baseline_atop

The cake function baseline_atop installs atop, a top like monitor that saves system statistics to disk. Basically top with into-the-past time-traveling abilities.

Information

Key	Value
Playbook path	plays/baseline/atop.yml
Role	https://git.blunix.com/ansible-roles/role-atop
Tags	https://git.blunix.com/ansible-roles/role-atop/-/tags
Defaults	https://git.blunix.com/ansible-roles/role-atop/-/blob/master/defaults/main.yml

Config file	Description
/etc/default/atop	Defines logfile path and log interval (default: 30 seconds)

Usage

atop command

The atopd daemon creates logfiles below /var/log/atop/, which can be viewed using the atop tool. To view todays logs use the following command while using t to jump forward in time and T to skip backwards:

atop -r /var/log/atop/atop_$(date +%Y%m%d)

Use the following keys to navigate the interface. See man atop for further instructions.

t - Skips forwards in time to next snapshot
T - When viewing the contents of a raw file, this key can be used to show the previous sample from the file.
P - Enter search string - http / postgres etc....
b - [Enter time] - When viewing the contents of a raw file, this key can be used to jump to a certain timestamp within the file (either forwards or backwards).
r - skip back to start of file with current filter applied

More advanced usage examples:

• atoptoopnl/extras.php
• atoptoolnl/download/atopscripts-1.1.tgz

atopsar command

atopsar can be used to generate reports. The flag -A triggers all available reports to be generated, starting from 13:00 (-b) till 13:35 (-e):

atopsar -A -b 13:00 -e 13:35

For further information refer to atoptool.nlsystemreports.php

/var/log/atop/

You can view the logfile "raw" by using atop -r /var/log/atop/atop_$(date +%Y%m%d) -P PRG.

This thread on stackexchange.com describes some BASH magic to extract the logfile manually:

# Install zlib-flate
xxd -p < /var/log/atop/atop_$(date +%Y%m%d).log |
  fold -w4 |
  awk -v cmd='xxd -r -p | zlib-flate -uncompress | strings' '
    /789c/{if (x) close(cmd); x=1}; x {print | cmd}' |
  grep your-command

Quote from stackexchange.com:

The idea being to detect the zlib header (starting with 789c) and pass that to zlib-flate-uncompress. Not guaranteed bulletproof and not the most efficient way to do it, but does the trick for me. Alternatives to zlip-flate-uncompress (part of qpdf) include openssl zlib -d and pigz -zd.