5 ways to check swap on Linux

Learn 5 different ways to check swap space utilization on Linux server using free, swapon, /proc/swaps, top and vmstat/sar commands.

This is a short, handy post explaining how to check swap space on the Linux server with different commands. We already discussed about swap in few of old posts listed below :

In this post we will be seeing 5 ways to check swap space and utilization in the Linux server.

Using free command

Most of the users know this command. Using free you can check memory and swap utilization on the server in a few lines. By default, without any switch it shows numbers in kilobytes.

# free
             total       used       free     shared    buffers     cached
Mem:       1018308     191664     826644        144      13832      72652
-/+ buffers/cache:     105180     913128
Swap:         8188          0       8188

Using -h (human-readable) switch shows output values in the nearest possible (three-digit) representation.

# free -h
             total       used       free     shared    buffers     cached
Mem:          994M       191M       802M       144K        13M        74M
-/+ buffers/cache:       103M       890M
Swap:         8.0M         0B       8.0M

In the above output you can see the last row shows swap values, total, used, and free! Here swap value you see is a total of all swap devices on the system. You cant get device wise separated swap summery with this command. To view device wise summery you can use the next commands.

Using swapon command

Generally, swapon command is used to turn on swap on partition, logical volume or file. But using -s switch (summery) you can get current swap information.

# swapon -s
Filename                                Type            Size    Used    Priority
/myswapfile                             file            8188    0       -1

This command provides you output size in kilobytes. It also shows you device wise swap so that you can see device name (partition, logical volume or file), its type and how much swap it contributing to the system.

Using /proc/swaps file

Another way is to view the content of the process file /proc/swaps for the current swap config. This outputs the same content as we saw in previous command swapon -s. In fact swapon reads this file to print a summary.

# cat /proc/swaps
Filename                                Type            Size    Used    Priority
/myswapfile                             file            8188    0       -1

Output explanation is already covered above in swapon -s.

Using top command

Another popular well-known monitoring tool top can be used to view swap information. In the top output you can see the header section includes swap details.

# top
top - 02:41:33 up 13 min,  1 user,  load average: 0.00, 0.00, 0.00
Tasks:  88 total,   1 running,  87 sleeping,   0 stopped,   0 zombie
Cpu(s):  0.6%us,  0.9%sy,  0.0%ni, 97.8%id,  0.2%wa,  0.0%hi,  0.0%si,  0.5%st
Mem:   1018308k total,   197260k used,   821048k free,    14548k buffers
Swap:     8188k total,        0k used,     8188k free,    76504k cached

Values in a row for the swap are in kilobytes. This information is also available in other advanced iterations or top alike tools like atop, htop or glance.

Using vmstat or sar command

In vmstat you can see the utilization of swap like swap in and swap out but not the devices or total values of swap like we saw in previous commands.

# vmstat
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu-----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in   cs us sy id wa st
 0  0      0 821064  14564  76500    0    0    91    17   25   31  0  1 98  0  0

It’s more of swap monitoring. You can generate reports for certain iteration with particular time intervals like sar reporting.

# sar -S 2 3
Linux 2.6.39-200.24.1.el6uek.x86_64 (testsrv2)         12/21/2016      _x86_64_        (4 CPU)

01:01:45 AM kbswpfree kbswpused  %swpused  kbswpcad   %swpcad
01:01:47 AM   8388604         0      0.00         0      0.00
01:01:49 AM   8388604         0      0.00         0      0.00
01:01:51 AM   8388604         0      0.00         0      0.00
Average:      8388604         0      0.00         0      0.00

These are 5 ways to get swap information out of your system. If you know any other methods do let us know in comments!

Ultimate guide: swap addition in Linux (LVM, parted)

Leave a reply

Learn how to add swap using LVM, swap file, and parted disk management. Also, learn how to extend existing swap partition on Linux server

We have already seen what is swap in article difference between tmpfs and swap. In this how-to article we will be checking out how to add swap using LVM disk, how to extend swap, how to add swap using file, and how to add swap using the parted disk.

How to add swap in Linux using LVM

If you have LVM disk partitioning in your server then you can go ahead with this method. You need a dedicated logical partition that can be used as a swap. So steps involved are :

Create a new logical volume of the desired size using lvcreate
Define created lvol as a swap using mkswap
Start swap on it using swapon
Check swap using free or /proc/swaps

I gave you the below outputs for reference. In lvcreate command -L should be followed by size in MB.

# lvcreate -L 500 -n myswaplv vg01
  Logical volume "myswaplv" created.

# mkswap /dev/vg01/myswaplv
mkswap: /dev/vg01/myswaplv: warning: don't erase bootbits sectors
        on whole disk. Use -f to force.
Setting up swapspace version 1, size = 511996 KiB
no label, UUID=5339bdde-c734-48d3-94fd-0ab50ef38b4e

# swapon -va

# free
             total       used       free     shared    buffers     cached
Mem:       1018308     186344     831964        152      14616      65784
-/+ buffers/cache:     105944     912364
Swap:       511996          0     511996

# cat /proc/swaps
Filename                                Type            Size    Used    Priority
/dev/dm-0                               partition       511996  0       -1

Warning in mkswap you (may) see is a precautionary warning to make sure you are not using full disk if you meant to use the only partition of it and destroy boot sectors!

Also read : Swap addition in HPUX

You can see free and /proc/swaps shows 500MB of swap which we created. Sometimes if you don’t get your swap activated just by using swapon then try a reboot and it should work. But before reboot makes an entry described hereafter. To make this permanent i.e. at reboot setting lvol to swap again, add below entry in /etc/fstab file.

/dev/vg01/myswaplv swap swap defaults 0 0

How to extend swap

In case you want to extend the existing swap rather than creating a new volume for it then you can still do it on the fly (without reboot). Make sure your swap is not being used and turn it off on volume which you want to extend. Process is as follows –

Turn off swap on volume using swapoff
Extend lvol using lvresize
Define it again as a swap using mkswap
Turn on swap on volume using swapon

Refer below outputs on how commands work and their arguments. Here I extended 500MB swap to 600MB.

# swapoff -v /dev/vg01/myswaplv
swapoff on /dev/vg01/myswaplv

#  cat /proc/swaps
Filename                                Type            Size    Used    Priority

# lvresize /dev/vg01/myswaplv -L 600M
  Size of logical volume vg01/myswaplv changed from 500.00 MiB (125 extents) to 600.00 MiB (150 extents).
  Logical volume myswaplv successfully resized.

# mkswap -L newswap /dev/vg01/myswaplv
mkswap: /dev/vg01/myswaplv: warning: don't erase bootbits sectors
        on whole disk. Use -f to force.
Setting up swapspace version 1, size = 614396 KiB
LABEL=newswap, UUID=dd91713f-5950-4922-b9a5-e4ea0ec4327e

# swapon -va
swapon on /dev/mapper/vg01-myswaplv
swapon: /dev/mapper/vg01-myswaplv: found swap signature: version 1, page-size 4, same byte order
swapon: /dev/mapper/vg01-myswaplv: pagesize=4096, swapsize=629145600, devsize=629145600

# cat /proc/swaps
Filename                                Type            Size    Used    Priority
/dev/dm-0                               partition       614396  0       -1

You can see after swapoff command, swap volume vanished from /proc/swaps. The newly extended swap of 600MB is back visible after swapon.

How to add swap using file

You can opt to have swap on file rather than volume. This method is a bit easy, quick, and avoids all disk management commands. But along with easiness it involves risk since it’s on a simple file rather than a dedicated disk volume.

First you need to create a blank file with the size of your choice. If you want 8MB swap then 8*1024=8192 block numbers should be used in dd command (since block size used is bs=1024). Do your math accordingly and follow the process below :

Create a blank file with dd
Define file with swap using mkswap
Turn on swap on file using swapon
Check swap

Refer below outputs wherein I created 8MB swap on file.

# dd if=/dev/zero of=/myswapfile bs=1024 count=8192
8192+0 records in
8192+0 records out
8388608 bytes (8.4 MB) copied, 0.0144397 s, 581 MB/s

# mkswap /myswapfile
mkswap: /myswapfile: warning: don't erase bootbits sectors
        on whole disk. Use -f to force.
Setting up swapspace version 1, size = 8188 KiB
no label, UUID=40a0f347-ce86-4018-9f4d-7ab76bde02ba

# swapon /myswapfile

# cat /proc/swaps
Filename                                Type            Size    Used    Priority
/myswapfile                             file            8188    0       -1

Outputs are pretty self-explanatory. Only calculating dd block count is tricky which I already explained above.

How to add swap using parted disk

Many systems use parted disk management utility in place of LVM. If you are the one then follow the below process for adding swap.

Create a new swap partition (primary, extended or logical) using parted
Setup swap on it using mkswap
Turn on swap on it using swapon
Check swap

Parted should be invoked with the disk name which has free space. I am using a fresh disk here.

# parted /dev/xvdf
GNU Parted 3.1
Using /dev/xvdf
Welcome to GNU Parted! Type 'help' to view a list of commands.

Now, you can view current partition table using print command.

(parted) print
Error: /dev/xvdf: unrecognised disk label
Model: Xen Virtual Block Device (xvd)
Disk /dev/xvdf: 1074MB
Sector size (logical/physical): 512B/512B
Partition Table: unknown
Disk Flags:

(parted) mklabel msdos

Since I am using a new disk, I get an unrecognized disk label error. I define label using mklabel msdos. Now create new swap partition using the parted console.

(parted) mkpart primary linux-swap 1 1024
(parted) print
Model: Xen Virtual Block Device (xvd)
Disk /dev/xvdf: 1074MB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  1024MB  1023MB  primary

(parted) quit

Command mkpart is used to create a partition. Followed by partition type (primary, extended or logical), FS type (swap in this case), the start of the partition (1), and end of partition (1024). After the successful execution of the command, verify the partition table using print again.

Once you are ready with partition, you can even confirm it using fdisk -l command.

# fdisk -l /dev/xvdf

Disk /dev/xvdf: 1073 MB, 1073741824 bytes, 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000e7301

    Device Boot      Start         End      Blocks   Id  System
/dev/xvdf1            2048     2000895      999424   82  Linux swap / Solaris

You can see the new partition /dev/xvdf1 is created and it’s marked as Linux swap file system type too!

Now you have to enable and on swap on it.

# mkswap /dev/xvdf1
Setting up swapspace version 1, size = 999420 KiB
no label, UUID=1c19e97e-b757-48a0-99a9-68e6162d69c3

# swapon /dev/xvdf1

# cat /proc/swaps
Filename                                Type            Size    Used    Priority
/dev/xvdf1                              partition       999420  0       -1

That’s it! You have turned on the swap in a parted disk partition! To make it persistent over reboots you can add below entry in /etc/fstab.

/dev/xvdf1               swap                    swap    defaults        0 0

This concludes the swap in the Linux article. Comment your suggestions, feedback below.

Difference between tmpfs and swap

Leave a reply

Learn what is tmpfs, what is the use of tmpfs, what is swap, what is the use of swap and differences between tmpfs, and swap.

On the social share of our last post about RAM disk in Linux we got a comment “what is the difference between RAM disk and SWAP?” So I decided to explain it a bit in an article on our blog. In this post I will try to explain how swap and RAM disk i.e. tmpfs/ramfs is different and how they work.

What is tmpfs?

Tmpfs also mounted as shared memory /dev/shm. tmpfs is a portion of a virtual memory mounted as a file system that helps to speed up applications. It normally is used to transfer data between programs. It appears as a file system but it does not use persistent devices such as a hard disk. Instead it uses virtual memory (a portion of a RAM).

That’s why if you create any file in tmpfs it’s not created on your system disks but in your memory. Whenever you un-mount tmpfs, everything within is lost. Its volatile storage. Even if you add an entry of tmpfs to re-mount at boot, it will be mounted blank. Data does not persist over reboots or shutdowns in tmpfs.

What is SWAP?

swap is a portion of your hard disks used to extend RAM. Its roughly extended RAM by use of persistent storage device. swap only comes in action once your RAM (physical memory) is full. The normal thumb rule is the size of the swap should be double of your physical ram size. But these changes depend on the conditions and system you have. Read how to create extra swap here & check swap on the server.

Even if it uses persistent devices, it still is a volatile memory. It does not hold data over reboot or shutdowns. Since it plays the role of RAM, its characteristics are still of ram even if it uses hard disks.

Difference between tmpfs and swap

tmpfs uses memory while as swap uses persistent storage devices.
tmpfs can be viewed as a file system in df output whereas swap doesn’t
swap has general size recommendations, tmpsfs not. tmpfs size varies on system purpose.
tmpfs makes applications fasters on loaded systems. swap helps the system breathe in-memory full situations.
swap full indicates system heavily loaded, degraded performance, and may crash. tmpfs being full not necessarily means heavy load or prone to crash.
tmpfs is enhancement whereas swap is a must-have feature!

Why HPUX loosing market grip

1 Reply

Few observations on why HPUX is losing its grip in the market. How virtualization, cloud, costing effects HPUX existence in the market.

Really? HPUX really losing market? Kind of yes. But still it is one of the preferred OS for mission-critical environments like the defense industry because of its reliability and security. HPUX, one of the oldest OS (35 years old) released in 1982, no doubt is one of the best server OS we have seen in decades! Being a core HPUX certified engineer obviously I appreciate it moreover IBM’s AIX and Sun Micro system’s Solaris flavor.

But nowadays I am seeing fewer companies, corporate going for HPUX maybe because of its cost involved. Virtualization, cloud computing, and open-source Linux OS flavors made very cost-effective choices for corporate. High Availability offered by virtualization and cloud computing wins over the reliability of Unix when it comes to making cheap billing. HPUX being a hardware-dependent Os i.e. running only on HP hardware (inexpensive) and also involves costs in OS license itself including prime utilities like glance etc., choosing HPUX is a heavy pocket decision. In today’s world of cost-cutting, obviously this is one of the reasons, companies are not opting for HPUX.

Read also : How to learn, practice HPUX

The boom in cloud computing also has an effect on traditional in house data centers and hence on proprietary OS like HPUX. Most of the cloud world is powered by Linux which adversely affects HPUX market share rather altogether AIX, Solaris too. People opting for cloud since they offer cheap services with no maintenance. Even I have seen companies are moving away from HPUX and shifting servers on Linux or cloud for billing numbers.

Another major leap back is HP backed off from new releases of HPUX. It’s like they opt to kill their own lion. The latest HPUX roadmap doesn’t even show HPUX v4 and v5 which was existing in old roadmaps. This clearly indicates they have stopped development for new versions and will be continuing current last HPUXv3 as the latest till 2025. This is a major setback since customers lookout for further development plans of service when opting for it.

I wish HP wake up to new versions and we see HPUX back alive and roaring on the IT world! Still it’s not the end of an era! There are many crucial companies and sectors still run by HPUX cause crucial data needs strong shoulders!

These are my observations and perceptions of HPUX’s current stand-in in the market. Let me know if you have any infographics, new data, matrices, graphs about the HPUX journey to date in comments.

PS: Few comments rippled over this post on Facebook

How to create RAM disk in Linux

2 Replies

Short tutorial explaining what is RAM disk and how to create a RAM disk in Linux. It also includes differences between ramfs and tmpfs.

Recently one of our readers asked “how to create a RAM disk in Linux?”. So I thought of writing this small tutorial which will help you to understand what is a RAM disk, what is the use of it and how to create a RAM disk in Linux.

What is RAM disk?

Roughly RAM disk can be termed as a portion of your RAM mounted as a directory. It uses tmpfs or ramfs. Refer below table for the difference between ramfs and tmpfs.

ramfs	tmpfs
Old type	New type and replacing ramfs now
Can not be limited in size	Size limit can be defined
Since can not be limited may lead to system crash	Once limit reached, disk full error written. No system crash issue.
Entry is not visible in ‘df’ output. Need to calculate by using ‘Cached’ number in ‘free’ output.	Can be seen in ‘df’ command output
Work mechanism as file system cache	Work mechanism is as partition of physical disk

RAM disk is a very high speed, high performance and almost zero latency area to store application files. Due to its performance-oriented nature, its mostly used for temporary data like caching application files.

How to create RAM disk?

RAM disk can be created in simple two steps. One is to create a directory on which it should be mounted and the second step is to mount it on that directory using specific FS type. Make sure you have enough free RAM on the system so that portion of it can be used in RAM disk. You can check it using free command.

Lets create directory /mnt/ram_disk and mount RAM disk on it.

# mkdir /mnt/ram_disk
# mount -t tmpfs -o size=1024m new_ram_disk /mnt/ram_disk

In above mount command, -t should be followed by tmpfs or ramfs type. For ramfs, size is the starting size of RAM disk since ramfs have limitless size. Size followed by the name of the disk (of your choice ex. new_ram_disk). You can verify if it mounted properly using df command.

# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/xvda1      5.8G  2.9G  2.7G  53% /
tmpfs           498M     0  498M   0% /dev/shm
new_ram_disk          1.0G     0  1.0G   0% /mnt/ram_disk

You can see newly created tmpfs of 1GB size is mounted on /mnt/ram_disk (highlighted above).

You can add below entry in /etc/fstab as well to persist it over reboots as well. But keep in mind that data within RAM disk flushes for each reboot since its backed memory is volatile.

new_ram_disk    /mnt/ram_disk   tmpfs    nodev,nosuid,noexec,nodiratime,size=1024M   0

Network routes in Linux

Leave a reply

Learn networking basics in the Linux server. What is the network route, how to check routes, how to define static and default routes in the Linux system?

Network routes on Linux servers are the paths or gateways packets should follow to reach their destinations. Routes can be configured on interface level and system level. The default route is also known as default gateway is the IP where the packet should discover their path if the current network or interface (from which packet originated on the server) does not know the path for destination IP. This article is about discussing network routes in Linux. It will cover how to define the network route for the network interface, where and how to define the default route or default gateway in Linux etc.

How to check current routes on system?

Current routes on system can be viewed using below commands.

# ip route
default via 172.31.0.1 dev eth0
172.31.0.0/20 dev eth0  proto kernel  scope link  src 172.31.4.137

# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         ip-172-31-0-1.a 0.0.0.0         UG        0 0          0 eth0
172.31.0.0      *               255.255.240.0   U         0 0          0 eth0

# routel
         target            gateway          source    proto    scope    dev tbl
        default         172.31.0.1                                     eth0
    172.31.0.0/ 20                    172.31.4.137   kernel     link   eth0
      127.0.0.0          broadcast       127.0.0.1   kernel     link     lo local
     127.0.0.0/ 8            local       127.0.0.1   kernel     host     lo local
----- output clipped -----

You can observe 172.31.0.1 is defined as default gateway on above system.

How to configure static route in Linux?

In RHEL: You need to edit below parameters in the config file /etc/sysconfig/network-scripts/route-ethX.

GATEWAY=10.10.0.1
NETMASK=255.0.0.0
IPADDR=10.10.0.22

where –

gateway is the default gateway for this interface
the netmask is a subnet mask value
ipaddr is the IP address of this interface

Caution : Do not change gateways on live production system.

In Debian: You can put your route in the file /etc/network/interfaces under the intended interface.

auto eth0
iface eth0 inet static
      address 10.10.0.22
      netmask 255.0.0.0
      up route add -net 10.10.0.0 netmask 255.0.0.0 gw 10.10.0.1

In all Linux systems you can use ip route command to define the static route. Command syntax is :

# ip route ip-address via dest-address

where, ip-address is IP of host or interface and dest-address is next HOP address i.e. route IP

How to configure default gateway in Linux?

In RHEL: Define default gateway IP against GATEWAY parameter in /etc/sysconfig/network file and then restart network service.

In Debian: Define default gateway IP against gateway parameter in /etc/network/interfaces file and then restart network service.

Or you can try these commands on any Linux (ex gateway as 10.10.0.1).

# ip route add default via 10.10.0.1
# route add default gw 10.10.0.1

Once set verify the default gateway with commands shown at the beginning of this article.

All you need to know about hostname in Linux

1 Reply

Learn what is hostname, how to set hostname and how to change hostname in Debian and RedHat based Linux systems.

The hostname is a prime identity of Linux servers in the human world! Obviously, the IP address is the main component to identify the system in the environment. In this article, we are going to see anything and everything about the hostname. We will walk through what is the hostname, how to set hostname, how to change hostname etc. Let’s start with the basics of the hostname.

What is hostname

The hostname is the humanly readable identity of the server. Any server is identified by IP address in the network but to identify easily hostname is also given. Normally FQDN (Fully Qualified Domain Name) is expected for the system but even Domain name (the name before the dot) is also fine for systems under private networks. The hostname can be alpha-numeric

Generally hostname standards to the maximum of 255 bytes long. But normally people prefer to keep it 10-12 characters long so that it’s easy to remember. Kernel variables _POSIX_HOST_NAME_MAX or HOST_NAME_MAX defines your current max limit of hostname. You can get their values using getconf a command like below :

# getconf HOST_NAME_MAX
64

How to set hostname in Linux

A quick command in all-new Linux distros is hostnamectl. Use set-hostname switch and your new hostname as an argument.

# hostnamectl set-hostname kerneltalks

For more details read on …

Hostname is defined in files

/etc/hosts for networking
/etc/hostname : This will be read by boot scripts on boot time and set its value.
/proc/sys/kernel/hostname : Current hostname.
/etc/sysconfig/network : Networking (HOSTNAME=”server1″ parameter)

In above files, you can only view current hostname (being used by the live kernel) under proc file only. Rest all files are used to lookup or set hostname at boot time. So if you change hostname using hostname command then it won’t reflect in rest files. It will only reflect in the proc file.

You can set the hostname of your choice in /etc/hostname or /etc/sysconfig/network and restart network service to notify kernel about it.

How to change hostname in Linux

The current hostname can be checked by typing hostname command without any argument. The hostname can be changed by simply using hostname command followed by the name of your choice.

Cautions : Do not change hostname on live production systems!

# hostname
server5
# hostname kerneltalks.com
# hostname
kerneltalks.com

Please make a note that change is dynamic and not permanent. After the system reboot, the hostname will be returned to what it was earlier.

Change hostname permanently in Linux

On RedHat systems : You can edit file /etc/sysconfig/network (define in HOSTNAME=”xyz”) & reboot system

# cat /etc/sysconfig/network
HOSTNAME=kerneltalks.com

On Debian systems : You can edit file /etc/hostname & call /etc/init.d/hostname.sh script (/etc/init.d/hostname.sh start)

You can even change the hostname using the system control command. Use parameter kernel.hostname and define its value like below :

# sysctl kernel.hostname=kerneltalks
kernel.hostname = kerneltalks

On Suse systems: Edit file /etc/HOSTNAME and add hostname in it. There will be no parameter and value format. Only you have to enter hostname like below :

# cat /etc/HOSTNAME
kerneltalks.com

Change hostname permanently in clone, template VM & cloud clones

If you have a system which is prepared using clone, template from VMware or cloud clone deploy then you should do the following :

Edit file /etc/cloud/cloud.cfg and change parameter 'preserve_hostname' to true. You can do it using one-line sed script as below :

root@kerneltalks # sed --in-place 's/preserve_hostname: false/preserve_hostname: true/' /etc/cloud/cloud.cfg

Also, change DHCP related parameter DHCLIENT_SET_HOSTNAME in file /etc/sysconfig/network/dhcp to no. So that hostname wont be changed by DHCP in the next reboot. Again, you can use one line sed to do that as below :

root@kerneltalks # sed --in-place 's/DHCLIENT_SET_HOSTNAME="yes"/DHCLIENT_SET_HOSTNAME="no"/' /etc/sysconfig/network/dhcp

That’s it. These are two extra steps you need to take on cloud or VM servers.

How to configure FQDN in Linux

Another thing around the hostname is to set FQDN for Linux server i.e. Fully Qualified Domain Name. Generally you should be doing in via DNS in your environment but /etc/hosts always get checked first. So its good practise to define FQDN at /etc/hosts file

Use <IP> <FQDN> <Hostname> format to add/edit entry in /etc/hosts and you are good to go. Sample entry below –

root@testsrv1 # echo "10.1.1.5 testsrv1.kerneltalks.com testsrv1">>/etc/hosts

You can verify Linux server’s FQDN by using command hostname -f

root@testsrv1 # hostname -f
testsrv1.kerneltalks.com

How to tune kernel parameters in Linux

Leave a reply

An article explaining how to tune kernel parameters in the Linux system using command or using a configuration file.

In this article we will be discussing how to set or tune the kernel parameter in any Linux system. There are many ways you can do it like setting them in their configuration files or using a system control command sysctl.

sysctl command is used to configure kernel parameters at runtime. Your current kernel parameters values can be viewed with -a switch.

# sysctl -a
abi.vsyscall32 = 1
crypto.fips_enabled = 0
debug.exception-trace = 1
debug.kprobes-optimization = 1
dev.hpet.max-user-freq = 64
dev.mac_hid.mouse_button2_keycode = 97
dev.mac_hid.mouse_button3_keycode = 100
dev.mac_hid.mouse_button_emulation = 0
dev.parport.default.spintime = 500

----- output clipped -----

In the above output you can see parameters on left and their current value on the right. Parameters are sorted with alphabetical order and both columns in output are delimited with = sign so that you can sort this output easily using this delimiter.

There are a few parameters you can even view using the proc file system. You can cat their respective files and view values.

# cat /proc/sys/kernel/shmmni
2048

In above example we can see shmmni value is set to 2048.

How to tune kernel parameter

To change the kernel parameter you can define it under configuration file /etc/sysctl.conf and it will be applied at the next reboot. You need to define parameter=value format in this file (ex. kernel.shmmni=4096).

Each new line represents a new parameter and value pair. Values in this file will be loaded at the next reboot. If you want to load this file immediately then you can can do it by using sysctl -p command. It will load /etc/sysctl.conf file in kernel. You can even define values with -w switch explained below.

To change the kernel parameter using sysctl, you should use a write switch -w along with parameter and value. In the below example we are changing kernel.shmmni value to 2048.

# sysctl kernel.shmmni
kernel.shmmni = 4096
# sysctl -w kernel.shmmni=2048
kernel.shmmni = 2048

You can observe previously kernel.shmmni value was 4096, using -w we changed it to 2048. This change is immediate and does not need a reboot to comes in effect.

syslog configuration in Linux

Leave a reply

Learn everything about Syslog in Linux. Its configuration file format, how to restart Syslog, rotation, and how to log Syslog entry manually.

One of the most important daemons on Unix or Linux based system is syslogd! It logs many crucial system events by default. Logs written by syslogd are commonly referred to as Syslog. Syslogs are first logs when you want to trace issues with your system. They are the lifeline of sysadmins 🙂

In this article, we will see configuration files for syslogd, different configs and how to apply them. Before we begin to go through the below files which we will be using throughout this article frequently.

/etc/syslog.conf : syslogd configuration file
/var/log/messages : Syslog file

There are three projects on Syslog daemon spawned one after another to enhance the previous project’s functionality. They are: syslog (year 1980), syslog-ng (year 1998) and rsyslog (year 2004). So depending on which project’s fruit is running on your server, your daemon name changes. The rest of the configuration remains pretty close similar.

Syslog uses port TCP 514 for communication.

syslogd daemon

This daemon starts with systems and runs in the background all the time, capturing system events and logging them in Syslog. It can be started, stop, restart like other services operations in Linux. You need to check which Syslog version (three projects as stated above) is running (ps -ef |grep syslog) and accordingly, use the daemon name.

# service rsyslog status
rsyslogd (pid  999) is running...

# service rsyslog restart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]

After making any changes in the configuration file you need to restart syslogd in order to take these new changes in effect.

syslog configuration file

As stated above /etc/syslog.conf is a configuration file where you can define when, where, which event to be logged by Syslog daemon. There name changes as per your Syslog version

/etc/syslog.conf for syslog
/etc/syslog-ng.conf for syslog-ng
/etc/rsyslog.conf for rsyslog

The typical config file looks like below :

*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 *
uucp,news.crit                                          /var/log/spooler
local7.*                                                /var/log/boot.log

Here, on the left side column shows services for which you want logs to be logged along with their priority (succeeded by . after service name) and on the right side are actions normally destinations where logs should be written by the daemon.

Services values and priorities :

local7: boot messages
kern: Kernel messages
auth: Security events
authpriv : Access control related messages
mail, cron: mail and cron related events

Service priorities :

debug
info
notice
warning
err
crit
alert
emerg
* means all level of messages to be logged
none means no messages to be logged

All the above priorities are given in ascending level of urgency.

Actions/destination :

Those mostly log files or remote Syslog server to which logs get sent. The remote server can be specified by IP or hostname preceded by @ sign.

Syslog

All logs by syslogd are written its Syslog file /var/log/messages. Typical Syslog file looks like :

May 22 02:00:29 server1 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="999" x-info="http://www.rsyslog.com"] exiting on signal 15.
May 22 02:00:29 server1 kernel: imklog 5.8.10, log source = /proc/kmsg started.
May 22 02:00:29 server1 rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="1698" x-info="http://www.rsyslog.com"] start
May 22 02:17:43 server1 dhclient[916]: DHCPREQUEST on eth0 to 172.31.0.1 port 67 (xid=0x445faedb)

Here file can be read in below parts from left to right :

Date
Time
Hostname (This is important to identify which server’s log is this on centralized Syslog server)
The service name for which logs were written by the daemon
Separator colon
Actual message or log

The first 5 fields can be used for sorting, filtering logs in various tools, scripts, etc. Since Syslog logs, all events on system, it’s obvious it grows in size pretty quickly. You can manually rotate Syslog over a specific period or you can even use logrotate utility to do it automatically in the background.

Testing Syslog logging

To test if the daemon is logging messages in Syslog or not, you can use logger command. With this command, you can specify numerous options like a priority, service, etc. But even without any argument, you can supply a string to write in Syslog and it will do the job for you.

# logger Writing KERNELTALKS in syslog using logger. Testing...

# cat /var/log/messages |grep -i kerneltalks
May 22 02:31:05 server1 root: Writing KERNELTALKS in syslog using logger. Testing...

In the above example, you can see all entries after logger command are printed in the Syslog file. Since we used logger command and didn’t specify any service, it logged message with userid root in-service field!

8 Wannacry ransomware memes take over the Internet

Leave a reply

Gallery of wannacry ransomware memes that take over Internet after major cyber attack broke over the weekend.

As everyone is aware the Internet world has been hit by ransomware called WannaCry last weekend. It was a nightmare for Wintel admins as their whole weekend was burned into patching windows servers in their environments. Obviously Linux world was pretty quiet since WannaCry targeted Windows operating systems only.

No wonder, the Internet got filled with lots of memes about this cyber attack. I collected a few of them here:

Read & share !

Note: Image credits are links from where I collected that image. The origin/creator of the image might be different.