System Monitoring With sar And ksar

Intro

sar is one of the old and famous commandline utilities, which is often overlooked. It provides a wealth of information when you have kind of performance bottlenecks. By itself it only provides lengthy columns of numerical data, kind of hard to interpret. sar exists on most Linux distributions, for example Ubuntu, Debian, CentOS, Gentoo, and is also available on Solaris, AIX, and other commercial Unices.

ksar, on the other hand, is a Java based front end for sar's numerical data. It produces friendly graphs which could be exported to .pdf and some other formats.

Preliminary Note + Disclaimer

For using this tutorial you should be familiar using a shell, at least some basic knowledge is advantageous.

The following tutorial is a kind of cooking receipe using sar and ksar. It should easily be adoptable to nearly any kind of Linux or Unix, where the prerequisites are available. I can not issue any guarantee that this recipe works also for you.

1. sar

As already mentioned above sar is commandline driven. It is in a package named like sysstat (Ubuntu, Debian, CentOS, Gentoo, to name some). You should install it using your favourite package manager (apt-get, yum, synaptic, yumex, emerge, ..). Favourably sar could and should be used in conjunction with cron, so you may have a look into /etc/cron.d/sysstat or a similar named file. It should look like (CentOS in this case):

# run system activity accounting tool every 10 minutes
*/10 * * * * root /usr/lib/sa/sa1 1 1
# generate a daily summary of process accounting at 23:53
53 23 * * * root /usr/lib/sa/sa2 -A

Not to forget, sar should be installed on the system you like to monitor.

sar is run with the help of cron every 10 minutes, produces a kind of binary snapshot what is going on on the system, and at 23:53 a daily summary is produced. The "human friendly" daily summary and the binary database are stored in /var/log/sa (CentOS) or in /var/log/sysstat (Debian, Ubuntu). sar produces a file per day, and holds old databases for a month (default). But we want more, and this is where ksar comes into the game.

2. ksar

ksar is not in the repositories of the common systems, you have to download it from SourceForge.

ksar could be installed on your PC/workstation, it's not necessary to install it on the system to be monitored (often a server). Main prerequisite is Java, so you should take care that a recent Java is installed on the system you wish to run ksar. In this case the SUN-Java-6-jre was used.

ksar comes in a .zip archive, you should unpack it using unzip to a destination you like to have it, maybe /opt or /usr/local/bin.

It is unpacked into a directory of it's own, for instance like

/usr/local/bin/kSar-5.0.6

Changing into this directory you should find a file named run.sh:

-rwxr-xr-x 1 root root     276 2008-11-25 19:19 run.sh*

I have changed it's permission to be executable. You can run ksar by issueing a

/usr/local/bin/kSar-5.0.6/run.sh &

Then the really userfriendly GUI should start. It looks like

kSar

So far not very interesting ..

ksar has a builtin functionality to contact remote systems with the help of SSH. As chances are high that you already use SSH to administrate your systems with the help of SSH, this is quite handy. This functionality is under "Data/Launch SSH command".

kSar

Another easy possibilty to do offline examinations of sar's performance data is, to simply copy the ASCII reports produced by sar on the monitored system onto your workstation using scp, and examine them offline. First you get an overview about the data stored in the dataset you have loaded:

kSar

This is CPU load over a day:

kSar

Or Memory Usage over a day:

kSar

It's also possible to stretch the X-axis, to zoom into a smaller timerange:

kSar

It's up to you to further explore the possibilities of sar/ksar. In my opinion they are a dignified source of info regarding system performance and identification of bottlenecks, that could easily be made accessible.