Playing with Linux operation and maintenance: monitoring network card traffic in Linux system

01.  Analysis Description

    During routine Linux maintenance, it is common to encounter server failures. After checking the hardware equipment, it was found that the network card traffic was 0 strange phenomenon, which was initially judged to be a kernel problem or a hardware failure. When the network card and services are restarted, the network becomes normal again! There are various daily services running on the server, because the business cannot be interrupted. We can write a Base to monitor the network card in real time, and when the traffic is 0, restart the network card!


  • Monitor network card traffic every 10 minutes
  • When the network card traffic is 0, restart the network card



02. Basic knowledge (software installation, command parameter description)

    Take the virtual machine platform CentOS 6.4 as an example:

[root@localhost user]# uname -a

Linux localhost.localdomain 2.6.32-642.el6.x86_64 #1 SMP Tue May 10 17:27:01 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux

    Before learning, configure the IP address, gateway, and DNS. I have completed the configuration here, as shown below:


IP configuration

# cd /etc/sysconfig/network-scripts

# cat ifcfg-Auto_eth0   



    IPADDR=  //IP


    GATEWAY=   //gateway




    NAME="Auto eth0"




    DNS1=    //DNS


DNS configuration:

# cat /etc/resolv.conf

# Generated by NetworkManager




2.1. sar command

    sar (System Activity Reporter system activity report) is one of the most comprehensive system performance analysis tools on Linux. It can report system activities from various aspects, including: file read and write, system call usage, disk I/O, CPU efficiency, memory usage, process activity, and IPC-related activities, etc.

Common command format:

sar [options] [-A] [-o file] t [n]
t is the sampling interval, n is the sampling times, the default value is 1;

-o file means to store the command result in a file in binary format, where file is the file name.

options is a command line option with the following parameters:

-A: sum of all reports

-u: output statistics of CPU usage

-v: output statistics for inodes, files, and other kernel tables

-d: output activity information for each block device

-r: output statistics of memory and swap space

-b: Display I/O and transfer rate statistics

-a: file read and write conditions

-c: output process statistics, the number of processes created per second

-R: output statistics of memory pages

-y: terminal device activity

-w: output system exchange activity information

    If you are interested, you can look at the help file, the command is very powerful. Here we use it as a view of network card traffic.

    Check the real-time traffic of the network card. The 1 2 after the command means: take the value once every second, and take the value twice in total.

    The command is as follows:

#sar -n DEV 1 2


The above are some reference values.

IFACE: LAN interface

rxpck/s: packets received per second

txpck/s: packets sent per second

rxbyt/s: bytes received per second

txbyt/s: bytes sent per second

rxcmp/s: Compressed packets received per second

txcmp/s: compressed packets sent per second

rxmcst/s: multicast packets received per second

Alternatively, it can be done with nload. If not installed please install:

yum -y install nload   epel-release

nload -m


2.2. NIC, network restart command

    In routine maintenance, very important commands

service network restart


Restart the network card command:

ifdown eth0 //close

ifup eth0 //enable

ifconfig eth0 down //close

ifconfig eth0 up //enable



2.3. awk command

    Typically used for text processing, for data extraction and reporting.

    basic skills:

  • Use variables to manipulate text files consisting of text records and fields
  • Has arithmetic and string operators
  • Has common programming constructs such as loops and conditions
  • Generate formatted reports
  • define function
  • Execute Linux commands from awk scripts
  • Process the result of a Linux command
  • More clever handling of command line arguments
  • Easier handling of multiple input streams

Basic syntax:



For example: let's say we look at the above sar -n DEV 1 3 to generate a TXT file.

Look at the content of column 5, 6:

awk '{print $5}' /tmp/1.txt

awk '{print $6}' /tmp/1.txt



2.4. if command: judge multiple conditions

In Shell scripts, there are often multiple if judgment conditions:

if [1 -a 2] //satisfy 1 or 2

if [1] && [2] //Meet 1 or 2 at the same time

if 1 -o 2] //satisfy 1 or 2

if [1] || [2] //satisfy 1 or 2


2.5. crontab command: start a script file regularly or for other files

    How to use: Create a task that executes the script file in /home/user/1 every 10 minutes.


crontab -e //create a task

10 * * * * * /home/user/1

crontab -l //View created tasks

10 * * * * * /home/user/1


3. command merge, write out bash shell

Through the above command learning, you can write the following script file:


sar -n DEV 1 10 |grep 'eth0' > /tmp/eth0_flow.log

network_input=`grep '^Average:' /tmp/eth0_flow.log|awk '{print $5}'`

network_output=`grep '^Average:' /tmp/eth0_flow.log|awk '{print $6}'`

if [ $network_input=="0.00" -a $network_output=="0.00" ]


    echo "`date` network card traffic is 0, system services will be restarted, please check!" >>/tmp/net.log

    service network restart

    ifdown eth0 && ifup eth0





Original article, please indicate the source for reprinting: