OK, I must admit it. I love to pipe commands, I always thought is one of the most powerful features of the linux command line.

The following case is an excellent example.

Now and then I’ve been experiencing random increments in my hard disk usage. And with increments I mean the whole processor was busy with I/O operations. I asked some colleagues, experienced Linux administrators if there were a tool like top, with which I would be able to find out which process is accessing the disk at most. No one came with an answer.

After some research I found a quite satisfactory solution using a bit of bash.


root@dell:~# pidstat -d | sort -nr -k 4 | head -10

[...]
16:18:50          898      0,00    236,30 0,00  kjournald2
16:18:50            1     28,97     44,90      1,17  init
16:18:50          416      0,00      6,07      0,00  kjournald2
16:18:50         1915      2,05      1,94      0,05  compiz.real
16:18:50         1204      0,90      0,40      0,01  cron
16:18:50        11618      0,00      0,31      0,07  bash
16:18:50         1125      1,54      0,16      0,00  mount.ntfs
16:18:50         8232      0,08      0,15      0,00  liferea
16:18:50         1344      0,09      0,13      0,00  devkit-power-da

This runs the command pidstat -d, which gives info about disk usage per pid. Then uses the fourth column as index to order numerically the ouput. Note the use of the -r modifier, this is because the normal operation of sort is to show the lower values first and we need the opposite in this case. Finally, the head command just show us the first 10 lines, this is more than necessary.

The fourth column of pidstat’s output is the number of kB (read) pro second. In case you cannot find any value really out of bounds, you can give it a try with “sort -nr -k 3″ which would give us the processes that went amok on reading.

As a further investigation you can use the PID of the process (second column) with lsof to find out which files are being accessed by the crazy proc and try to figure out the exact cause of the problem.

What you do now with this info is up to you :)

UPDATE: it looks like this is not the best method and there is already a “top-like” monitor for disk activity, called iotop.

root@dell:~# apt-get install iotop

« »