Sar

Sar, the system activity reporter, is a simple tool for gathering system statistics over a long period of time. Sar comprises several parts:

• sar: Displays recorded data in readable form. Can extract certain sections from the binary data and limit the period for queries.
• sadc: Records the system data in binary form.
• sa1 and sa2: Scripts about which the cron daemon regularly records data.
• sadf: Converts sar data into different formats.

Retrieving and Recording Data

You can access sar interactively on the command line for ad hoc analyses. Samples and interval values also determine how many data records sar writes to the standard output and at what intervals. The example in Listing 5 outputs data on CPU consumption – three data records at an interval of two seconds.

The second path leads through a binary output file whose values are extracted later using the sar command. You will first receive all the values that sar can request in the binary file. The command

sar -o sar.out 5 >/dev/null 2>&1

records all the statistics in the binary file sar.out in a five-second interval. The option -o causes sar to collect all data. The option -S ALL is consigned to the data collector sadc. You can then easily limit the range to be queried in the analysis step (Listing 6). The focus here is only on the network interfaces traffic. I/O transfer rates can be queried just as well from the same file (Listing 7). Figure 1, a graphic by Brendan Gregg, impressively shows which sections sar covers [4].

Figure 1: The sar tool covers many sections of interest in performance analysis (CC BY-SA 4.0).

sadc

Sar not only has an interactive mode, it also records data over a long period of time. This is particularly helpful for documenting the effects of regular changes to a system. The best thing to do is set up sadc at the very beginning of a system run, so baseline performance data is available.

Sadc is accessed regularly via cron. In Ubuntu, you can just change the parameter to ENABLED="true" in the file /etc/default/sysstat. The data collector will start after restarting sysstat using

$ sudo service sysstat restart

Two scripts have become active in the background via cron:

• sa1, which is defined in /etc/cron.d/sysstat and triggers sadc to collect data every 10 minutes.
• sa2, which is defined in /etc/cron.daily/sysstat and generates a report daily from the binary data via sar.

The performance data – generated by the two scripts – lingers in the directory /var/log/sysstat in files saX and sarX, where X is the day of recording. Sadc stores these logfiles retroactively for seven days by default; it is possible to increase this interval in the file /etc/sysstat/sysstat.