Lesson 1Memory analysis: free -m, /proc/meminfo, slabtop, smem—interpreting used vs available memory and swap behaviourHere you will check memory behaviour using free, /proc/meminfo, slabtop, and smem. The section explains Linux caching, buffers, and reclaim, how to read swap usage, and how to find memory leaks, fragmentation, and wrong limits.
Reading free -m and understanding cached memoryKey fields in /proc/meminfo for diagnosisUsing slabtop to inspect kernel slab usageUsing smem to attribute memory per processRecognizing swap thrashing and OOM risksLesson 2Network usage and bottlenecks: iftop, nload, ss, netstat, ip -s link, tc, tcpdump—identifying network saturation and problematic connectionsThis section covers finding network usage and bottlenecks using iftop, nload, ss, ip, tc, and tcpdump. You will learn to spot saturation, noisy neighbours, connection states, and packet issues that make applications slow.
Monitoring live bandwidth with iftop and nloadInspecting sockets and states with ssUsing ip -s link to view interface errorsBasics of tc for shaping and rate limitingTargeted packet capture with tcpdumpLesson 3Storage latency and deeper I/O: blktrace, bpftrace (basic scripts), fio for tests—how to measure and interpret latency and throughputThis section covers storage latency and deeper I/O analysis using blktrace, basic bpftrace scripts, and fio benchmarks. You will learn how to measure latency and throughput, read queue depth, and tell device limits from workload problems.
Understanding latency, IOPS, and throughputUsing blktrace to inspect block I/O patternsIntroductory bpftrace scripts for disk latencyDesigning fio workloads that mimic productionReading fio reports and spotting bottlenecksLesson 4Process investigation: ps, top/htop filters, pgrep, pidstat, nice/renice—how to find CPU- and memory-heavy processesYou will learn to check processes with ps, top or htop filters, pgrep, pidstat, and nice or renice. The section shows how to find CPU and memory heavy tasks, track per process I/O, and adjust priorities to cut contention.
Listing and filtering processes with psUsing pgrep and pkill safely and preciselyUsing pidstat for per process CPU and I/OFiltering top and htop by user or resourceAdjusting priorities with nice and reniceLesson 5System resource overview: top, htop, vmstat, mpstat, dstat—what each shows and expected output patternsHere you will learn to read system-wide resource snapshots using tools like top, htop, vmstat, mpstat, and dstat. The section focuses on understanding CPU, memory, and load metrics, and recognising normal versus bad usage patterns.
Key CPU, load, and memory fields in topUsing htop for interactive process analysisvmstat for run queue, swap, and I/O insightmpstat for per-CPU utilisation and steal timedstat for combined multi-resource timelinesLesson 6Disk I/O and filesystem checks: iostat, iotop, sar -d, lsblk, df -h, du -sh, tune2fs, xfs_info—detecting I/O bottlenecks and low spaceThis section focuses on disk I/O and filesystem health using iostat, iotop, sar -d, lsblk, df, du, tune2fs, and xfs_info. You will learn to detect saturation, queue buildup, filesystem errors, and low space that harm performance.
Using iostat to spot busy and slow devicesUsing iotop to find I/O heavy processessar -d for historical disk utilisation trendsChecking layout and types with lsblk and dfFinding space hogs with du and inode checksLesson 7System logs and journaling: journalctl (systemd), /var/log/messages, /var/log/syslog, auth logs—what to search for and whyThis section explains how to use systemd journalctl and classic log files such as /var/log/messages, /var/log/syslog, and authentication logs. You will learn what patterns to search for, how to filter noise, and how logs help root cause analysis.
journalctl basics and useful filtering optionsReading /var/log/messages and /var/log/syslogFinding errors, warnings, and rate-limited eventsAnalysing authentication and sudo related logsCorrelating log timestamps with incidentsLesson 8Time-based and historical monitoring: sar, sysstat, collectl—collecting and reading historical metrics to correlate eventsYou will learn how to collect and read historical metrics using sar, sysstat, and collectl. The section explains how to schedule data collection, read time series reports, and link performance anomalies with configuration changes or deployments.
Enabling and configuring sysstat collectionUsing sar for CPU, memory, and I/O historyReading sar network and load average trendsUsing collectl for multi-resource timelinesCorrelating metrics with change windowsLesson 9Kernel and scheduler insights: dmesg, sysctl -a, /proc/sys/vm parameters—what kernel messages and tunables revealHere you will explore kernel and scheduler insights using dmesg, sysctl, and /proc/sys/vm parameters. The section explains how kernel messages, tunables, and scheduler behaviour reveal hardware issues, misconfigurations, and tuning options.
Reading dmesg for hardware and driver issuesListing and querying sysctl tunable valuesKey /proc/sys/vm parameters for memoryScheduler related kernel parameters overviewSafely persisting kernel tuning changesLesson 10Approach to root cause determination: step-by-step decision tree to classify issues as CPU, RAM, disk I/O, or networkThis section presents a practical decision tree for root cause analysis. You will learn how to classify incidents as CPU, memory, disk I/O, or network bound, which tools to run in each branch, and how to refine hypotheses using evidence.
Initial triage and problem statementClassifying CPU versus I/O bound symptomsDistinguishing memory pressure from leaksIdentifying network versus local bottlenecksIterative hypothesis testing with metrics
