Introduction
In this hands-on lab, you'll discover the power of the Linux watch command, a crucial utility for any systemadmin. This command provides real-time monitoring by repeatedly executing a specified command and displaying its output. This lab provides practical understanding and usage of the watch command, including monitoring system processes, and file system activity. Mastering the watch command enhances your ability to proactively manage and observe your Linux systems. Throughout this tutorial, expect practical examples and real-world scenarios demonstrating the command's value for system administration tasks.
Understand the watch Command
This section focuses on explaining the core functionality of the watch command in Linux. You'll learn how it works and its purpose for monitoring command output.
The watch command is an invaluable asset for system monitoring and efficient system management. Use it to dynamically track modifications to system processes, file updates, and many other real-time system events.
To begin with the watch command, simply input the following in your terminal:
watch [options] <command>In this syntax, [options] represent the customizable parameters that you can pass to the watch command. Meanwhile, <command> indicates the command you wish to execute and monitor.
Here are some commonly used options for the watch command:
-n, --interval <seconds>: Configures the interval, in seconds, between command executions (the default is 2 seconds).-d, --difference: Highlights areas that have changed between successive executions.-t, --no-title: Removes the header displaying the current time and the command that is being executed.
For instance, to observe the output of the df command (which shows disk space usage) every 5 seconds, execute the following command:
watch -n 5 df -hExample output:
Every 5.0s: df -h labex@ubuntu: Fri Apr 28 14:35:41 2023
Filesystem Size Used Avail Use% Mounted on
overlay 30G 4.2G 26G 14% /
tmpfs 64M 0 64M 0% /dev
tmpfs 2.0G 0 2.0G 0% /sys/fs/cgroup
/dev/sda1 30G 4.2G 26G 14% /etc/hosts
shm 64M 0 64M 0% /dev/shm
overlay 30G 4.2G 26G 14% /etc/resolv.conf
overlay 30G 4.2G 26G 14% /etc/hostname
overlay 30G 4.2G 26G 14% /etc/host.conf
tmpfs 2.0G 0 2.0G 0% /proc/acpi
tmpfs 2.0G 0 2.0G 0% /proc/scsi
tmpfs 2.0G 0 2.0G 0% /sys/firmwareThe watch command will continually run the df -h command and refresh the display every 5 seconds.
Monitor System Processes with watch
This step details using the watch command to monitor and observe system processes in real-time, providing invaluable insights for system admins.
The watch command, when paired with the ps (process status) command, allows you to continuously monitor currently running processes on your Linux system.
To monitor processes using watch, execute the following:
watch -n 5 'ps aux'This will run the ps aux command every 5 seconds and display its output. The ps aux command provides details of all active processes, including the user, process ID, CPU and memory consumption, and the initiating command.
You can also combine the watch command with other process monitoring tools such as top or htop to attain an enhanced view of system processes:
watch -n 5 topThis will output the top command, which displays a dynamic real-time view of the processes, often sorted by CPU or memory usage.
Example output:
Every 5.0s: top labex@ubuntu: Fri Apr 28 14:40:41 2023
top - 14:40:41 up 8 min, 0 users, load average: 0.00, 0.00, 0.00
Tasks: 38 total, 1 running, 37 sleeping, 0 stopped, 0 zombie
%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
MiB Mem : 1984.0 total, 1909.7 free, 29.3 used, 45.0 buff/cache
MiB Swap: 0.0 total, 0.0 free, 0.0 used. 1909.9 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
1 root 20 0 8548 3292 2340 S 0.0 0.2 0:01.38 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kthreadd
3 root 0 -20 0 0 0 I 0.0 0.0 0:00.00 rcu_gpBy continuously monitoring system processes with watch, you can easily identify resource-intensive applications and detect anomalies.
Monitor File Changes with watch
In this section, we will cover how to effectively monitor changes to files and directories using the watch command, a powerful technique for system admins.
Using watch in conjunction with the ls command allows you to continuously observe a directory’s contents and identify file-level changes.
First, create a directory and some files to monitor:
mkdir ~/project/files
touch ~/project/files/file1.txt ~/project/files/file2.txtNow, to monitor the contents of the ~/project/files directory, use this command:
watch -n 5 'ls -l ~/project/files'This will run the ls -l ~/project/files command every 5 seconds, showing the output in your terminal. The -l option of ls provides a detailed listing, including file permissions, ownership, size, and the last modification time.
You can also monitor a specific file for changes. To monitor file1.txt, run:
watch -n 5 'cat ~/project/files/file1.txt'This will show the content of file1.txt every 5 seconds. Any edits or changes made to the file will be instantly visible.
Example output:
Every 5.0s: ls -l ~/project/files labex@ubuntu: Fri Apr 28 14:45:41 2023
total 0
-rw-r--r-- 1 labex labex 0 Apr 28 14:44 file1.txt
-rw-r--r-- 1 labex labex 0 Apr 28 14:44 file2.txtContinuously monitoring files and directories with watch makes it simple to detect unauthorized or unexpected modifications on your system.
Summary
This lab demonstrated how to harness the power of the watch command in Linux for effectively monitoring both system processes and file changes. You started with the foundational aspects of the watch command, understanding its execution and options. Then, you learned how to monitor system processes, such as tracking changes in disk usage. Lastly, you discovered file change monitoring techniques, vital for observing sensitive configuration or log files. By completing this tutorial, you've gained a practical understanding of the watch command and how to use it for different system monitoring needs. It is a useful tool for any systemadmin, and even for a Linux user operating as root.