Top Contenders

Peak loads, I/O issues, and inexplicable system behavior pose problems for administrators day after day. Why is the database using so much swap memory? Why is my laptop battery discharging so quickly? The legacy command-line utility Top specializes in problems like these.

Top was the first in a long line of self-refreshing resource monitoring tools. Now numerous imitators vie for the administrator's attention. With the help of a Linux Magazine jury, we tried out dozens of wannabe top performers, and now proudly present the top 10 Tops.

The top tools in this category – with one exception – all have one thing in common: They display the resources used by a service or a server in a syntax that is reminiscent of the legendary Unix Top utility. The rankings here are based on how useful the tool is for troubleshooting.

10: Xrestop

Xrestop [1] shows X11 users which X client programs are using the most resources, organizing the results neatly by pixmap memory usage (Figure 1). The tool relies on the X resource extension [2] to query information on the clients connected to the X server. The XResQueryClients, XResQueryClientResources, and XresQueryClientPixmapBytes functions provide the data from which Xrestop generates a Top-style view.

Figure 1: Xrestop shows the pixmap memory usage for the active X11 applications. The screenshot was taken with KSnapshot, which explains why the KSnapshot tool is on top of the list.

Xrestop was originally designed by the X.org community to help developers locate memory or performance holes in the X server, but in the course of time, it has gained popularity as a daily administration tool. Admins today often use Xrestop to locate undesirable resource killers. Although you can locate a crashed or hanging X Window application easily, you will need to use another tool to kill the culprit. Because Xrestop only helps you troubleshoot issues with X applications and does not offer much in the line of options, the tool just scrapes into 10th place on the list.

9: Ntop

Ntop [3] is a popular instant monitoring tool that gives the admin an overview of the network interface card, its throughput, and all of its connections. The mass of information that Ntop collects and presents in its neat web interface guarantees a top 10 spot for the 10-year-old Ntop project. Figure 2 shows just some of the statistics that Ntop collects.

Figure 2: At what time is the VPN server busiest? Ntop answers this question and more with its neat web interface.

The tool shows the admin details of network connections on an interface, sorting them by time, host, protocol, or various other options. Clear RRD-based diagrams give administrators an at-a-glance view of unusual goings on.

Although you don't need to customize Ntop before you start, the information it collects is volatile and disappears completely if you restart. A workaround for this is to use Ntop with a database back end, although this solution will entail far more configuration.

Until recently, Ntop also included the Intop command-line tool, which displays a continually updated Top-style view of the current network connections. The Intop tool, however, is missing from recent versions of Ntop. According to Ntop developer Luca Deri, the next version of Ntop will include the far more comprehensive Packet Shell (Pksh [4]). But until it is released, Ntop does not offer a command-line client.

Thus, despite its enormous feature set, the excellent web interface, and the scope of the information it collects, Ntop comes in at number nine.

8: ApacheTop

ApacheTop [5] is a lean tool that offers information on current Apache web server access, the pages Apache serves up, the number of hits per second, and many other statistics. The helper application finds the necessary information in Apache's access_log files (Figure 3).

Figure 3: A web server under investigation by ApacheTop: A user is currently accessing SquirrelMail.

Some options change the appearance of the queries: -q keeps the query strings used by, for example, PHP scripts, -l forces lower case, and -s number defines the number of numeric sections in the URL. Finally, -r resolves host names to their matching IPs.

A web administrator can use the command line to tell ApacheTop how long to keep statistics before refreshing and deleting them. To do this, you can define a number of hits (-H Hits) or specify a value in seconds (-T seconds), as well as set the delay between two refreshes (-d seconds).

The tool loses a couple points because it is fairly ancient and has not been developed actively since 2005. Despite the drawbacks, administrators who have installed Fam and Portmap on their web servers will find ApacheTop a practical live analysis tool for Apache, with many applications in production use.

Unfortunately, the feature scope is restricted to command-line options, which makes it hard for ApacheTop to keep pace with some of its more feature-rich competitors.

7: Ptop

Two database tools appear in the top 10. At seventh place is Ptop [6] (see Figure 4). Any administrator who has worked with PostgreSQL will be interested in this tool because Ptop provides an overview of all your database processes, at the same time displaying information such as the SQL statements currently being processed. But that's not all: Ptop also gives you details of locks and statistics for individual tables and indices (Figure 5).

Figure 4: Ptop gives you details of locks and statistics for individual tables and indices. Ptop will give you the query plan for any currently active query, providing you stipulate E for EXPLAIN.

Figure 5: Ptop's R option gives you statistics, including details like the number of sequential reads and writes from and to the PostgreSQL table.

To launch Ptop, enter pg_top -d database -U database_user -W password. The command takes the user to an interactive shell, where a number of shortcuts are available (Table 1).

Ptop is available for Linux, BSD, and Mac OS. For more screenshots and details, go to the website [7].

6: Dnstop

Dnstop [8] uses the Pcap library to filter all the DNS queries on a computer's network interface and list them neatly. The dnstop network_device -t -s command gives you a list of DNS queries in a Top-style, configurable view. Table 2 shows some Dnstop shortcuts.

When you enter a question mark, ?, Dnstop displays the integrated online help. At the same time, Dnstop offers two combined views that give users several pieces of information at a glance. The @ entry lets you display the source of the query along with the second-level domain target-side, along with the volume and percentage of all DNS traffic. The # option gives you the same results, but with a complete third-level domain name (Figure 6).

Figure 6: Entering "#" in Dnstop gives the administrator an at-a-glance overview of the DNS queries issued on a computer.

If you use Dnstop on a router, you can also detect undesirable DNS tunnels. A client on a local network that exchanges a large volume of data via a DNS server will be exposed quickly.

5: Iftop

Snapshots and a traffic overview for all active network connections are Iftop's [9] specialty. Just like Top, it sorts connections by activity and offers a jam-packed action set while doing so (see Figure 7).

Figure 7: Iftop displays the process for a connection and distributes the network traffic neatly over individual bar charts. The summary is shown at the top and bottom edges of the screen.

Administrators can press H to view online help and configure the view. Throughput is not only displayed as a figure, but also by a bar chart. Iftop adjusts the scale at the top of the screen to reflect the amount of bandwidth used.

Various options allow users to disable DNS name resolution, hide sources and targets, and sort on various columns. At the bottom edge of the display, you can see the average and accumulated values and sums for the Ethernet device sorted by input and output.

The comprehensive filtering options are really exciting for network administrators and can be entered either in interactive mode (after entering iftop -f options) or by pressing the F key. For example, -f icmp displays ICMP packages only. The familiar Tcpdump style can be inverted by making a selection – for example: not port ssh.

The -F option tells Iftop to automatically filter out individual hosts, or complete networks, leaving only those that match the selected network mask: iftop -F 192.168.0.0/24 is an example for a local network. For more information on the numerous options, see the man pages online [10].

4: Mytop

The second database tool is Mytop [11], which is written in Perl and displays information from the two standard MySQL statements SHOW PROCESSLIST and SHOW STATUS at periodic intervals.

Mytop turns out to be very adaptable, listing information like the missing number of SELECT, INSERT, UPDATE, and DELETE statements. A header at the top of the screen shows the efficiency of the key index at a glance, along with the input and output per second.

The best approach is to launch Mytop by entering mytop -u user -p password -h hostname -P port -d database. The parameters can also be stored in a configuration file: If launched without any options, the tool searches for ~/.mytop. Equal signs are used to separate parameters and their names:

user=sspreitzer
host=192.168.0.222
pass=mysecretpassword

With the use of shortcuts, you can change interactive mode. C switches on the fairly new command and statement counter.

Resource killers are identified easily with the workaround E; this tells the tool to discover the MySQL statement behind a selected thread.

H toggles the header line on and off in the display. Pressing Shift+I lets you output a complete status report on the Inno DB back ends, K terminates a thread, and P takes a break. O changes the sorting order and R (for Reset) sends a FLUSH STATUS statement to the server.

Pressing S changes the refresh interval, and T toggles to the thread view. If all of these key presses are too much for you, you might want to refer to the longer list of shortcuts: ?. But that's not all, because Mytop also supports filter options.

To see threads with connections to a specific database, press D. H filters by specific hostname, U locates a specific user, and F resets all filters.

Mytop is a perfect status monitor for individual MySQL databases.

3: PowerTop

Because of the increasing popularity of mobile devices, it comes as no surprise that PowerTop by Lesswatts [12] is attracting a continually growing community. Although the tool will only run on Intel CPUs and recent distributions, it is extremely useful if you need to optimize the hardware and software on your laptop for maximum battery life.

The neatest thing about PowerTop is that it not only identifies the power hogs, it also includes a fact-filled database of known issues and solutions. It even guesses the current power consumption for the more popular mobile processors.

The battle for the last reserves of energy is fascinating. According to success stories on the project homepage, PowerTop can even double your battery life. Because the tool is only available for Intel CPUs and the latest kernel (2.6.22 or newer), it only takes third place despite its gaming feeling and undeniable cult factor.

2: Atop and Htop

The number two spot is taken by two top clones, Atop [13] and Htop [14]. Because both are close to their role model with respect to feature scope and presentation, they share their good ranking. The advantages offered by Atop, and the Atopsar program that comes with the package, include a detailed view of the monitored processes (Figure 8).

Figure 8: The Atop process list is detailed but interactive.

In contrast, Htop convinces with its sensible overview and its ability to let administrators influence processes directly. For example, the software will sort a process list by name or PID with the use of just a couple of shortcuts, and it can assign a different Nice priority level to all Apache processes (Figure 9).

Figure 9: No tool is better than Htop at changing the Nice level for all Apache processes. Admins can press F6 to sort, the space bar to select, and F6 or F7 to modify the priorities of the entries.

Another nice thing is that the controls are self-explanatory: Htop's interface is a mix of Midnight Commander and Top. A menu with the most important functions is available at the bottom of the screen: F6 is for sorting – the administrator can use a kind of drop-down menu to select the column – and F7 reduces and F8 increases a program's Nice priority. Because the user can press the space bar to make multiple selections, priority changes are easier and faster with Htop than with almost any other system tool.

The information that Atop provides is more useful to an advanced administrator wanting to investigate minute details of individual processes.

In the standard view, Atop supplies advanced information on memory usage (M), scheduling (S), and command-line parameters (C) and various details on processes (V).

A specially patched kernel additionally lets you display disk (D) and network usage (N). Thanks to Atopsar, admins can even access the Sysstat data of the past few days or weeks, assuming you launch the Sar daemon on your system.

Still Number 1: Top

Despite all the advantages of the programs we just looked at, the Linux Magazine jury's favorite is the legacy and legendary Unix tool Top by William LeFebvre and others.

Top is installed everywhere, it is comprehensively documented, and it gives you the more or less identical controls and behavior on any conceivable Unix and on BSD, Linux, many embedded systems, and Mac OS X. The tool, which has been an administrative evergreen since 1984, runs on mainframes, workstations, desktops, and clusters.

Version 3.7, or Beta 3.8 of unixtop, is available for download [15]. But who needs to download when your favorite distribution already includes the tool and even installs it as part of the minimal installation?

Administrators will be familiar with the various switches, options, and parameters. The man page fills several screens – again thanks to the number of operating systems Top supports.

Conclusion

Any Linux or Unix book that covers system administration provides at least a few pages on the essential Top utility. The original Top is still number one today, but the winner shouldn't get complacent: Talented newcomers – some of them specialists, others simply modern clones of the original – are getting closer to center stage. Htop, for instance, is shaping up nicely.