Linux server load monitor Commands
The load average tries to measure the number of active processes at any time. High load averages usually mean that the system is being used heavily and the response time is correspondingly slow. The server load is influenced by memory usage, CPU usage, size of swap file etc. Following are few commands used for the Linux server load monitoring and maintenance Commands. Linux server Load monitoring and controlling commands.
Load monitoring and controlling
#top -cd3 #ps -aufx | grep nobody
#ps -aufx | grep pkgacct
#ps -aufx | grep mysql
How to kill nobody processes
#kill -9 pid
#kill -9 $(pgrep -u nobody)
#kill -9 `ps -u nobody -o “pid=”`
#/etc/init.d/restart httpd
To delete frozen mails
#exim -bpr | grep frozen | awk {‘print $3’} | xargs exim -Mrm
To kill mysql process found in mysqladmin processlist.
#mysqladmin kill
How to Monitor the services that is using up most of the cpu and memory on a server.
#ps auxfw|sort -nr|grep -v 0.0
Following command will show path to the script being utilized to send mail (spam).
ps -C exim -fH eww ps -C exim -fH eww | grep home
cd /var/spool/exim/input/
egrep “X-PHP-Script” * -R
Shows no of frozen emails
exim -bpr | grep frozen | wc -l
To remove FROZEN mails from the server
exim -bp | exiqgrep -i | xargs exim -Mrm exiqgrep -z -i | xargs exim –Mrm
Check for spamming if anybody is using php script for sending mail through home
tail -f /var/log/exim_mainlog | grep home
If anyone is spamming from /tmp
tail -f /var/log/exim_mainlog | grep /tmp
For spamming issue or high mail queue you can check the logs
tail -f /var/log/exim_mainlog | grep sendmail,public_html,tmp
Shows the connections from a certain ip to the SMTP server.
netstat -plan|grep :25|awk {‘print $5’}|cut -d: -f 1|sort|uniq -c|sort -nk 1
To shows the domain name and the no of emails sent by that domain.
exim -bp | exiqsumm | more
If spamming from outside domain then you can block that domain or email id on the server.
vi /etc/antivirus.exim
Add the following lines:
if $header_from: contains “name@domain.com” then seen finish endif
Following command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
exim -bpr | grep “” | awk ‘{print $4}’ |grep -v “<>” | sort | uniq -c | sort -n
That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.
exim -bpr | grep “” | awk ‘{print $4}’ |grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -n
Just cat the ID that you get and you will be able to check which script is here causing problem for you. To Remove particular email account email
exim -bpr |grep “ragnarockradio.org”|awk {‘print $3’}|xargs exim -Mrm 1S1hzb-0000rS-Fb
If Mysql causing the load so you can use following commands to check it.
mysqladmin pr mysqladmin -u root processlist mysqladmin version watch mysqladmin proc
If Apache causing the load so check using following commands:
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
netstat -an |grep :80 |wc –l
netstat -n | grep :80 | wc -l;uptime ;
netstat -n | wc -l
netstat -tupl pidof httpd history | netstat lsof -p pid
Use below mentioned command to get top memory consuming processes.
ps aux | head -1;ps aux -no-headers| sort -rn | head
Use below command to get top cpu consuming processes
ps aux | head -1;ps aux -no-headers | sort -rn |more
You can check if any backup is going on, run the following commands.
ps aux | grep pkg ps aux | grep gzip ps aux | grep backup
How to block and accept IP.
iptables -A INPUT -s 122.174.12.228 -j DROP iptables -A INPUT -s 122.174.12.228 -j ACCEPT iptables -L -n | grep 122.168.29.226
We can trace the user responsible for high web server resource usage by the folowing command
cat /etc/httpd/logs/access_log | grep mp3
cat /etc/httpd/logs/access_log | grep rar
cat /etc/httpd/logs/access_log | grep wav etc
cat /etc/httpd/logs/access_log | grep 408
can be used to check for DDOS attacks on the server.
cat /etc/httpd/logs/access_log | grep rar
A quick and useful command for checking if a server is under ddos:
netstat -anp |grep ‘tcp|udp’ | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
netstat -n | grep :80 |wc –l
netstat -n | grep :80 | grep SYN |wc -l
I hope all command are useful for monitoring server load.