One command to see what is going on with your Linux server right now.
Project description
wtftools
One command to see what is going on with your Linux server right now.
English | Español | Português | Français | Deutsch | Italiano | Русский | 中文 | 日本語 | हिन्दी | 한국어
You log in to a server and something feels wrong. Instead of running ten
commands (htop, df -h, journalctl, systemctl --failed, …) you run one:
$ wtf
# AUDIT
[ OK ] uptime 3d 4h 12m
[ OK ] load average 0.42 0.51 0.55 / 8 CPU
[ OK ] memory 4.1GB / 16.0GB used (25%)
[WARN] disk /var 17.0GB / 20.0GB used (85%)
[FAIL] failed systemd units 1 failed unit(s)
Summary: 12 ok · 1 warn · 1 fail · 2 skip
Green is fine, yellow needs a look, red needs fixing. wtftools is a
read-only, dependency-free CLI (Python standard library only; psutil
optional) that turns a pile of diagnostic commands into one readable answer —
and a machine-readable one when you pipe it.
What it can do
- Health audit — 35+ checks (disk, memory, swap, load, PSI, OOM kills, failed units, cert expiry, SMART, temperatures, DNS, …) as a green / yellow / red checklist.
- Per-resource views — ask about one thing at a time, like
showcommands on a switch:wtf disk,wtf cpu,wtf mem,wtf net,wtf docker, … - Incident triage —
wtf problems,wtf events,wtf logs,wtf services <unit>,wtf explain(optionally through a local or hosted LLM). - Trends & alerting —
wtf daily, snapshots +wtf diff, cron alerts — no monitoring stack required. - Scriptable —
-f jsonon every command and-f plain(tab-separated) on the resource and audit views; the JSON carries aschema_versionso scripts survive upgrades — for grep / awk / jq. - Beginner-friendly —
--show-commandsprints the classic commands each view replaces, so you can learn them by hand.
Install
pipx install wtftools # recommended — works on any modern distro
pip install wtftools # or classic pip (core, no dependencies)
pip install wtftools[full] # + psutil for richer process/socket info
sudo dpkg -i python3-wtftools_*.deb # Debian/Ubuntu package (see Releases)
After install you have the wtf command. Enable <Tab> completion by adding
one line to your shell rc:
echo 'eval "$(wtf completion bash)"' >> ~/.bashrc # bash
echo 'eval "$(wtf completion zsh)"' >> ~/.zshrc # zsh
New here? Start with the 5-minute quickstart.
Commands
Run wtf <command> --help for flags. Each command links to its reference page
with examples.
Health & monitoring — docs/AUDIT.md
| command | what it does |
|---|---|
wtf / wtf audit |
green/yellow/red checklist of what is OK and what is not |
wtf problems |
only the WARN+FAIL rows |
wtf daily |
morning check: audit + diff vs last run + events |
wtf explain |
actionable advice per finding; --llm to pipe to an LLM |
wtf events |
timeline: reboots, OOM kills, failed units, … |
wtf logs |
recent ERROR+ journal entries grouped by service |
wtf services |
drill into one unit: state, restarts, ports, journal |
wtf diff |
compare current state to a saved snapshot |
wtf history |
list saved audit snapshots |
wtf crontab |
validate system + per-user crontabs |
wtf doctor |
self-diagnostic: which tools/files wtf can use |
Resource views — docs/RESOURCES.md
| command | what it does |
|---|---|
wtf disk [PATH] |
mounts overview; with a PATH, the largest folders; --tree drills in |
wtf cpu |
load, iowait, pressure, top CPU consumers |
wtf mem |
RAM/swap, OOM kills, top memory consumers |
wtf net |
interfaces, gateway, DNS, errors, listening ports |
wtf io |
per-device IO rates, pressure, stuck processes |
wtf who |
logged-in users, recent logins, failed auth |
wtf temp |
hardware temperatures from /sys/class/hwmon |
wtf info |
one-page snapshot: all of the above at once |
wtf top |
focused process top: sort by cpu/rss, filter by user/name |
wtf ports / wtf port N |
listening sockets; drill one port to PID, exe, cwd |
wtf docker [NAME] |
container compose dir + image/container/log sizes |
Output & configuration
| command | what it does |
|---|---|
wtf config |
show effective config / print a commented example |
wtf completion |
print a bash/zsh <Tab>-completion script |
| machine output | plain/json formats and a grep·awk·jq cookbook |
wtftools absorbs and supersedes
checkcrontab — the same cron
validator now lives at wtf crontab.
Documentation
- QUICKSTART.md — 5-minute onboarding and a cheat sheet
- AUDIT.md — health checks, monitoring, exit codes, the full check list
- RESOURCES.md — per-resource views with examples
- OUTPUT.md —
plain/jsonformats and the scripting cookbook - CONFIG.md — config file, thresholds, ignoring checks
Compatibility
- Python 3.9+
- Linux (systemd distributions are the happy path; the tool degrades
gracefully when
systemctl/journalctl/psutilare missing) - No network access required for the core CLI; optional network only for
wtf explain --llm …andwtf doctor --check-updates
From source
git clone https://github.com/wachawo/wtftools
cd wtftools
pip install -e .
python3 wtf.py audit # or run it without installing
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wtftools-0.0.2.tar.gz.
File metadata
- Download URL: wtftools-0.0.2.tar.gz
- Upload date:
- Size: 141.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
87e2e31b4cbd785b97d3c0401c8702b37a60d09ece579349057524b3db7402a1
|
|
| MD5 |
e9bfd62f91a2395877e088a95ab839c0
|
|
| BLAKE2b-256 |
19a43821acf4f0eee6eb4e4c72c1cb56c05d7e17129185ea7d8b1d8ba051f979
|
Provenance
The following attestation bundles were made for wtftools-0.0.2.tar.gz:
Publisher:
publish.yml on wachawo/wtftools
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wtftools-0.0.2.tar.gz -
Subject digest:
87e2e31b4cbd785b97d3c0401c8702b37a60d09ece579349057524b3db7402a1 - Sigstore transparency entry: 2043965693
- Sigstore integration time:
-
Permalink:
wachawo/wtftools@215a4031bdbc8a6b1fe44c5a4572c68325bd892c -
Branch / Tag:
refs/tags/v0.0.2 - Owner: https://github.com/wachawo
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@215a4031bdbc8a6b1fe44c5a4572c68325bd892c -
Trigger Event:
push
-
Statement type:
File details
Details for the file wtftools-0.0.2-py3-none-any.whl.
File metadata
- Download URL: wtftools-0.0.2-py3-none-any.whl
- Upload date:
- Size: 86.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6261e91a1f4b48a9000cbdd892af62ce3f00757f25c58450a8d273e00c168e5a
|
|
| MD5 |
9ec8bda2f7c04943cc2e31e53da58421
|
|
| BLAKE2b-256 |
70552fcb4d4773eadd93ddab77371a17c42624e74eed7f2cd19b782a8b479498
|
Provenance
The following attestation bundles were made for wtftools-0.0.2-py3-none-any.whl:
Publisher:
publish.yml on wachawo/wtftools
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wtftools-0.0.2-py3-none-any.whl -
Subject digest:
6261e91a1f4b48a9000cbdd892af62ce3f00757f25c58450a8d273e00c168e5a - Sigstore transparency entry: 2043965702
- Sigstore integration time:
-
Permalink:
wachawo/wtftools@215a4031bdbc8a6b1fe44c5a4572c68325bd892c -
Branch / Tag:
refs/tags/v0.0.2 - Owner: https://github.com/wachawo
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish.yml@215a4031bdbc8a6b1fe44c5a4572c68325bd892c -
Trigger Event:
push
-
Statement type: