While every admin knows about top and ps, there's a whole ecosystem of powerful yet underutilized tools that can revolutionize your workflow. Let's dive into some lesser-known but incredibly useful utilities.
Think top on steroids with a web interface:
# Install and run
pip install glances
glances --webserver
# Access via http://localhost:61208Key features:
- Real-time monitoring of CPU, memory, disk I/O
- Network traffic visualization
- Plugin system for Docker, GPU monitoring
For when du just isn't enough:
ncdu /path/to/scan
# Navigation:
# j/k - move down/up
# enter - drill down
# d - delete selectedCombines ping and traceroute with continuous reporting:
mtr -rw google.com
# Output shows packet loss per hop
# -c 10: limit to 10 pings per hop
# --tcp: use TCP instead of ICMPEssential for API responses and config files:
curl -s https://api.example.com/data | jq '.items[] | select(.status == "active")'
# Common patterns:
# jq '.config.servers[]' file.json
# jq -r '.ip_address' # raw outputMonitor data flow through pipes:
dd if=/dev/zero | pv | dd of=/dev/null
# Real-world example:
tar -czf - /backup | pv -s $(du -sb /backup | awk '{print $1}') > backup.tgzTail multiple files with color coding:
multitail -cS apache /var/log/apache2/access.log -cS postfix /var/log/mail.log
# Advanced usage:
# -C config file for custom colors
# -l "ssh host tail -f /remote/log"While known by some, still underutilized:
htop
# Interactive commands:
# F2 - Setup
# F9 - Kill process
# Space - Tag processes
# / - SearchIdentify disk hogs in real-time:
iotop -oPa
# Columns show:
# Actual disk read/write speed
# Process causing I/O
# Swap activityGrep through network traffic:
ngrep -d eth0 'password' port 21
# Advanced filters:
# ngrep -q '^GET' port 80
# ngrep -W byline 'POST.*login'The grep replacement you need:
rg -tpy 'import requests' --stats
# Features:
# .gitignore aware by default
# Multi-threaded
# Better regex supportCombine these tools with pipes for powerful one-liners:
# Find large files modified recently and analyze disk usage
find / -type f -size +100M -mtime -7 -print0 | xargs -0 ls -lh | pv -l | ncdu -f -The key to mastering these tools is consistent practice. Create aliases for your most used combinations and gradually incorporate them into your daily workflow.
While every sysadmin knows about workhorses like top and dtrace, there's a treasure trove of lesser-known utilities that can dramatically improve your workflow. These tools solve specific problems elegantly and often outperform their more famous counterparts in certain scenarios.
This Python-based tool provides a comprehensive overview of your system's health:
# Installation
pip install glances
# Run in standalone mode
glances
# Run in web server mode (access via browser)
glances -w
Key features:
- Cross-platform monitoring (Linux/Windows/macOS)
- Process filtering with regular expressions
- Plugin system for custom monitoring
When tcpdump gives you too much information and grep isn't network-aware:
# Monitor HTTP traffic on port 80
ngrep -d eth0 'GET|POST' port 80
# Capture SMTP conversations
ngrep -d any -qt -W byline '^220' port 25
Unlike traditional packet captures, ngrep displays payload content in real-time with color highlighting.
Combine continuous monitoring with path analysis:
# Basic usage (combines ping and traceroute)
mtr google.com
# Generate CSV output for logging
mtr --report --report-cycles 10 google.com
Parse and manipulate JSON directly from the command line:
# Extract specific fields from API responses
curl -s https://api.example.com/data | jq '.items[] | {id:.id, name:.name}'
# Transform JSON structures
cat input.json | jq '[.users[] | select(.active) | {username}]'
Find space hogs quickly with this ncurses-based tool:
# Scan current directory
ncdu
# Scan remote server (requires ssh access)
ssh user@server "ncdu -o-" | ncdu -f-
View multiple log files simultaneously with color coding:
# Monitor two logs with different color schemes
multitail -cS apache /var/log/apache2/access.log -cS syslog /var/log/syslog
# Use regular expressions to highlight errors
multitail -e "error" /var/log/app.log
When netcat isn't powerful enough:
# Create a simple TCP proxy
socat TCP4-LISTEN:8080,fork TCP4:backend:80
# Debug SSL connections
socat -v OPENSSL:example.com:443,verify=0 STDIO
Monitor data flow through pipes:
# Show progress while compressing files
tar -cf - /big_directory | pv -s $(du -sb /big_directory | awk '{print $1}') | gzip > archive.tgz
# Estimate transfer time for large copies
pv largefile.iso > /dev/sdb
Search through codebases faster than grep:
# Search current directory recursively
rg "search_pattern"
# Include file types and show context
rg -tpython -C3 "import requests"
A more intuitive alternative to curl for API interaction:
# Simple GET request with formatting
http GET https://api.example.com/users
# POST request with JSON body
http POST https://api.example.com/users name=John email=john@example.com
When adopting these tools:
- Create aliases for frequently used commands in your
~/.bashrc - Combine them in scripts to automate complex workflows
- Use in conjunction with monitoring systems like Prometheus
For security-sensitive operations, always verify the integrity of downloaded tools and consider compiling from source when possible.