[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] What logs to look in
- Subject: Re: [cobalt-users] What logs to look in
- From: "Fathi Said" <fathi@xxxxxx>
- Date: Tue Apr 25 07:33:08 2000
- Organization: Hosting-Network, Inc.
Jarle,
> What logs to look in to find out which sites that have very high trafic? I
> do not allow Telnet to my customers and have very few running CGI scripts,
> normaly the cpu usage is below 0,5 but today it has been up to 7. ( very
> strange)
Let me try and help you through this. First, look at all the processes that
are running on your box and what their cpu usage is. Do this by runnning
the command ps -aux (this prints out all processes on a Linux box). You can
also try the top command. See what processes are dominating your cpu usage.
You can then selectively kill processes with the kill command. kill pid# is
the format. For any of these commmands I mention you can view the man pages
on them by typing man "command name". I would not indiscriminately kill a
large number of processes, but if you do, reboot afterwards to get
everything back to a steady state.
You might also want to reboot the box by doing a graceful shutdown. The box
will be back up in a few minutes and you can see if the high usage returns.
You will then know if someone is running a large process automatically.
Check your crontab file to see if someone has set up an automated task.
It's in /etc as are most all the files that control how the machine
operates. You can also look in the /var/logs directory to see recent
activity of all types on the box. Your box may have been hacked. Use the
last command to see recent logins.
Regards,
Fathi