If you have any kind of server connected to the Internet, you are no doubt aware that no matter how small or unimportant it might seem, it is frequently probed, tested or subject to various attempts at abuse. These attacks come from so many malicious hosts that it is impossible to keep track by hand. So I started looking for a way to implement an automated blocklist to use with iptables and firewalld which I use on my servers.
To monitor system behavior, you need to start by creating a baseline that represents normal system behavior. You can do this using a tool like the sar command. You can then use tools such as netstat, iostat, lsof, w and uptime to monitor system behavior, comparing the results to the baseline to determine whether the system is experiencing problems.
Capacity planning involves predicting what the capacity requirements for a system will be in future, and planning how to meet these requirements. Monitoring system resource use is important for capacity planning, because it establishes whether existing resource use is approaching capacity limits.
In Linux you can use a range of tools to monitor system resource use. These include the top, ps, pstree, vmstat, sar and free commands.