Basic load commands to check server load

1) Top  check for the server load and watch for process

2) free –m
it will display the memory status

3)if  a perticular user is causing a high server laod then use "ps U username": it will display the process that are running by the user .

4) Then you can take action against that user.

4) netstat -an |grep :80 |wc -l :

Show how many active connections there are to apache (httpd runs on port 80)

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort –n

it will display the no of connections form a certain ip

6)if there is MYSQL taking cpu usage then check for mysql status

mysqladmin -u root processlist
check for the databases and suspend that user if any database is using high resources.

7)check /tmp if there is any process taking high resources : chown to root for that process and chmod 000 also if .sh process is running then


chown it to root:root

8)if exim is taking high resources then check for exim logs : use this command :

replace :blackhole: : fail: -- /etc/valiases/*

Exim Commands

exim –bpcshows the total no of email in qmail

eximstats -nr -ne /var/log/exim_mainlog
Total mail server report

pidof exim
shows no of exim pids running

exim -bpr | grep frozen | wc -l
Shows no of frozen emails

exiqgrep -z -i | xargs exim -Mrm
it deletes the FROZEN mails from the server

tail -f /var/log/exim_mainlog | grep public_html
check for spamming if anybody is using php script for sending mail through public_html

tail -f /var/log/exim_mainlog | grep /tmp
Used for checking for who is spamming through the /tmp

tail -3000 /var/log/exim_mainlog |grep 'rejected RCPT' |awk '{print$4}'|awk -F\[ '{print $2} '|awk -F\] '{print $1} '|sort | uniq -c | sort -k 1 -nr | head -n 5

It will display the IP and no of tries done bu the IP to send mail but rejected by the server.

netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

shows the  connections from a certain ip to the   SMTP server

Catching spammer

exim -bp | exiqsumm | more
exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" | sort | uniq -c | sort -n

That will show you the maximum no of email currently in the mail queue have from or to the email address in the mail queue with exact figure.

exim -bpr | grep "<*@*>" | awk '{print $4}'|grep -v "<>" |awk -F "@" '{ print $2}' | sort | uniq -c | sort -n

That will show you the maximum no of email currently in the mail queue have for the domain or from the domain with number.

Check if any php script is causing the mass mailing with

cd /var/spool/exim/input
egrep "X-PHP-Script" * -R

Just cat the ID that you get and you will be able to check which script is here causing problem for you.

MySql Commands

To check mysql proceess

mysqladmin -u root processlist

Or

watch mysqladmin proc

To Check MySql version

mysqladmin version

You can check if any backup is going on with the below commands

You can check if any backup is going on with the below commands:

# ps aux | grep pkg
# ps aux | grep gzip
# ps aux | grep backup

Netstat Commands

netstat -nap | grep :110 | awk '{print $5}' | cut -d":" -f1 | sort | uniq -c | sort -nr | head

netstat -nap | grep :25 | awk '{print $5}' | cut -d":" -f1 | sort | uniq -c | sort -nr | head

netstat -n | grep :80 | wc -l;uptime ; netstat -n | wc -l

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

netstat -nap | grep :80 | awk '{print $5}' | cut -d":" -f1 | sort | uniq -c | sort -nr | head

How To check zombie processes

How To check zombie processes:

# ps aux | awk '{ print $8 " " $2 }' | grep -w Z
Output:
Z 4104
Z 5320
Z 2945

How do I kill zombie process?

You cannot kill zombies, as they are already dead. But if you have too many zombies then kill parent process or restart service.
You can kill zombie process using PID obtained from any one of the above command. For example kill zombie proces having PID 4104:

# kill -9 4104