Resource Monitoring with Basic Commands (top, htop, iotop, iftop)
Introduction
System resource monitoring is a critical skill for every Linux system administrator and DevOps engineer. Understanding how to effectively monitor CPU, memory, disk I/O, and network usage enables you to identify performance bottlenecks, troubleshoot issues, and optimize system performance before problems escalate into service outages.
In this comprehensive guide, we'll explore four essential command-line monitoring tools: top, htop, iotop, and iftop. These utilities provide real-time insights into system resource consumption and are available on virtually every Linux distribution. Unlike complex monitoring solutions that require extensive setup, these basic commands offer immediate visibility into system health and can be used in emergency situations when GUI tools are unavailable.
Whether you're diagnosing high CPU usage, identifying memory leaks, tracking disk I/O bottlenecks, or monitoring network bandwidth consumption, mastering these tools will significantly enhance your troubleshooting capabilities and system administration effectiveness.
Prerequisites
Before diving into resource monitoring with these commands, ensure you have:
- A Linux server or workstation (Ubuntu 20.04/22.04, Debian 10/11, CentOS 7/8, Rocky Linux 8/9, or similar)
- Root or sudo access to install packages
- Basic understanding of Linux command-line interface
- SSH access to your server (for remote monitoring)
- Terminal access with at least 80x24 character display
System Requirements:
- Minimal RAM: 512 MB (1 GB recommended)
- Any modern Linux kernel (2.6.x or higher)
- Basic understanding of process management and system resources
Installing Monitoring Tools
Most Linux distributions include top by default, but you'll need to install htop, iotop, and iftop separately.
On Ubuntu/Debian Systems
# Update package repository
sudo apt update
# Install htop
sudo apt install htop -y
# Install iotop
sudo apt install iotop -y
# Install iftop
sudo apt install iftop -y
# Verify installations
which top htop iotop iftop
On CentOS/Rocky Linux/AlmaLinux
# Enable EPEL repository (required for htop)
sudo yum install epel-release -y
# Install monitoring tools
sudo yum install htop iotop iftop -y
# Verify installations
which top htop iotop iftop
On Fedora
# Install all tools at once
sudo dnf install htop iotop iftop -y
Understanding top Command
The top command is the most fundamental process monitoring utility in Linux. It provides a dynamic, real-time view of running processes and system resource utilization.
Basic Usage
# Launch top with default settings
top
# Launch top and exit after 5 iterations
top -n 5
# Monitor specific user processes
top -u username
# Display processes in batch mode (non-interactive)
top -b -n 1 > top-output.txt
Understanding top Output
When you run top, you'll see several sections:
Header Section:
top - 14:23:45 up 15 days, 3:42, 2 users, load average: 0.52, 0.58, 0.61
Tasks: 267 total, 1 running, 266 sleeping, 0 stopped, 0 zombie
%Cpu(s): 5.2 us, 2.1 sy, 0.0 ni, 92.4 id, 0.2 wa, 0.0 hi, 0.1 si, 0.0 st
MiB Mem : 15948.2 total, 2156.4 free, 8734.5 used, 5057.3 buff/cache
MiB Swap: 2048.0 total, 2048.0 free, 0.0 used. 6247.8 avail Mem
Key Metrics Explained:
-
Load Average: Three numbers representing 1, 5, and 15-minute load averages
-
Tasks: Total processes, categorized by state (running, sleeping, stopped, zombie)
-
CPU Usage:
us: User space processessy: System/kernel space processesni: Nice (priority adjusted) processesid: Idle timewa: I/O wait time (crucial for diagnosing disk bottlenecks)hi: Hardware interruptssi: Software interruptsst: Steal time (virtualization overhead)
-
Memory: Physical RAM and swap usage
Interactive Commands in top
While top is running, you can use these keyboard shortcuts:
h or ? - Display help
k - Kill a process (you'll be prompted for PID)
r - Renice a process (change priority)
M - Sort by memory usage
P - Sort by CPU usage
T - Sort by running time
c - Toggle command line display
1 - Display individual CPU cores
f - Select fields to display
W - Save current configuration
q - Quit top
Practical top Examples
Monitor CPU-intensive processes:
# Show only top 10 processes, sorted by CPU
top -b -n 1 | head -n 17
Monitor specific process by name:
# Monitor all processes containing "apache"
top -c -p $(pgrep -d',' apache2)
Monitor with custom refresh rate:
# Update every 2 seconds instead of default 3
top -d 2
Save top output for later analysis:
# Capture 10 iterations with 5-second intervals
top -b -d 5 -n 10 > /var/log/top-monitoring-$(date +%Y%m%d-%H%M).log
Mastering htop
htop is an enhanced, interactive process viewer that offers a more user-friendly interface than top. It provides color-coded output, mouse support, and easier process management.
Basic Usage
# Launch htop
htop
# Start htop with specific user filter
htop -u www-data
# Display process tree view
htop -t
# Monitor specific process
htop -p PID1,PID2,PID3
htop Interface Overview
The htop interface consists of three main sections:
- Header: Visual CPU, memory, and swap meters
- Process List: Sortable list of running processes
- Footer: Function key shortcuts
Color Coding:
- Green: CPU used by normal priority processes
- Blue: CPU used by low priority processes
- Red: System/kernel time
- Yellow: IRQ time
- Magenta: Soft IRQ time
- Grey: I/O wait time
htop Keyboard Shortcuts
F1 or h - Help
F2 or S - Setup (customize display)
F3 or / - Search for process
F4 or \ - Filter processes
F5 or t - Tree view
F6 or > - Sort by column
F7 or ] - Increase process priority
F8 or [ - Decrease process priority
F9 or k - Kill process
F10 or q - Quit
Space - Tag process
U - Untag all processes
c - Tag process and children
Advanced htop Techniques
Configure Custom Meters:
# Press F2 to enter setup
# Navigate to "Meters" section
# Add CPU average, load average, memory, swap, etc.
Search and Filter:
# Press F3 to search
# Type process name: nginx
# Press F4 to filter (shows only matching processes)
Process Tree Analysis:
# Press F5 for tree view
# Identify parent-child process relationships
# Useful for understanding systemd services and their spawned processes
Batch Process Management:
# Tag multiple processes with Space
# Press F9 to send signal to all tagged processes
# Useful for stopping multiple related processes
htop Configuration File
htop saves its configuration to ~/.config/htop/htoprc:
# View current configuration
cat ~/.config/htop/htoprc
# Example configuration
fields=0 48 17 18 38 39 40 2 46 47 49 1
sort_key=46
sort_direction=1
hide_threads=0
hide_kernel_threads=1
hide_userland_threads=0
shadow_other_users=0
show_thread_names=0
show_program_path=0
highlight_base_name=1
Monitoring Disk I/O with iotop
iotop displays disk I/O usage by processes, helping you identify which applications are causing high disk activity.
Basic Usage
# Run iotop (requires root)
sudo iotop
# Show only processes actually doing I/O
sudo iotop -o
# Display accumulated I/O instead of bandwidth
sudo iotop -a
# Non-interactive mode (batch)
sudo iotop -b -n 3
Understanding iotop Output
Total DISK READ : 15.23 M/s | Total DISK WRITE : 42.67 M/s
Actual DISK READ: 15.23 M/s | Actual DISK WRITE: 38.45 M/s
TID PRIO USER DISK READ DISK WRITE SWAPIN IO> COMMAND
1234 be/4 mysql 0.00 B/s 12.45 M/s 0.00 % 15.23 % mysqld
5678 be/4 www-data 1.23 M/s 5.67 M/s 0.00 % 8.45 % nginx
Column Explanations:
- TID: Thread ID
- PRIO: I/O priority (be = best effort, rt = real-time)
- USER: Process owner
- DISK READ/WRITE: Current read/write speed
- SWAPIN: Percentage of time process is swapping in
- IO>: Percentage of time spent in I/O wait
- COMMAND: Process name
iotop Interactive Commands
left/right - Change sort column
r - Reverse sort order
o - Toggle showing only active processes
p - Toggle showing processes vs. threads
a - Toggle accumulated/current I/O
q - Quit
Practical iotop Examples
Monitor MySQL database I/O:
# Show only MySQL processes with I/O activity
sudo iotop -o -u mysql
Log I/O activity for analysis:
# Capture 60 iterations with 5-second intervals (5 minutes total)
sudo iotop -b -n 60 -d 5 > /var/log/iotop-$(date +%Y%m%d-%H%M).log
Monitor specific process:
# Monitor process by PID
sudo iotop -p 1234
Identify write-heavy processes:
# Sort by write operations
sudo iotop -o -P
Troubleshooting with iotop
Scenario 1: High I/O Wait
# Check top output first
top
# Look for high %wa (I/O wait) in CPU line
# Then use iotop to identify culprit
sudo iotop -o
Scenario 2: Slow Database Performance
# Monitor database I/O in real-time
sudo iotop -o -u mysql -d 1
# If seeing consistent high writes, check slow query log
Scenario 3: Unexpected Disk Activity
# Show accumulated I/O to identify total data written
sudo iotop -a -o
Network Monitoring with iftop
iftop displays real-time network bandwidth usage by connection, showing which hosts are consuming the most network resources.
Basic Usage
# Run iftop on default interface (requires root)
sudo iftop
# Monitor specific interface
sudo iftop -i eth0
# Show port numbers instead of service names
sudo iftop -P
# Don't resolve hostnames (faster startup)
sudo iftop -n
Understanding iftop Output
191Kb 382Kb 573Kb 764Kb
└───────────────────┴──────────────┴──────────────┴──────────────
server.example.com => client1.example.com 125Kb 98Kb 87Kb
<= 45Kb 38Kb 32Kb
server.example.com => client2.example.com 67Kb 54Kb 48Kb
<= 23Kb 19Kb 17Kb
Components:
- =>: Outgoing traffic
- <=: Incoming traffic
- Three columns: 2, 10, and 40-second average bandwidth
- Bottom stats: Cumulative totals, peak rates, and current totals
iftop Keyboard Shortcuts
h or ? - Help
n - Toggle DNS resolution
s - Toggle source display
d - Toggle destination display
t - Toggle text interface
T - Toggle cumulative totals
p - Toggle port display
P - Toggle pause
1/2/3 - Sort by 1st, 2nd, or 3rd column
</> - Sort by source/destination
j/k - Scroll display
q - Quit
Practical iftop Examples
Monitor specific network interface:
# Monitor eth0
sudo iftop -i eth0
# Monitor all interfaces (if supported)
sudo iftop -i any
Filter by network or host:
# Monitor only traffic to/from specific network
sudo iftop -f "net 192.168.1.0/24"
# Monitor only traffic to/from specific host
sudo iftop -f "host 192.168.1.100"
# Monitor only HTTP traffic
sudo iftop -f "port 80"
# Monitor only HTTPS traffic
sudo iftop -f "port 443"
Analyze bandwidth hogs:
# Show ports and don't resolve names for faster display
sudo iftop -i eth0 -nP
Save output for analysis:
# Capture text output
sudo iftop -t -s 60 > /var/log/iftop-$(date +%Y%m%d-%H%M).log
Advanced iftop Filtering
Combine multiple filters:
# Monitor HTTP/HTTPS traffic only
sudo iftop -f "port 80 or port 443"
# Exclude SSH traffic
sudo iftop -f "not port 22"
# Monitor specific subnet excluding local traffic
sudo iftop -f "net 10.0.0.0/8 and not host 10.0.1.1"
Monitor outgoing connections only:
# Press 's' to toggle source
# Press 'd' to toggle destination
sudo iftop -i eth0 -P
Monitoring Strategies and Best Practices
Establishing Baseline Metrics
Before you can identify anomalies, establish baseline performance metrics:
#!/bin/bash
# baseline-monitor.sh - Capture baseline metrics
LOG_DIR="/var/log/monitoring/baseline"
DATE=$(date +%Y%m%d-%H%M)
mkdir -p "$LOG_DIR"
# Capture top snapshot
top -b -n 1 > "$LOG_DIR/top-$DATE.log"
# Capture htop snapshot (requires script mode)
htop -C > "$LOG_DIR/htop-$DATE.log" 2>&1 &
sleep 2
killall htop
# Capture I/O statistics
sudo iotop -b -n 3 -d 5 > "$LOG_DIR/iotop-$DATE.log"
# Capture network usage
sudo timeout 30 iftop -t -s 30 -i eth0 > "$LOG_DIR/iftop-$DATE.log" 2>&1
echo "Baseline metrics captured in $LOG_DIR"
Combining Multiple Tools
Comprehensive system check script:
#!/bin/bash
# system-health-check.sh
echo "=== System Resource Overview ==="
echo "Date: $(date)"
echo ""
echo "--- Load Average and Uptime ---"
uptime
echo ""
echo "--- Top 5 CPU Consumers ---"
ps aux --sort=-%cpu | head -n 6
echo ""
echo "--- Top 5 Memory Consumers ---"
ps aux --sort=-%mem | head -n 6
echo ""
echo "--- Disk I/O Statistics ---"
iostat -x 1 3
echo ""
echo "--- Network Interface Statistics ---"
ip -s link
echo ""
echo "--- Current Network Connections ---"
ss -s
echo ""
echo "--- Disk Usage ---"
df -h
echo ""
echo "--- Memory Usage ---"
free -h
echo ""
Real-Time Monitoring Dashboard
Using watch with multiple commands:
# Monitor CPU and memory every 2 seconds
watch -n 2 'echo "=== CPU Usage ===" && mpstat 1 1 && echo "" && echo "=== Memory ===" && free -h'
# Monitor disk and network
watch -n 2 'echo "=== Disk I/O ===" && iostat -x 1 2 | tail -n 3 && echo "" && echo "=== Network ===" && iftop -t -s 2 2>&1'
Performance Threshold Monitoring
Alert on high resource usage:
#!/bin/bash
# resource-alert.sh
CPU_THRESHOLD=80
MEM_THRESHOLD=90
DISK_THRESHOLD=85
# Check CPU usage
CPU_USAGE=$(top -b -n 1 | grep "Cpu(s)" | awk '{print $2}' | cut -d'%' -f1 | cut -d'.' -f1)
if [ "$CPU_USAGE" -gt "$CPU_THRESHOLD" ]; then
echo "WARNING: CPU usage at ${CPU_USAGE}%"
echo "Top CPU processes:"
ps aux --sort=-%cpu | head -n 6
fi
# Check memory usage
MEM_USAGE=$(free | grep Mem | awk '{printf("%.0f"), ($3/$2) * 100}')
if [ "$MEM_USAGE" -gt "$MEM_THRESHOLD" ]; then
echo "WARNING: Memory usage at ${MEM_USAGE}%"
echo "Top memory processes:"
ps aux --sort=-%mem | head -n 6
fi
# Check disk usage
DISK_USAGE=$(df -h / | tail -n 1 | awk '{print $5}' | cut -d'%' -f1)
if [ "$DISK_USAGE" -gt "$DISK_THRESHOLD" ]; then
echo "WARNING: Disk usage at ${DISK_USAGE}%"
df -h
fi
Alerting and Notifications
Email Alerts for Resource Issues
Configure email notifications:
#!/bin/bash
# monitor-and-alert.sh
EMAIL="[email protected]"
HOSTNAME=$(hostname)
check_resources() {
# CPU check
CPU=$(top -b -n 1 | grep "Cpu(s)" | awk '{print $2}' | cut -d'%' -f1)
if (( $(echo "$CPU > 80" | bc -l) )); then
echo "High CPU usage detected: ${CPU}%" | mail -s "Alert: High CPU on $HOSTNAME" $EMAIL
fi
# Memory check
MEM=$(free | grep Mem | awk '{printf("%.0f"), ($3/$2) * 100}')
if [ "$MEM" -gt 85 ]; then
free -h | mail -s "Alert: High Memory on $HOSTNAME" $EMAIL
fi
# Disk I/O check
IO_WAIT=$(iostat -x 1 2 | tail -n 1 | awk '{print $4}' | cut -d'.' -f1)
if [ "$IO_WAIT" -gt 20 ]; then
sudo iotop -b -n 1 | mail -s "Alert: High I/O Wait on $HOSTNAME" $EMAIL
fi
}
check_resources
Integration with Monitoring Systems
Export metrics for external monitoring:
#!/bin/bash
# export-metrics.sh - Export to Prometheus format
cat > /var/lib/node_exporter/textfile_collector/custom_metrics.prom <<EOF
# HELP custom_cpu_usage CPU usage percentage
# TYPE custom_cpu_usage gauge
custom_cpu_usage $(top -b -n 1 | grep "Cpu(s)" | awk '{print 100-$8}')
# HELP custom_memory_usage Memory usage percentage
# TYPE custom_memory_usage gauge
custom_memory_usage $(free | grep Mem | awk '{printf("%.2f"), ($3/$2) * 100}')
# HELP custom_disk_usage Disk usage percentage
# TYPE custom_disk_usage gauge
custom_disk_usage $(df / | tail -n 1 | awk '{print $5}' | cut -d'%' -f1)
EOF
Visualization and Reporting
Creating Historical Reports
Daily resource report:
#!/bin/bash
# daily-report.sh
REPORT_DIR="/var/log/monitoring/reports"
REPORT_FILE="$REPORT_DIR/daily-report-$(date +%Y%m%d).txt"
mkdir -p "$REPORT_DIR"
{
echo "================================="
echo "Daily System Resource Report"
echo "Date: $(date)"
echo "Hostname: $(hostname)"
echo "================================="
echo ""
echo "--- System Uptime and Load ---"
uptime
echo ""
echo "--- CPU Usage Summary ---"
mpstat 1 1
echo ""
echo "--- Memory Usage ---"
free -h
echo ""
echo "--- Top 10 CPU Consumers ---"
ps aux --sort=-%cpu | head -n 11
echo ""
echo "--- Top 10 Memory Consumers ---"
ps aux --sort=-%mem | head -n 11
echo ""
echo "--- Disk Usage ---"
df -h
echo ""
echo "--- Network Statistics ---"
ip -s link
echo ""
echo "--- Active Network Connections ---"
ss -s
echo ""
} > "$REPORT_FILE"
echo "Report generated: $REPORT_FILE"
Graphical Visualization
Generate ASCII charts from metrics:
#!/bin/bash
# cpu-history.sh - Show CPU usage history
watch -n 1 '
echo "CPU Usage History (Last 60 seconds)"
for i in {1..60}; do
CPU=$(top -b -n 1 | grep "Cpu(s)" | awk "{print 100-\$8}" | cut -d. -f1)
BAR=$(printf "=%.0s" $(seq 1 $((CPU/2))))
printf "%3d%% [%-50s]\n" $CPU "$BAR"
sleep 1
done
'
Troubleshooting Common Issues
High CPU Usage
Diagnosis steps:
# 1. Identify high CPU processes
top -b -n 1 | head -n 20
# 2. Check CPU usage per core
mpstat -P ALL 1 3
# 3. Identify CPU-bound processes
ps aux --sort=-%cpu | head -n 10
# 4. Check for runaway processes
htop
# Press P to sort by CPU, F5 for tree view
# 5. Analyze specific process
top -p <PID>
strace -p <PID> -c
High Memory Usage
Diagnosis steps:
# 1. Check overall memory usage
free -h
# 2. Identify memory-hungry processes
ps aux --sort=-%mem | head -n 10
# 3. Check for memory leaks
# Monitor process over time
watch -n 5 'ps aux | grep <process_name>'
# 4. Analyze shared memory
ipcs -m
# 5. Check cache vs actual usage
cat /proc/meminfo
Disk I/O Bottlenecks
Diagnosis steps:
# 1. Check I/O wait time
top
# Look for high 'wa' in CPU line
# 2. Identify I/O-heavy processes
sudo iotop -o
# 3. Check disk statistics
iostat -x 1 5
# 4. Identify slow disks
sudo iotop -P -o
# 5. Check specific filesystem I/O
df -h
sudo lsof | grep <mount_point>
Network Bandwidth Issues
Diagnosis steps:
# 1. Monitor overall bandwidth
sudo iftop
# 2. Identify bandwidth-heavy connections
sudo iftop -P -n
# 3. Check network interface errors
ip -s link
# 4. Monitor specific ports
sudo iftop -f "port 80 or port 443"
# 5. Check active connections
ss -tunap | grep ESTABLISHED
Process Investigation
Deep dive into problematic processes:
# Get detailed process information
ps -fp <PID>
# Check process file descriptors
ls -l /proc/<PID>/fd
# Check process limits
cat /proc/<PID>/limits
# Monitor process in real-time
watch -n 1 'ps -fp <PID>'
# Check process threads
ps -eLf | grep <PID>
# Trace system calls
strace -p <PID> -c
Automation and Continuous Monitoring
Cron-based Monitoring
Setup periodic monitoring:
# Edit crontab
crontab -e
# Add monitoring jobs
# Every 5 minutes - check resources
*/5 * * * * /usr/local/bin/resource-alert.sh
# Every hour - generate report
0 * * * * /usr/local/bin/hourly-report.sh
# Daily at 2 AM - comprehensive report
0 2 * * * /usr/local/bin/daily-report.sh
# Every 15 minutes - log top output
*/15 * * * * top -b -n 1 >> /var/log/monitoring/top-$(date +\%Y\%m\%d).log
Systemd Service for Monitoring
Create monitoring service:
# Create service file
sudo nano /etc/systemd/system/resource-monitor.service
[Unit]
Description=Continuous Resource Monitoring
After=network.target
[Service]
Type=simple
ExecStart=/usr/local/bin/continuous-monitor.sh
Restart=always
RestartSec=10
User=root
[Install]
WantedBy=multi-user.target
Monitoring script:
#!/bin/bash
# /usr/local/bin/continuous-monitor.sh
LOG_DIR="/var/log/monitoring/continuous"
mkdir -p "$LOG_DIR"
while true; do
DATE=$(date +%Y%m%d-%H%M%S)
# Log CPU usage
echo "$DATE $(top -b -n 1 | grep "Cpu(s)" | awk '{print $2}')" >> "$LOG_DIR/cpu.log"
# Log memory usage
echo "$DATE $(free | grep Mem | awk '{printf("%.2f"), ($3/$2) * 100}')" >> "$LOG_DIR/memory.log"
# Log disk I/O
echo "$DATE $(iostat -x 1 1 | tail -n 1 | awk '{print $4}')" >> "$LOG_DIR/io.log"
sleep 60
done
Enable and start service:
sudo systemctl daemon-reload
sudo systemctl enable resource-monitor.service
sudo systemctl start resource-monitor.service
sudo systemctl status resource-monitor.service
Conclusion
Mastering basic Linux monitoring commands is essential for effective system administration and troubleshooting. The tools covered in this guide - top, htop, iotop, and iftop - provide comprehensive visibility into system resource utilization across CPU, memory, disk I/O, and network bandwidth.
Key takeaways:
- top provides fundamental process and system monitoring with universal availability
- htop offers an enhanced, user-friendly interface with better visualization and interaction
- iotop specializes in disk I/O monitoring, essential for diagnosing storage bottlenecks
- iftop delivers real-time network bandwidth monitoring for connection-level analysis
By combining these tools with monitoring scripts, alerting mechanisms, and visualization techniques, you can build a robust resource monitoring strategy that enables proactive issue detection and rapid troubleshooting. Whether you're managing a single server or a fleet of systems, these command-line utilities remain indispensable in your operational toolkit.
Remember to establish baseline metrics, implement automated monitoring, configure appropriate alerts, and regularly review historical data to maintain optimal system performance and quickly identify anomalies before they impact production services.
The skills developed through mastering these basic monitoring commands form the foundation for more advanced observability practices and monitoring solutions, making them valuable regardless of your infrastructure's complexity or scale.