Nice and useful commands

Tue 31 July 2007

To capture the running state of the system. Start with the running processes on the system. Enter the following:

    (ps -aux; ps -auxeww; lsof) > current_procs.txt

Grab the contents of the /proc directory. Enter the following:

    tar -cvpf proc_directory.tar /proc/[0-9]*

Take a snapshot of the network state of the system. Enter the following:

    (date; uname -a; netstat -p; netstat -rn; arp -v) > network_status.txt

Take a snapshot of the currently active and kernel memory.

    dd bs=1024 < /dev/mem > mem
    dd bs=1024 < /dev/kmem > kmem

Taking a Disk Snapshot:

    dd if=/dev/hda1 bs=1024 > hda1