As of 2016-02-26, there will be no more posts for this blog. s/blog/pba/
Showing posts with label network. Show all posts

I came across Glances, a system monitoring program written in Python, as its name hints, it enables you to review system information, status, or resource usage in just a few glances. As you can see from the screen shot above, all information in one screen.

  • CPU: Glances probably the only few programs which display the details of what CPU spends time on rather than just a simple percentage of utilization. How much time it's idling or waiting for IO? For example, iowait is an useful information, when disk is busy, more or less it could slow down the system for different reasons and by reading iowait, you know some heavy IO activity is going on.
  • Load average: It's same as uptime gives, the load average of past 1, 5, and 15 minutes.
  • Memory and Swap: Like CPU, more detail is shown, such as buffered, cached, active, or inactive memory. Similar to free command output.
  • Network: Each interface's bandwidth usage, upload and download rates. You can press B to switch unit between bit/second and byte/second.
  • Disk I/O: Read/Write rates on partitions and devices. Not only physical storage devices but also optical devices.
  • Mount points: Similar information you get from df command, such as total size, used space, and available size.
  • Processes: Like htop or top, you can use keys to choose sorting fields.
Glances shows information as much as they can be fitted in terminal window size. You can turn off sections by keys, separately, if you don't need them.

It also support server mode, a client can use XML-RPC call to get the system information in JSON format. It's possible to write your own client if you don't like default text-based client or you can write a GUI or web interface to display the data. It supports Linux, Mac OS, and Windows, although no default client for Windows, it will only runs as server due to no curses module available on Windows platform.

Glances is only one-year-old, first released on December 4, 2011, there are many possibilities for improvements. For example, configuration file for colors or disabling sections by default. Also custom fields for processes, and the list can go on and on.

I was intrigued by its name when I first heard of it and the idea behind this program is useful and simple. You don't need to run several programs to get all information of a system. You can have everything on one screen, even status of multiple systems at same time with client/server mode and terminal multiplexer.

I just realized I hadn't had iptables for real for four days and four hours. It happened after I updated iptables to the newest stable version 1.4.16.3 on Gentoo, officially released on 10/18/2012):
$ sudo genlop -lu | grep iptables | tail -3
     Tue May  8 08:51:55 2012 >>> net-firewall/iptables-1.4.13
     Mon Nov 26 01:46:33 2012 <<< net-firewall/iptables-1.4.13
     Mon Nov 26 01:46:39 2012 >>> net-firewall/iptables-1.4.16.3
Yesterday, I noticed there was an error or warning during booting, but I just assumed that's some net device was about to be brought up, didn't read the exact message. Today, I read it:
$ sudo /etc/init.d/iptables start
 * Loading iptables state and starting firewall ...
WARNING: The state match is obsolete. Use conntrack instead.
iptables-restore v1.4.16.3: state: option "--state" must be specified

Error occurred at line: 26
Try `iptables-restore -h' or 'iptables-restore --help' for more information.                                    [ !! ]
 * ERROR: iptables failed to start
Four days, four boots, should've paid more attention.

The problem line was like:
[52:3148] -A INPUT -s ###.###.###.### -p tcp -m state -m tcp --dport ### -j ACCEPT
After I remove six lines with -m state, the rules /var/lib/iptables/rules-save were loaded successfully. Don't know why I had those and didn't use to match state actually.

If you used state match, then you need to change it to be
-m conntrack --ctstate [STATELIST]
with kernel configuration NETFILTER_XT_MATCH_CONNTRACK. See man 8 iptables-extensions.