Blue Flower

Linux

This is the Linux Servers category.  This category can have articles and sub-categories related to any server that is Linux based operating system.  Examples are Red Hat Linux, Red Hat Enterprise Linux, SUSE, Fedora, CentoOS, Ubuntu, Debian and Debian based, Slackware, and Smoothwall.  Other linux OS servers too.

 

Click on the big + sign to toggle the listing of categories and/or articles.

 

List Of Commands To Collect System Information Of A Linux Computer

I am keeping this article short and going straight to the list.  It is meant as a reference article for whenever anyone or myself needs the commands to get system information on various kinds of Linux and Unix OS based servers, or stations.  Many of these commands work for OSs like Red Hat Linux, RHEL, Debian, Ubuntu, Fedora, CentOS, SUSE, Slackware, various Unix OSs, etc.

If the command from the list below does not apply to your particular OS, you will simply get an error message that the command does not exist; no harm will be done.  The list already takes into consideration a system that has up to 4 Ethernet connections/ports and up to 8 Ethernet aliases per physical Ethernet port.  If your system has less Ethernet ports or aliases, it is okay to paste all the ones listed here.  Nothing bad will happen.

Please note that I do not get paid to write these articles.  This article took an hour or 2 to make, and if past research and time to collect all the commands is included, then it took a day and maybe 2 days of work.

List Of Commands To Gather Information About Your Linux/Unix Computer.

ifconfig  -a
cat /proc/cpuinfo
free
sysctl -a
cat /proc/version
more /etc/sysconfig/network-scripts/ifcfg-eth0
more /etc/sysconfig/network-scripts/ifcfg-eth0:0
more /etc/sysconfig/network-scripts/ifcfg-eth0:1
more /etc/sysconfig/network-scripts/ifcfg-eth0:2
more /etc/sysconfig/network-scripts/ifcfg-eth0:3
more /etc/sysconfig/network-scripts/ifcfg-eth0:4
more /etc/sysconfig/network-scripts/ifcfg-eth0:5
more /etc/sysconfig/network-scripts/ifcfg-eth0:6
more /etc/sysconfig/network-scripts/ifcfg-eth0:7
more /etc/sysconfig/network-scripts/ifcfg-eth1
more /etc/sysconfig/network-scripts/ifcfg-eth1:0
more /etc/sysconfig/network-scripts/ifcfg-eth1:1
more /etc/sysconfig/network-scripts/ifcfg-eth1:2
more /etc/sysconfig/network-scripts/ifcfg-eth1:3
more /etc/sysconfig/network-scripts/ifcfg-eth1:4
more /etc/sysconfig/network-scripts/ifcfg-eth1:5
more /etc/sysconfig/network-scripts/ifcfg-eth1:6
more /etc/sysconfig/network-scripts/ifcfg-eth1:7
more /etc/sysconfig/network-scripts/ifcfg-eth2
more /etc/sysconfig/network-scripts/ifcfg-eth2:0
more /etc/sysconfig/network-scripts/ifcfg-eth2:1
more /etc/sysconfig/network-scripts/ifcfg-eth2:2
more /etc/sysconfig/network-scripts/ifcfg-eth2:3
more /etc/sysconfig/network-scripts/ifcfg-eth2:4
more /etc/sysconfig/network-scripts/ifcfg-eth2:5
more /etc/sysconfig/network-scripts/ifcfg-eth2:6
more /etc/sysconfig/network-scripts/ifcfg-eth2:7
more /etc/sysconfig/network-scripts/ifcfg-eth3
more /etc/sysconfig/network-scripts/ifcfg-eth3:0
more /etc/sysconfig/network-scripts/ifcfg-eth3:1
more /etc/sysconfig/network-scripts/ifcfg-eth3:2
more /etc/sysconfig/network-scripts/ifcfg-eth3:3
more /etc/sysconfig/network-scripts/ifcfg-eth3:4
more /etc/sysconfig/network-scripts/ifcfg-eth3:5
more /etc/sysconfig/network-scripts/ifcfg-eth3:6
more /etc/sysconfig/network-scripts/ifcfg-eth3:7
route -n
route
netstat  -tulpn
sfdisk -d
sfdisk -l
more /etc/fstab
more /etc/hosts
more /etc/resolv.conf
chkconfig --list
df
df -h
more /var/log/dmesg
more /proc/ioports
more /proc/partitions
more /proc/ide/ide0/hda/settings
more /proc/ide/ide0/hda/driver
more /proc/ide/ide0/hda/media
more /proc/ide/ide0/hda/model
more /proc/ide/ide0/hda/identify
more /proc/ide/ide0/channel
more /proc/ide/ide0/config
more /proc/ide/ide0/mate
more /proc/ide/ide0/model
more /proc/mounts
more /proc/mdstat
more /etc/lilo.conf
more /etc/grub.conf
more /proc/rd/c0/current_status
more /proc/rd/status
rpm -qa
service --status-all
ulimit -a
lsmod
xdpyinfo
uname -a
more /etc/network/interfaces
w
who
ps auxw
dpkg --list
cat /etc/*-release
iptables -L

The below can be copied into an executable batch file and ran at system command level (usually don on servers) to get a text file output that contains all the system information.  When the batch is ran, it checks for the .txt file outpu and removes any old ones first.  So, you can repeatedly and keep getting updated results.  You can create a file named something like SystemInfo.bat and set it's permissions to 700 (wrx------) so you can execute the batch file commands by simply typing ./SystemInfo.bat at command level.  You can download the below batch file here (on some OS, you may need to right mouse click and choose Save-Link or Save-Link-As).  Note that the iptables -L command has not been included in the below batch, since on some servers it takes a long time to output it's results, and instead, I have included iptables -L -n in the below batch.

Batch File Commands To Run To Get Information For Most Popular Linux Type OSs.

rm -f TechNotes_whw1_com-SysInfoBatchOutput.txt ; touch TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"ifconfig  -a\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; ifconfig  -a >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"cat /proc/cpuinfo\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; cat /proc/cpuinfo >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"free\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; free >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"sysctl -a\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; sysctl -a >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"cat /proc/version\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; cat /proc/version >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0:0\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0:0 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0:1\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0:1 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0:2\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0:2 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0:3\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0:3 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0:4\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0:4 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0:5\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0:5 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0:6\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0:6 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth0:7\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth0:7 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1:0\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1:0 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1:1\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1:1 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1:2\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1:2 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1:3\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1:3 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1:4\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1:4 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1:5\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1:5 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1:6\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1:6 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth1:7\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth1:7 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2:0\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2:0 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2:1\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2:1 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2:2\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2:2 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2:3\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2:3 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2:4\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2:4 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2:5\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2:5 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2:6\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2:6 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth2:7\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth2:7 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3:0\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3:0 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3:1\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3:1 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3:2\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3:2 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3:3\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3:3 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3:4\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3:4 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3:5\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3:5 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3:6\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3:6 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/sysconfig/network-scripts/ifcfg-eth3:7\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/sysconfig/network-scripts/ifcfg-eth3:7 >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"route -n\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; route -n >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"route\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; route >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"netstat  -tulpn\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; netstat  -tulpn >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"sfdisk -d\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; sfdisk -d >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"sfdisk -l\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; sfdisk -l >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/fstab\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/fstab >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/hosts\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/hosts >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/resolv.conf\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/resolv.conf >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"chkconfig --list\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; chkconfig --list >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"df\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; df >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"df -h\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; df -h >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /var/log/dmesg\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /var/log/dmesg >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ioports\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ioports >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/partitions\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/partitions >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/hda/settings\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/hda/settings >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/hda/driver\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/hda/driver >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/hda/media\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/hda/media >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/hda/model\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/hda/model >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/hda/identify\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/hda/identify >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/channel\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/channel >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/config\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/config >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/mate\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/mate >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/ide/ide0/model\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/ide/ide0/model >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/mounts\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/mounts >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/mdstat\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/mdstat >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/lilo.conf\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/lilo.conf >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/grub.conf\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/grub.conf >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/rd/c0/current_status\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/rd/c0/current_status >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /proc/rd/status\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /proc/rd/status >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"rpm -qa\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; rpm -qa >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"service --status-all\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; service --status-all >> TechNotes_whw1_com-SysInfoBatchOutput.txt ;  echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"ulimit -a\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; ulimit -a >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"lsmod\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; lsmod >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"xdpyinfo\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; xdpyinfo >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"uname -a\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; uname -a >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"more /etc/network/interfaces\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; more /etc/network/interfaces >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"w\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; w >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"who\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; who >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"ps auxw\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; ps auxw >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"dpkg --list\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; dpkg --list >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"cat /etc/*-release\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; cat /etc/*-release >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt
echo -e "Results for \"iptables -L -n\":" >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; iptables -L -n >> TechNotes_whw1_com-SysInfoBatchOutput.txt ; echo -e "\n#################\n" >> TechNotes_whw1_com-SysInfoBatchOutput.txt

Please feel free to contribute your own commands to the above list by putting them in the bellow Comments section.

Also, iptables -L is useful for providing the current firewall access and filter list.  Simply looking at a file like /etc/sysconfig/iptables may not show you all that is currently being used by the Firewall list, since other programs can modify the firewall (iptables) in memory without modifying the /etc/sysconfig/iptables files (or similar file or location).  I did not include the iptables command in the above batch because sometimes the iptables list can be very long and take a very long time on some systems.  So, it is left as an option item to execute at command level.  Instead, I have included iptables -L -n in the above batch, which shows only numerical IPA info, and no reverse looked up names.

Consider Contributing

If you found this article or any Tech Notes article useful, then consider making a contribution as a simple thanks.  Any amount can be given; even just one dollar ($1).  The Paypal contribution button is safe and does not require you to have a Paypal account to make a contribution to Tech Notes

Consider submitting an article of your own to Tech Notes.  I will create a sub-category for your article if needed.  Guest articles are welcome!

 

Feel Free To Leave A Good Comment. :)

Look around this site and it's menus, and you may find other useful articles.

Meaning Of Load Numbers On Linux Servers

If you are using a Linux (Unix derived/based OS), like CentOS, Red Hat Linux, Ubuntu, or any other, and using any program like Top, and Uptime and similar load monitoring softwares then you may be wondering exactly what do those Load numbers mean.

Note, I do not get paid to write these articles.

You would see something like,
"load average: 0.75, 0.34, 0.12".

  1. The first number on the left (.75 in this case) is an approximate 1 minute average.
    The 2nd from left is a 5 minute approximate average.
    The last on the right (.12 in this case) is a 15 minute approximate average.
    I won't get into why I say approximate, but in this article, I will be referring to them as averages.

  2. These numbers are not CPU percentages.

  3. Think of Load as Capacity.

  4. A load value of 1 is the capacity utilization and reservation that is equivalent to one CPU core. Notice I said processor core and not just processor.  Also, notice I said equivalent, and did not say equal.

  5. A load value of 1 does NOT = 100% usage of one specific CPU core unless there is only one processor with a single CPU core and in which case then 1 = 100% usage of the CPU.

  6. A load value can be higher than 1 because it includes the count of what is waiting to be processed in the situation when the processor is either full or unavailable to handle a request, and so requests can get backlogged.

 

What Gets People Confused?

At least a couple of things gets people confused about the load numbers. 

  • One, if 1 = 100%, then how can I be getting average load values of 2, 3, 4, etc.? 
  • Two, is the average done separately for each CPU or each CPU core or it is an average for the system as a whole? 

Depending on the computer, there is a predetermined number for the quantity of processes (load quantity/number) that would indicate the equivalence of a single cpu core pipeline or capacity as full.  The count of processes is for the whole system.  Regardless if the computer has multiple processors, or a processor with multiple cores, or multiple processors with each having multiple cores, or just one single core CPU, the count would be for the system as a whole.  For illustrations purposes, suppose 100 processes each second would mean a processor is running at 100% and if this was sustained for 1 minute, then the 1 minute load average would be 1 for simplification (the math actually involves decay consideration). 

For the following visual illustration, the ---- around the numbers represents a pipeline, or capacity of a computer's CPU processing ability.

CPU Processing Capacity Pipeline
And Requests Que (Que)
(Que = Requests Waiting To Be Processed)

|<-------1 second ------>|
------------------------------
             100
------------------------------
|<-Processed Requests->|

------------------------------
               0
------------------------------
|Requests Waiting (Que) |


Another illustration:

1Sec    1Sec
-----     -----
100  +   0
-----     -----

100 processed Requests And Zero in Que = 100 processes.
1 Minute Average Load = 1 if sustained for 1 minute and beyond; meaning if exactly 100 processes done with zero in Que for every second of 60 seconds, then 1 minute load average would be 1.

Now, if the computer had 4 CPU cores, regardless if in multiple separate processor chips or in a single processor chip, and each core sustained 25% usage for a full minute, then the 1 minute load average would still be a 1.  The reason is because the count would be 25 processes running on each core and the sum of the four 25 is 100, and program math sees 100 as a load of 1.

4 CPU Processing Capacity Pipelines
And Requests Que (RQ)
(RQ = Requests Waiting To Be Processed)

|<-------1 second ------>|
------------------------------
               25
               25
               25
               25
------------------------------
|<-Processed Requests->|

------------------------------
                0
------------------------------
|Requests Waiting (Que) |

25x4 processes And Zero In Que = 100 processes spread across 4 CPU Cores.
1 Minute Average Load = 1 if sustained for 1 minute and beyond; meaning if exactly 100 processes done with zero in Que for every second of 60 seconds, then 1 minute load average would be 1.

Now, lets say more requests come in beyond 100 process requests per second on a one chip single core CPU.  Well, in this case, a backlog would occur. There would be Requested processes waiting in Que.  If there are consistently 120 process requests every second for 1 minute or beyond, then the 1 minute load average would show a 1.2 (again simplified).  This would be reflected in the performance of the computer. 

CPU Processing Capacity Pipeline
And Requests Que (RQ)
(RQ = Requests Waiting To Be Processed)

|<-------1 second ------>|
------------------------------
             100
------------------------------
|<-Processed Requests->|

------------------------------
               20
------------------------------
|Requests Waiting (Que) |

100 processed And 20 in Que = 120 processes.
1 Minute Average Load = 1.2 if sustained for 1 minute and beyond; meaning if exactly 100 processes done along with 20 in Que every second for 60 seconds, then 1 minute load average would be 1.2.


However on a 4 core CPU computer, no noticeable impact may exist since the 4 cores can handle 400 processes per second.  Depending on the computer design, software, and type of request to the processor the request could get evenly distributed among the CPU cores, or one or more CPU cores many handle a larger quantity of processes at any time.  Also, as you may have guessed, a load number of 4 would indicate that the average for that period has been at maximum usage.

The same thing explained above would apply to the 5 minute and 15 minute load average numbers. The only difference is that the average is taken over a 5 minute period and a 15 minute period instead of a 1 minute period as shown by the 1 minute load average.

I may be adding more this this article later.

 

Feel Free To Leave A Good Comment. :)

Look around, and you may find other useful articles. Add this site to your Bookmarks/Favorites for easy return for new articles. Consider submitting technical articles for publication, including your embedded links. I will even create a new category if needed.

Netfilter Iptables And Conntrack (ip_conntrack), Max Connections, Buckets, Inspect And Tweek Commands, And Errors.

I recently came in need of referencing an old Netfilter Conntrack document.  Normally at http://www.wallfire.org/misc/netfilter_conntrack_perf.txt.  I was unpleasantly surprised to find it was not publicly available.  I located a copy of the document and pasted it here with some formatting improvements for easy reference and to ensure it does not get lost and available when needed.

Please note I do not get paid to post these articles.

Article Structure

  1. Initially, the Netfilter document is pasted below.
  2. Then highlights of typically needed commands and related error messages that cause one to reference this.

Netfilter Conntrack (ip_conntrack) Doc

The pasted document is between a set of Hash symbols, like this ###########.  However, I have modified the  document by highlighting the executable command lines or other file entries as code format. 

############## START ##############

           Netfilter conntrack performance tweaking, v0.8
           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

             Hervé Eychenne <rv _AT_ wallfire _DOT_ org>

This document explains some of the things you need to know for netfilter conntrack (and thus NAT) performance tuning.

Latest version of this document can be found at:
http://www.wallfire.org/misc/netfilter_conntrack_perf.txt

------------------------------------------------------------------------------

There are two parameters we can play with:
- the maximum number of allowed conntrack entries, which will be called CONNTRACK_MAX in this document
- the size of the hash table storing the lists of conntrack entries, which will be called HASHSIZE (see below for a description of the structure)

CONNTRACK_MAX is the maximum number of "sessions" (connection tracking entries) that can be handled simultaneously by netfilter in kernel memory.

A conntrack entry is stored in a node of a linked list, and there are several lists, each list being an element in a hash table.  So each hash table entry (also called a bucket) contains a linked list of conntrack entries.
To access a conntrack entry corresponding to a packet, the kernel has to:
- compute a hash value according to some defined characteristics of the packet.  This is a constant time operation.  This hash value will then be used as an index in the hash table, where a  list of conntrack entries is stored.
- iterate over the linked list of conntrack entries to find the good one.  This is a more costly operation, depending on the size of the list (and on  the position of the wanted conntrack entry in the list).

The hash table contains HASHSIZE linked lists.  When the limit is reached (the total number of conntrack entries being stored has reached CONNTRACK_MAX), each list will contain ideally (in the optimal case) about CONNTRACK_MAX/HASHSIZE entries.

The hash table occupies a fixed amount of non-swappable kernel memory, whether you have any connections or not.  But the maximum number of conntrack entries determines how many conntrack entries can be stored (globally into the
linked lists), i.e. how much kernel memory they will be able to occupy at most.


This document will now give you hints about how to choose optimal values for HASHSIZE and CONNTRACK_MAX, in order to get the best out of the netfilter conntracking/NAT system.

Default values of CONNTRACK_MAX and HASHSIZE
============================================

By default, both CONNTRACK_MAX and HASHSIZE get average values for "reasonable" use, computed automatically according to the amount of available RAM.

Default value of CONNTRACK_MAX
------------------------------

On i386 architecture, CONNTRACK_MAX = RAMSIZE (in bytes) / 16384 = RAMSIZE (in MegaBytes) * 64.
So for example, a 32 bits PC with 512MB of RAM can handle 512*1024^2/16384 = 512*64 = 32768 simultaneous netfilter connections by default.

But the real formula is:
CONNTRACK_MAX = RAMSIZE (in bytes) / 16384 / (x / 32) where x is the number of bits in a pointer (for example, 32 or 64 bits)

Please note that:
- default CONNTRACK_MAX value will not be inferior to 128
- for systems with more than 1GB of RAM, default CONNTRACK_MAX value is limited to 65536 (but can of course be set to more manually).

Default value of HASHSIZE
-------------------------

By default, CONNTRACK_MAX = HASHSIZE * 8.  This means that there is an average of 8 conntrack entries per linked list (in the optimal case, and when CONNTRACK_MAX is reached), each linked list being a hash table entry
(a bucket).

On i386 architecture, HASHSIZE = CONNTRACK_MAX / 8 = RAMSIZE (in bytes) / 131072 = RAMSIZE (in MegaBytes) * 8.
So for example, a 32 bits PC with 512MB of RAM can store 512*1024^2/128/1024 = 512*8 = 4096 buckets (linked lists)

But the real formula is:
HASHSIZE = CONNTRACK_MAX / 8 = RAMSIZE (in bytes) / 131072 / (x / 32) where x is the number of bits in a pointer (for example, 32 or 64 bits)

Please note that:
- default HASHSIZE value will not be inferior to 16
- for systems with more than 1GB of RAM, default HASHSIZE value is limited to 8192 (but can of course be set to more manually).

Reading CONNTRACK_MAX and HASHSIZE
==================================

Current CONNTRACK_MAX value can be read at runtime, via the /proc filesystem.

Before Linux kernel version 2.4.23, use:
# cat /proc/sys/net/ipv4/ip_conntrack_max

Since Linux kernel version 2.4.23 (thus Linux 2.6 as well), use:
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_max
  (old /proc/sys/net/ipv4/ip_conntrack_max is then deprecated!)


Current HASHSIZE is always available (for every kernel version) in syslog messages, as the number of buckets (which is HASHSIZE) is printed there at ip_conntrack initialization.
Since Linux kernel version 2.4.24 (thus Linux 2.6 as well), current HASHSIZE value can be read at runtime with:
# cat /proc/sys/net/ipv4/netfilter/ip_conntrack_buckets


Modifying CONNTRACK_MAX and HASHSIZE
====================================

Default CONNTRACK_MAX and HASHSIZE values are reasonable for a typical host, but you may increase them on high-loaded firewalling-only systems. 
So CONNTRACK_MAX and HASHSIZE values can be changed manually if needed.

While accessing a bucket is a constant time operation (hence the interest of having a hash of lists), keep in mind that the kernel has to iterate over a linked list to find a conntrack entry.  So the average size of a linked list (CONNTRACK_MAX/HASHSIZE in the optimal case when the limit is reached) must not be too big.  This ratio is set to 8 by default (when values are computed automatically).
On systems with enough memory and where performance really matters, you can consider trying to get an average of one conntrack entry per hash bucket, which means HASHSIZE = CONNTRACK_MAX.

Setting CONNTRACK_MAX
---------------------

Conntrack entries are stored in linked lists, so the maximum number of conntrack entries (CONNTRACK_MAX) can be easily configured dynamically.

Before Linux kernel version 2.4.23, use:
# echo $CONNTRACK_MAX > /proc/sys/net/ipv4/ip_conntrack_max

Since Linux kernel version 2.4.23 (thus Linux 2.6 as well), use:
# echo $CONNTRACK_MAX > /proc/sys/net/ipv4/netfilter/ip_conntrack_max

where $CONNTRACK_MAX is an integer.

Setting HASHSIZE
----------------

For mathematical reasons, hash tables have static sizes.  So HASHSIZE must be determined before the hash table is created and begins to be filled.

Before Linux kernel version 2.4.21, a prime number should be chosen for hash size, ensuring that the hash table will be efficiently populated. Odd non-prime numbers or even numbers are strongly discouraged, as the hash
distribution will be sub-optimal.

Since Linux kernel version 2.4.21 (thus Linux 2.6 as well), conntrack uses jenkins2b hash algorithm which is happy with all sizes, but power of 2 works best.


If netfilter conntrack is statically compiled in the kernel, the hash table size can be set at compile time, or (since kernel 2.6) as a boot option with
ip_conntrack.hashsize=$HASHSIZE


If netfilter conntrack is compiled as a module, the hash table size can be set at module insertion, with the following command:
# modprobe ip_conntrack hashsize=$HASHSIZE

where $HASHSIZE is an integer.

Since 2.6.14, it is possible to set hashsize dynamically at runtime, after boot and module load.

Between 2.6.14 and 2.6.19 (included), use:
# echo $HASHSIZE > /sys/module/ip_conntrack/parameters/hashsize

Since 2.6.20, use:
# echo $HASHSIZE > /sys/module/nf_conntrack/parameters/hashsize


Ideal case: firewalling-only machine
------------------------------------

In the ideal case, you have a machine _just_ doing packet filtering and NAT (i.e. almost no userspace running, at least none that would have a growing memory consumption like proxies, ...).

The size of kernel memory used by netfilter connection tracking is:
size_of_mem_used_by_conntrack (in bytes) = CONNTRACK_MAX * sizeof(struct ip_conntrack) + HASHSIZE * sizeof(struct list_head)
where:
- sizeof(struct ip_conntrack) can vary quite much, depending on architecture, kernel version and compile-time configuration. To know its size, see the kernel log message at ip_conntrack initialization time.
- sizeof(struct ip_conntrack) is around 300 bytes on i386 for 2.6.5, but heavy development around 2.6.10 make it vary between 352 and 192 bytes!
- sizeof(struct list_head) = 2 * size_of_a_pointer On i386, size_of_a_pointer is 4 bytes.

So, on i386, kernel 2.6.5, size_of_mem_used_by_conntrack is around CONNTRACK_MAX * 300 + HASHSIZE * 8 (bytes).

If we take HASHSIZE = CONNTRACK_MAX (if we have most of the memory dedicated to firewalling, see "Modifying CONNTRACK_MAX and HASHSIZE" section above), size_of_mem_used_by_conntrack would be around CONNTRACK_MAX * 308 bytes on i386 systems, kernel 2.6.5.

Now suppose your firewalling-only box has 512MB of RAM (a decent amount of memory considering today's memory prices). You have to spare a bit of memory for a few applications (syslog, etc.): 128MB should really be big
enough for a firewall in console mode, for example.
The rest can be dedicated to conntrack entries.
Then you could set both CONNTRACK_MAX and HASHSIZE approximately to:
(512 - 128) * 1024^2 / 308 =~ 1307315 (instead of 32768 for CONNTRACK_MAX,
and 4096 for HASHSIZE by default).
Since Linux 2.4.21 (thus Linux 2.6 as well), hash algorithm is happy with "power of 2" sizes (it used to be a prime number before).

So here we can set CONNTRACK_MAX and HASHSIZE to 1048576 (2^20), for example.

This way, you can store about 32 times more conntrack entries than the default, and get better performance for conntrack entry access.


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Last changes on Jan 10, 2008

Revision history:
0.8 Make the "Ideal case: firewalling-only machine" paragraph a bit more clearer.
0.7 Hashsize parameter can be set dynamically since Linux 2.6.14.  Thanks to Christopher A. Craig for the suggestion.
0.6 Hashsize parameter can be set at boot time with Linux 2.6.  Thanks to Tobias Diedrich for pointing this out.
0.5 Added further notice about the varying length of the conntrack structure.
0.4 Since Linux 2.4.21, hash algorithm is happy with all sizes, not only prime ones.  However, power of 2 is best.
0.3 Various small precisions.
0.2 Information about Linux kernel versions and corresponding /proc entries.
    (/proc/sys/net/ipv4/netfilter/ip_conntrack_{max,buckets}).
0.1 Initial writing, largely based on my discussions with Harald Welte (netfilter maintainer) on the netfilter-devel mailing-list.  Many thanks to him!

############## END ##############

 

Related Error Messages

Chances are that you came here because you saw an error similar to "ip_tables: (C) 2000-2002 Netfilter core team.  ip_conntrack version 2.1 (3071 buckets, 24568 max) - 360 bytes per conntrack".

 

Final Notes

Note that if you got a server with 1GB of memory or more, the default maximum connections will still be set to 64K (65536).  You can change that as indicated in the doc above. 

The server should be setting the CONNTRACK_MAX according to this formula with a 64K cap that can be changed manually (reference above) or set upon server boot:

  • For 32 bit server
    CONNTRACK_MAX = RAMSIZE (in bytes) / 16384

  • For 64 bit server
    CONNTRACK_MAX = RAMSIZE (in bytes) / 8192

This means that on a 64 bit OS server a larger CONNTRACK_MAX value can be set even if it has the same memory size as another server that is 32 bit OS.

Example:  If you got a 64 bit OS server with 2GB RAM, and you want the maximum connections to have available 1GB, then the formula says it would be 1073741824/8192 for a result of 131072.  Using the example above, the following would modify the CONNTRACK_MAX to be 131072:

# echo 131072 > /proc/sys/net/ipv4/ip_conntrack_max

IMPORTANT.  Upon reboot, the value set to ip_conntrack_max, using the command line echo method, would get wiped and set to 65536 (64K) upon server boot (startup).

 

Maybe Useful Website URLs

http://conntrack-tools.netfilter.org/

 

Feel Free To Leave A Good Comment. :)

Look around, and you may find other useful articles. Add this site to your Bookmarks/Favorites for easy return for new articles. Consider submitting technical articles for publication, including your embedded links. I will even create a new category if needed.