Trang chủ > Linux > How to Monitor Linux Server

How to Monitor Linux Server


Here you will get all Good tricks and tips how to monitor Linux Server or how to manage Linux Server if its causing load,  How to find Spammer, how to check http and mysql processes

General Commands

 

To check server load and which users are logged on the server with IP address you can fire this command

# w

To check for the server load and watch for process

top
top –d2
top –c d2
Memory status
free –m
To see all processes running on the server
ps –aufx

With above commands you can which process is causing load on the server after that you can go with next steps.

If you see many processes of exim then you can check exim in more detail. shows the total no of email in qmail

exim –bpc

Print a listing of the messages in the queue

exim -bp

Following command will show path to the script being utilized to send mail

ps -C exim -fH eww ps -C exim -fH eww | grep home cd /var/spool/exim/input/ egrep "X-PHP-Script" * -RShows no of frozen emails exim -bpr | grep frozen | wc -l  To remove FROZEN mails from the server 

exim -bp | exiqgrep -i | xargs exim -Mrm

exiqgrep -z -i | xargs exim –Mrm

Check for spamming if anybody is using php script for sending mail through home

tail -f /var/log/exim_mainlog | grep home

If anyone is spamming from /tmp

tail -f /var/log/exim_mainlog | grep /tmp

To display the IP and no of tries done bu the IP to send mail but rejected by the server.

tail -3000 /var/log/exim_mainlog |grep ‘rejected RCPT’ |awk ‘{print$4}’|awk -F\[ ‘{print $2} ‘|awk -F\] ‘{print $1} ‘|sort | uniq -c | sort -k 1 -nr | head -n 5

Shows the  connections from a certain ip to the   SMTP server

netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1

To shows the domain name and the no of emails sent   by that domain

exim -bp | exiqsumm | more

If  spamming from outside domain then you can block that domain or email id on the server

pico /etc/antivirus.exim

Add the following lines:

if $header_from: contains “name@domain.com”
then
seen finish
endif

Catching spammer

Check mail stats

exim -bp | exiqsumm | more

Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.

exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -n

That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.

exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -n

Check if any php script is causing the mass mailing with

cd /var/spool/exim/input

egrep “X-PHP-Script” * -R

Just cat the ID that you get and you will be able to check which script is here causing problem for you.

To Remove particular email account email

exim -bpr |grep “ragnarockradio.org”|awk {‘print $3′}|xargs exim -Mrm

If Mysql causing the load so you can use following commands to check it.

mysqladmin pr

mysqladmin -u root processlist

mysqladmin version

watch mysqladmin proc

If Apache causing the load so check using following commands.

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort –n

netstat -an |grep :80 |wc –l

netstat -n | grep :80 | wc -l;uptime ; netstat -n | wc –l

netstat –tupl

pidof httpd

history | netstat

lsof -p pid

If mysql is causing load so you can check it using following commands.

 

 

mysqladmin -u root processlist

mysqladmin version

watch mysqladmin proc

mysqladmin -u root processlist

 

Other Useful Commands

To check ipd of php

pidof php

lsof  -p pid

netstat -an |grep :80 |wc –l

netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n

netstat -na |grep :80 |sort

Use below mentioned command to get top memory consuming processes

ps aux | head -1;ps aux –no-headers| sort -rn +3 | head

Use below command to get top cpu consuming processes

ps aux | head -1;ps aux –no-headers | sort -rn +2 |more

You can check if any backup is going on, run the following commands

 

ps aux | grep pkg

ps aux | grep gzip

ps aux | grep backup

We can trace the user responsible for high web server resource usage by the folowing command

cat /etc/httpd/logs/access_log | grep mp3

cat  /etc/httpd/logs/access_log | grep rar

cat  /etc/httpd/logs/access_log | grep wav etc

cat /etc/httpd/logs/access_log | grep 408 can be used to check for DDOS attacks on the server.

 

cat  /etc/httpd/logs/access_log | grep rar

Advertisements
  1. Không có bình luận
  1. No trackbacks yet.

Trả lời

Mời bạn điền thông tin vào ô dưới đây hoặc kích vào một biểu tượng để đăng nhập:

WordPress.com Logo

Bạn đang bình luận bằng tài khoản WordPress.com Đăng xuất / Thay đổi )

Twitter picture

Bạn đang bình luận bằng tài khoản Twitter Đăng xuất / Thay đổi )

Facebook photo

Bạn đang bình luận bằng tài khoản Facebook Đăng xuất / Thay đổi )

Google+ photo

Bạn đang bình luận bằng tài khoản Google+ Đăng xuất / Thay đổi )

Connecting to %s

%d bloggers like this: