useful sysadmin tools

Gnu Screen

http://www.gnu.org/software/screen/ :

Screen is best described as a terminal multiplexer. Using it, you can run any number of console-based applications–interactive command shells, curses-based applications, text editors, etc.–within a single terminal.

Screen decouples the physical terminal from the programs that use it. As a consequence, you can keep an instance of Screen running on each of your servers and attach to them remotelly (using telnet or ssh), instantly accessing exactly the same processes; the process won't notice that the physical terminal controling them changed (they might notice that the screen changed sizes, just like when you resize an X terminal).

Screen will also allow you to control multiple consoles from one; in this sense it serves the same purpose of Linux's Virtual Terminals (or of using multiple X terminals), but it has many additional features such as much better support for scrolling back, the ability of selecting text from one console and pasting it in another one and others.

There is a nice tutorial in kuro5hin.

Debian users:

$ apt-get install screen
$ screen -A

You might want to read the tutorial before using Screen.

There's a sample .screenrc file in the Wikipedia.

Xlax

http://hea-www.harvard.edu/~fine/Tech/xlax.html:

xlax accepts keyboard input from the user and sends it to multiple X11 windows (usually xterms or other terminal windows). It's an ideal tool for system adminstrators who have to do the same thing on multiple machines, or in multiple directories.

xlax is fantastic for doing the same thing on a collection of different machines. Anything you can do interactively in an xterm, you can do in xlax. You can perform the same edit in vi on many machines at once. You can assign a unique string to send to each window with a click. You can also toggle windows on and off if some commands only need to run in a subset of the windows.

Centericq

http://konst.org.ua/centericq/:

Centericq is a text mode menu- and window-driven IM interface that supports the ICQ2000, Yahoo!, AIM, IRC, MSN, Gadu-Gadu and Jabber protocols. Actually, it was written since I didn't find any usable software of this kind that would suit me perfectly.

Centericq allow us to work and chat without having to use the mouse. It is not perfect, but it helps a lot. For instance, it doesn't support file transfers, it crashes rather frequently and it doesn't support UTF-8 very well. It's better if you use it with Screen.

Debian users:

$ apt-get install centericq
$ centericq

Alternatively, you might want to try the centericq-utf8 package.

Gtypist

If you make a living using computers, you

must

Debian users:

$ apt-get install gtypist
$ gtypist

If you have a Spanish keyboard layout and also know how to read Spanish:

$ gtypist esp.typ

The spanish lessons are great. They were written by Igor Támara, Vladimir Támara and Melissa Giraldo.

ethereal

Ethereal is a sniffer with a very intuitive and powerful graphical user interface in GTK+. It is very friendly in letting you capture and analyze network traffic. A great tool for any sysadmin!

tcpdump

• Homepage: http://www.tcpdump.org

From the debian package:

This program allows you to dump the traffic on a network. tcpdump is able to examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS and many other packet types. It can be used to print out the headers of packets on a network interface, filter packets that match a certain expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor network activities.

For instance, if you want to debug pings:

# tcpdump icmp -i eth0 -n

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
16:10:05.130722 IP 192.168.0.2 > 192.168.0.1: icmp 64: echo request seq 21
16:10:05.131257 IP 192.168.0.1 > 192.168.0.2: icmp 64: echo reply seq 21
16:10:06.130568 IP 192.168.0.2 > 192.168.0.1: icmp 64: echo request seq 22
16:10:06.131095 IP 192.168.0.1 > 192.168.0.2: icmp 64: echo reply seq 22

Ping and tcpdump help a lot debug routing problems where a raw ping is not enough. A common problem is a a half-way ping, that happens when the destination host gets the icmp echo request, but it can't reply it because there's not a route to the source host.

Argus

http://argus.tcp4me.com:

• Argus is a system and network monitoring application.
• It will monitor nearly anything you ask it to monitor (TCP + UDP applications, IP connectivity, SNMP OIDS, Programs, Databases, etc).
• It presents a nice clean, easy to view web interface that will keep both the managers happy (Red Bad. Green Good.) and the techs happy ("Ah! that's what the problem is").
• It can send alerts numerous ways (such as via pager) and can automatically escalate if someone falls asleep.

Etherape

http://etherape.sourceforge.net:

EtherApe is a graphical network monitor for Unix modeled after etherman. Featuring link layer, ip and TCP modes, it displays network activity graphically. Hosts and links change in size with traffic. Color coded protocols display. It supports Ethernet, FDDI, Token Ring, ISDN, PPP and SLIP > devices. It can filter traffic to be shown, and can read traffic from a file as well as live from the network.

When you show it to many people, they get amazed, and knows that you are able to look what is really happening, someone is surfing on those pages that are not useful? Let them know it's possible. Is there a broken netword card that is sending a lot of packages? Is there a protocol that is consuming all the bandwidth? Those are typical situations where you can find this tool useful.

IpTraf

http://iptraf.seul.org

IPTraf is a console-based network statistics utility for Linux. It gathers a variety of figures such as TCP connection packet and byte counts, interface statistics and activity indicators, TCP/UDP traffic breakdowns, and LAN station packet and byte counts.

If you want to see, what's happenning thruough an interface on your machine, for example to see bandwidth usage on real time, gather some statistics, and in general look how health is your connection, you can trust on it.

Isoqlog

http://www.enderunix.org/isoqlog/

Isoqlog is an MTA log analysis program written in C. It designed to scan qmail, postfix, sendmail and exim logfile and produce usage statistics in HTML format for viewing through a browser. It produces Top domains output according to Sender, Receiver, Total mails and bytes; it keeps your main domain mail statistics with regard to Days Top Domain, Top Users values for per day, per month and years.

This tool will help you a lot.

Autossh

http://packages.debian.org/autossh

autossh is a program to start an instance of ssh and monitor it, restarting it as necessary should it die or stop passing traffic. The idea is from rstunnel (Reliable SSH Tunnel), but implemented in C. Connection monitoring is done using a loop of port forwardings. It backs off on the rate of connection attempts when experiencing rapid failures such as connection refused.

It's useful when you do password-less ssh port forwarding.

smartmontools

You should start monitoring your hard disks. Listen to what your hard disks want to tell you.

http://packages.debian.org/smartmontools :

The smartmontools package contains two utility programs (smartctl and smartd) to control and monitor storage systems using the Self-Monitoring, Analysis and Reporting Technology System (S.M.A.R.T.) built into most modern ATA and SCSI hard disks. It is derived from the smartsuite package, and includes support for ATA/ATAPI-5 disks. It should run on any modern Linux system.

http://www.linuxjournal.com/article/6983

Introductory article

http://daemons.net/~matty/articles/diskdrives.smart.html

Introductory article

sysstat

The sysstat package, available in most GNU/Linux distributions and other Unices, gathers reports of system activity (such as number of interrupts per second, available memory, number of disk requests per second) at certain intervals of time. It is very useful to monitor the overall performance of your system, specially when making benchmarks or trying to identify bottlenecks.