Wednesday, April 3, 2013

server monitoring

Code: [Select]
ssh root@hostname -p port (default 22)

3) exim

Code: [Select]
exiqgrep -z -i | xargs exim -Mrm - to delete frozen messages
exim -bpc - to know the message count
exim -bp - to list all the messages
exim -bp | exiqsumm - to list all the messages in a group
exim -bp | grep - to view mails under a particular user..for eg
exim -bp | grep | wc -l - to know count of mails under a particular user.for eg.
exim -Mvh id - to view a particular message header
exim -Mvb id -to view a particular message body
exiqgrep -f -i | xargs exim -Mrm - to remove messages under

Code: [Select]
mysqladmin stat proc
- to view mysql connections running
Code: [Select]
mysqladmin stat proc | grep username
- to view mysql connections running for a particular user
If the connections for a particular user is high, then look on whm daily process also
suspend user(/scripts/suspendacct username- in back end)

Code: [Select]
nice top -d 2 -u user
- to view services run by an individual user

8) \s - to check mysql uptime after getting into mysql using "mysql"

9) to check ddos

Code: [Select]
 pidof httpd

Code: [Select]
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
   -> this can be also used , if more than 100 connections from an IP, then block it.

c) But before blocking any IP, check whether it is server IP. You can check it by the command,

Code: [Select]
ifconfig | grep <ip>

Code: [Select]
csf -d ipaddress
- to block that ip(confirm its not server ip)

e) Also check apache status on whm

11) sites to check website speed and contents(useful when doing server tickets)
a) speed
b) contents

12) allowing access to particular ip,

Code: [Select]
allow from <ip> 
deny from all
( for allowing access from that particular ip only, enter this on .htaccess file of owners public_html.useful when unsuspending an account by giving access to owner's ip. Owner should provide his local ip from

Code: [Select]
(from windows)

Code: [Select]
(From Mac terminal)

14) when a lot of mails getting frozen for a mailid
Code: [Select]
grep "max emails" /var/log/exim_mainlog |tail
this is the proof, he is sending bulk mails

Code: [Select]
netstat -plan | grep :25
   - to find the connections(mail)

if see anything like
tcp        0      0                   ESTABLISHED 547580/sshd: username
tcp        0      0                   ESTABLISHED 547580/sshd: username
ie is a spammer wih script.suspend that account....

16) apache uptime - /usr/local/apache/bin/apachectl status
17) mysql uptime  -

                  mysql(enter mysql)

No comments:

Post a Comment