.
8. Identify Network Errors
Command:
sar -n EDEV 1 5
Explanation:
Displays network errors, such as dropped packets or collisions, for all interfaces.
Use Case:
During a network outage, you can use this command to identify if packet drops or hardware errors on a specific interface are causing connectivity issues.
9. Monitor System Load in Real Time
Command:
sar -q 1 5
Explanation:
Shows system load averages and the number of running processes over time.
Use Case:
A sudden spike in load average might indicate resource contention or runaway processes. This command helps pinpoint when and why the load increases.
10. Analyze Swap Usage
Command:
sar -S 1 5
Explanation:
Displays swap usage, including pages swapped in and out per second.
Use Case:
If a system uses swap excessively, it can lead to performance degradation. Use this command to verify if swapping is the cause of slow response times.
11. Monitor Process Creation
Command:
sar -w 1 5
Explanation:
Reports metrics on process creation and context switching.
Use Case:
If the server feels sluggish, high context switching could indicate resource contention between too many processes.
12. CPU Frequency Analysis
Command:
sar -m CPU 1 5
Explanation:
Displays CPU frequency metrics in real time.
Use Case:
Troubleshoot performance degradation by ensuring the CPU isn’t throttling due to power management settings or overheating.
13. Analyze Interrupts
Command:
sar -I ALL 1 5
Explanation:
Reports stats on hardware and software interrupts.
Use Case:
Excessive interrupts can indicate hardware problems, such as malfunctioning NICs or high interrupt rates from disk controllers.
14. Kernel Tables Utilization
Command:
sar -v 1 5
Explanation:
Displays stats on file-nodes and inodes.
Use Case:
Running out of inodes can prevent file creation. This command helps identify inode exhaustion before it becomes a critical issue.
15. Generate a Comprehensive Report
Command:
sar -u -r -b -n DEV -f /var/log/sa/sa09
Explanation:
Combines multiple metrics (CPU, memory, disk, network) from historical data into a single report.
Use Case:
For post-mortem analysis of system outages, this report provides an all-in-one view of key performance indicators.
Conclusion
The sar command is an indispensable tool for Linux administrators and IT professionals, offering deep insights into system performance. By mastering the 15 essential sar command examples covered in this article, you’ll be able to monitor CPU usage, memory consumption, disk activity, network performance, and more with ease. This powerful utility helps you proactively detect potential system issues, optimize resource allocation, and ensure that your Linux servers run efficiently.
Regularly using sar for performance analysis can significantly improve your ability to troubleshoot problems before they escalate. If you’re managing Linux servers, integrating sar into your system monitoring strategy is a must. Keep exploring and experimenting with sar commands to gain even deeper insights into your system’s behavior, and stay ahead of performance bottlenecks.
Want to learn more about Linux system monitoring tools? Stay tuned for more guides and best practices to keep your systems running smoothly!