< Previous | Contents | Next >
3.4.5. Getting System Information and Logs
The free command displays information on memory; disk free (df) reports on the available disk space on each of the disks mounted in the file system. Its -h option (for human readable) converts the sizes into a more legible unit (usually mebibytes or gibibytes). In a similar fashion, the free command supports the -m and -g options, and displays its data either in mebibytes or in gibibytes, respectively.
$ free | ||||||
total | used | free | shared buff/cache | available | ||
Mem: | 2052944 | 661232 | 621208 | 10520 770504 | 1359916 | |
Swap: | 0 | 0 | 0 | |||
$ df | ||||||
Filesystem | 1K-blocks | Used | Available | Use% | Mounted on | |
udev | 1014584 | 0 | 1014584 | 0% | /dev | |
tmpfs | 205296 | 8940 | 196356 | 5% | /run | |
/dev/vda1 | 30830588 | 11168116 | 18073328 | 39% | / | |
tmpfs | 1026472 | 456 | 1026016 | 1% | /dev/shm | |
tmpfs | 5120 | 0 | 5120 | 0% | /run/lock | |
tmpfs | 1026472 | 0 | 1026472 | 0% | /sys/fs/cgroup | |
tmpfs | 205296 | 36 | 205260 | 1% | /run/user/132 | |
tmpfs | 205296 | 24 | 205272 | 1% | /run/user/0 |
The id command displays the identity of the user running the session along with the list of groups they belong to. Since access to some files or devices may be limited to group members, checking available group membership may be useful.
$ id
uid=1000(buxy) gid=1000(buxy) groups=1000(buxy),27(sudo)
$ id
uid=1000(buxy) gid=1000(buxy) groups=1000(buxy),27(sudo)
The uname -a command returns a single line documenting the kernel name (Linux), the hostname, the kernel release, the kernel version, the machine type (an architecture string such as x86_64), and the name of the operating system (GNU/Linux). The output of this command should usually be included in bug reports as it clearly defines the kernel in use and the hardware platform you are running on.
$ uname -a
Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux
$ uname -a
Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux
All these commands provide run-time information, but often you need to consult logs to under- stand what happened on your computer. In particular, the kernel emits messages that it stores in a ring buffer whenever something interesting happens (such as a new USB device being inserted, a failing hard disk operation, or initial hardware detection on boot). You can retrieve the kernel logs with the dmesg command.
Systemd’s journal also stores multiple logs (stdout/stderr output of daemons, syslog messages, kernel logs) and makes it easy to query them with journalctl. Without any arguments, it just dumps all the available logs in a chronological way. With the -r option, it will reverse the order so that newer messages are shown first. With the -f option, it will continuously print new log entries as they are appended to its database. The -u option can limit the messages to those emitted by a specific systemd unit (ex: journalctl -u ssh.service).