How to Monitor a server
=======================
To check for the server load and watch for process
---------------------------------------------------
nice top -c (To decrease the load of top command)
top
top –d2
top –c d2
Following command will show path to the script being utilized to send mail
==========================================================================
ps -C exim -fH eww
ps -C exim -fH eww | grep home
cd /var/spool/exim/input/
egrep "X-PHP-Script" * -R
Shows no of frozen emails
=========================
exim -bpr | grep frozen | wc -l
To remove FROZEN mails from the server
========================================
exim -bp | exiqgrep -i | xargs exim -Mrm
exiqgrep -z -i | xargs exim –Mrm
Check for spamming if anybody is using php script for sending mail through home
===============================================================================
tail -f /var/log/exim_mainlog | grep home
If anyone is spamming from /tmp
===============================
tail -f /var/log/exim_mainlog | grep /tmp
To display the IP and no of tries done bu the IP to send mail but rejected by the server
========================================================================================
tail -3000 /var/log/exim_mainlog |grep 'rejected RCPT' |awk '{print$4}'|awk -F\[ '{print $2} '|awk -F\] '{print $1} '|sort | uniq -c | sort -k 1 -nr | head -n 5
Shows the connections from a certain ip to the SMTP server
==============================================================
netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1
To shows the domain name and the no of emails sent by that domain
===================================================================
exim -bp | exiqsumm | more
If spamming from outside domain then you can block that domain or email id on the server
=========================================================================================
Vi /etc/antivirus.exim
if $header_from: contains “name@domain.com”
then
seen finish
endif
wq!
Check mail stats
===========================================================================================
exim -bp | exiqsumm | more
Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
=================================================================================================================================
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -n
That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.
==========================================================================================================================
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -n
Check if any php script is causing the mass mailing with
=========================================================
cd /var/spool/exim/input
egrep “X-PHP-Script” * -R
Just cat the ID that you get and you will be able to check which script is here causing problem for you.
To Remove particular email account email
========================================
exim -bpr |grep “ragnarockradio.org”|awk {‘print $3′}|xargs exim -Mrm
If Mysql causing the load so you can use following commands to check it
=======================================================================
mysqladmin pr
mysqladmin -u root processlist
mysqladmin version
watch mysqladmin proc
If Apache causing the load so check using following commands
============================================================
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort –n
netstat -an |grep :80 |wc –l
netstat -n | grep :80 | wc -l;uptime ; netstat -n | wc –l
netstat –tupl
pidof httpd
history | netstat
lsof -p pid
Use below mentioned command to get top memory consuming processes
=================================================================
ps aux | head -1;ps aux –no-headers| sort -rn +3 | head
Use below command to get top cpu consuming processes
=====================================================
ps aux | head -1;ps aux –no-headers | sort -rn +2 |more
You can check if any backup is going on, run the following commands
===================================================================
ps aux | grep pkg
ps aux | grep gzip
ps aux | grep backup
We can trace the user responsible for high web server resource usage by the folowing command
============================================================================================
cat /etc/httpd/logs/access_log | grep mp3
cat /etc/httpd/logs/access_log | grep rar
cat /etc/httpd/logs/access_log | grep wav etc
cat /etc/httpd/logs/access_log | grep 408 can be used to check for DDOS attacks on the server.
cat /etc/httpd/logs/access_log | grep rar
How to Monitor the services that is using up most of the cpu and memory on a server.
#ps auxfw|sort -nr|grep -v 0.0
To kill mysql process found in mysqladmin processlist
#mysqladmin kill process id
YOU CAN KILL NOBODY PROCESSESS
#kill -9 pid
#kill -9 $(pgrep -u nobody)
#kill -9 `ps -u nobody -o “pid=”`
#/etc/init.d/restart httpd
================================
List the connection to server
=============================
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
ADD this cron to log the server load in each 10 minuts to /var/log/messages
*/10 * * * * uptime | logger -t “SERVER LOAD”
http://www.joomlaperformance.com/articles/server_related/how_to_track_down_a_high_server_load_5_16.html