Wednesday, April 3, 2013

server monitoring

1)
Code: [Select]
ssh root@hostname -p port (default 22)

3) exim

Code: [Select]
exiqgrep -z -i | xargs exim -Mrm - to delete frozen messages
exim -bpc - to know the message count
exim -bp - to list all the messages
exim -bp | exiqsumm - to list all the messages in a group
exim -bp | grep centralph.com - to view mails under a particular user..for eg centralph.com
exim -bp | grep centralph.com | wc -l - to know count of mails under a particular user.for eg. centralph.com
exim -Mvh id - to view a particular message header
exim -Mvb id -to view a particular message body
exiqgrep -f centralph.com -i | xargs exim -Mrm - to remove messages under centralph.com

6)
Code: [Select]
mysqladmin stat proc
- to view mysql connections running
Code: [Select]
mysqladmin stat proc | grep username
- to view mysql connections running for a particular user
If the connections for a particular user is high, then look on whm daily process also
suspend user(/scripts/suspendacct username- in back end)

7)
Code: [Select]
nice top -d 2 -u user
- to view services run by an individual user

8) \s - to check mysql uptime after getting into mysql using "mysql"

9) to check ddos

a)
Code: [Select]
 pidof httpd

b)
Code: [Select]
netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1
   -> this can be also used , if more than 100 connections from an IP, then block it.

c) But before blocking any IP, check whether it is server IP. You can check it by the command,

Code: [Select]
ifconfig | grep <ip>

d)
Code: [Select]
csf -d ipaddress
- to block that ip(confirm its not server ip)

e) Also check apache status on whm

11) sites to check website speed and contents(useful when doing server tickets)
a) speed
www.alertra.com
www.tools.pingdom.com
b) contents
http://analyze.websiteoptimization.com/


12) allowing access to particular ip,

Code: [Select]
allow from <ip> 
deny from all
( for allowing access from that particular ip only, enter this on .htaccess file of owners public_html.useful when unsuspending an account by giving access to owner's ip. Owner should provide his local ip from http://www.whatismyip.com/)


13)
Code: [Select]
tracert dotflashop.com
(from windows)

Code: [Select]
traceroute dotflashop.com
(From Mac terminal)


14) when a lot of mails getting frozen for a mailid
Code: [Select]
grep "max emails" /var/log/exim_mainlog |tail
this is the proof, he is sending bulk mails


15)
Code: [Select]
netstat -plan | grep :25
   - to find the connections(mail)

if see anything like
Quote
tcp        0      0 127.0.0.1:45738             127.0.0.1:25                ESTABLISHED 547580/sshd: username
tcp        0      0 127.0.0.1:45737             127.0.0.1:25                ESTABLISHED 547580/sshd: username
ie is a spammer wih script.suspend that account....

16) apache uptime - /usr/local/apache/bin/apachectl status
17) mysql uptime  -

                  mysql(enter mysql)
                  \s
                  exit

No comments:

Post a Comment