Specification of system load monitoring tools

• Authors : Tomáš Mokoš, Marek Brodec

Nload

Version : 0.7.4

Nload is a console application which monitors network traffic and bandwidth usage in real time. The gathered statistics are displayed in two separate graphs (one for uplink and one for downlink). Nload also provides detailed information about the total amount of transferred data and average, minimum and maximum transfer rate. We used this application in its simplest mode – Nload interface. There are, however, many different display options and additional configuration options you can read about in the application’s man page – $ man nload.

Installation:

• download the package

apt-get install nload 

Use:

• run on interface enp0s9

nload enp0s9 

Abort: Ctrl+c or “q”

Iftop

Version : 1.25

Iftop is an application which monitors network traffic on a specified interface or, if no interface is specified, on the first interface it manages to find. Current bandwidth usage data is displayed as a table in pairs of inbound and outbound communication. Again, it is possible to expand usage with command options found in the application’s man page – $ man iftop.

Installation:

• download the package

apt-get install iftop 

Use:

• run on interface enp0s9 in promiscuous mode (-p), we want to monitor an interface with mirrored traffic coming through, therefore we also want to capture packets whose destination IP address is not our own or a broadcast address.

iftop -i enp0s9 -p  

Bigdesk

Version : 2.5.0

Bigdesk is the simplest plugin available, that can make monitoring what Elasticsearch is doing at the time, much easier.

Plugin installation consists of several steps:

• go to elasticsearch directory

cd /data/moloch/elasticsearch-2.4.0/bin  

• install the plug-in itself while ignoring user access rules (-b) and displaying installation progress on terminal (-v)

./plugin install https://github.com/lukas-vlcek/bigdesk/archive/master.zip -v -b 

• access the plugin using IP address and port where, depending on configuration, the Elasticsearch cluster is running.

http://IP_adress:port_number/_plugin/bigdesk/

Graph illustration, where the allocated amount of RAM for Elasticsearch and the amount used in the past 5 minutes is displayed. This interval can be changed from the past 10 seconds up to 1 hour, the graph refresh interval can be changed from 1 second up to 30 seconds.

In the following illustration, CPU and RAM usage can be seen, in this instance, it is the overall load caused by all processes, not just the instance of Elasticsearch. Since we have turned swapping off during Moloch installation, the respective graph is empty.

The last illustration displays miscellaneous search and data indexing statistics as both numbers and time units.

Head

Version : 0.1.3

Head is a front-end API that enables browsing and interacting with the Elasticsearch cluster. It also makes Elasticsearch status available for viewing and enables work with the individual daily index batches.

There are several alternatives for plug-in installation, two of the most common are listed down below:

• download and install plugin repository

git clone git://github.com/mobz/elasticsearch-head.git 

• go to installation directory

cd elasticsearch-head  

• run installation

npm install 

• start the plug-in

npm run start  

• access the plugin using IP address and port where, depending on configuration, the Elasticsearch cluster is running.

http://IP_address:port_number/_plugin/head/

Alternatively:

• install the plug-in itself

sh /data/moloch/elasticsearch-2.4.0/bin/plugin install mobz/elasticsearch-head 

• access the plug-in using IP address and port where, depending on configuration, the Elasticsearch cluster is running.

http://IP_address:port_number/_plugin/head/

Bigdesk and Elasticsearch Head plugins are not working since Elasticsearch 5.x, because of change in Elasticsearch database architecture.

Sources

• Report Projekt 1-2 – Marek Brodec