Here you will get all Good tricks and tips how to monitor Linux
Server or how to manage Linux Server if its causing load, How to find
Spammer, how to check http and mysql processes.
If you see many processes of exim then you can check exim in more detail. shows the total no of email in qmail
To Remove particular email account email
To check ipd of php
General Commands,
To check server load and which users are logged on the server with IP address you can fire this commandwTo check for the server load and watch for process
Memory statustoptop –d2top –c d2
free –mTo see all processes running on the server
ps –aufxWith above commands you can which process is causing load on the server after that you can go with next steps.
If you see many processes of exim then you can check exim in more detail. shows the total no of email in qmail
exim –bpcPrint a listing of the messages in the queue
exim -bpFollowing command will show path to the script being utilized to send mail
Shows no of frozen emailsps -C exim -fH eww ps -C exim -fH eww | grep homecd /var/spool/exim/input/ egrep "X-PHP-Script" * -R
exim -bpr | grep frozen | wc -lTo remove FROZEN mails from the server
exim -bp | exiqgrep -i | xargs exim -MrmCheck for spamming if anybody is using php script for sending mail through home
exiqgrep -z -i | xargs exim –Mrm
tail -f /var/log/exim_mainlog | grep homeIf anyone is spamming from /tmp
tail -f /var/log/exim_mainlog | grep /tmpTo display the IP and no of tries done bu the IP to send mail but rejected by the server.
tail -3000 /var/log/exim_mainlog |grep ‘rejected RCPT’ |awk ‘{print$4}’|awk -F\[ '{print $2} '|awk -F\] ‘{print $1} ‘|sort | uniq -c | sort -k 1 -nr | head -n 5Shows the connections from a certain ip to the SMTP server
netstat -plan|grep :25|awk {‘print $5′}|cut -d: -f 1|sort|uniq -c|sort -nk 1To shows the domain name and the no of emails sent by that domain
exim -bp | exiqsumm | moreIf spamming from outside domain then you can block that domain or email id on the server
pico /etc/antivirus.eximAdd the following lines:
if $header_from: contains “name@domain.com”
then
seen finish
endif
Catching spammer
Check mail statsexim -bp | exiqsumm | moreFollowing command will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” | sort | uniq -c | sort -nThat will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.
exim -bpr | grep “<*@*>” | awk ‘{print $4}’|grep -v “<>” |awk -F “@” ‘{ print $2}’ | sort | uniq -c | sort -nCheck if any php script is causing the mass mailing with
cd /var/spool/exim/inputJust cat the ID that you get and you will be able to check which script is here causing problem for you.
egrep “X-PHP-Script” * -R
To Remove particular email account email
exim -bpr |grep “ragnarockradio.org”|awk {‘print $3′}|xargs exim -MrmIf Mysql causing the load so you can use following commands to check it.
mysqladmin pr
mysqladmin -u root processlist
mysqladmin version
watch mysqladmin proc
If Apache causing the load so check using following commands.
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort –n
netstat -an |grep :80 |wc –l
netstat -n | grep :80 | wc -l;uptime ; netstat -n | wc –l
netstat –tupl
pidof httpd
history | netstat
lsof -p pid
If mysql is causing load so you can check it using following commands.
mysqladmin -u root processlistmysqladmin versionwatch mysqladmin procmysqladmin -u root processlist
Other Useful Commands
To check ipd of php
pidof phpUse below mentioned command to get top memory consuming processes
lsof -p pid
netstat -an |grep :80 |wc –l
netstat -ntu | awk ‘{print $5}’ | cut -d: -f1 | sort | uniq -c | sort -n
netstat -na |grep :80 |sort
ps aux | head -1;ps aux –no-headers| sort -rn +3 | headUse below command to get top cpu consuming processes
ps aux | head -1;ps aux –no-headers | sort -rn +2 |moreYou can check if any backup is going on, run the following commands
ps aux | grep pkg
ps aux | grep gzip
ps aux | grep backup
We can trace the user responsible for high web server resource usage by the folowing command
cat /etc/httpd/logs/access_log | grep mp3
cat /etc/httpd/logs/access_log | grep rar
cat /etc/httpd/logs/access_log | grep wav etc
cat /etc/httpd/logs/access_log | grep 408 can be used to check for DDOS attacks on the server.
cat /etc/httpd/logs/access_log | grep rar
No comments:
Post a Comment