Results 1 to 10 of 10
  1. #1
    Join Date
    Dec 2011

    investigation of over load webserver

    If a hosting server going to over load
    and after 24 hours how i can investigate over load issue
    1-what are steps for investigation
    2- which logs are to study for investigation
    Please guide

  2. #2
    Join Date
    Mar 2003
    Moved > Hosting Security and Technology .
    Specially 4 You
    JoneSolutions.Com ( Jones.Solutions ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001

  3. #3
    Join Date
    Jan 2014
    Fort Lauderdale
    Can you tell us a little bit about the sever - Specs, OS, Panel, etc..
    Michael Vinocur
    Enterprise IT Solutions
    Helix Technologies LLC

  4. #4
    Join Date
    Dec 2011
    centos 6 cpanel/whm

  5. #5
    Join Date
    May 2012

  6. #6
    Join Date
    May 2013
    Better put a script that runs every minute and grab necessary data ( like Apache request pool, connection list to port 80, top result, etc ) when server load crosses the threshold. If you want suggestions for already happened issue, check /var/log/dcpumon, /var/log/messages , /usr/local/apache/logs_error_log, and the result of /usr/local/cpanel/bin/dcpumonview command.

  7. #7
    Join Date
    Nov 2013
    Dcpumon logs will get overwritten so you won't be getting much data from there unless you are checking them realtime. If you have lfd running on the server, you can track the excessive process run from /var/log/lfd.log . Also you can get load averages from sar output which reads data from these dcpumon logs. I would suggest to write a script to track the load and send you a mail when the load exceeds a threshold value set. This script should be providing output of top process, mysql queries, memory usage, netstat output etc.

  8. #8

    If you have root access to the server you can SSH to the server and
    #ps aux

    You can also check WHM > Daily Process Logs to see any users who have high CPU, memory or MySQL usage there.

  9. #9

    If it seems like a apache is causing so much load on the server then you can just
    SSH to the server then run

    killall httpd
    /etc/iniit.d/httpd restart

    It will reduce the load on the server.

    I hope it will help you.
    Last edited by my247webhosting; 01-13-2014 at 10:17 AM.

  10. #10
    most recent load-spikes I've noticed have been due to proftpd brute force attacks - we have fail2ban running frequently, but over the weekend I noticed one IP range hammering a primary shared server - the load average spiked to 84.5 - where it normally sites < 1.

    I firewalled out the chinese IP range and server load reduced within a couple of minutes. This is an ongoing thing, and honestly, I expect the data-centers to start handling some of this load, reacting to logfiles is far too reactive for us - and it will never end.

    In order to determine if you have similar issues - login as root or other super-user - tail -f /var/log/secure and tail -f /var/log/messages for a couple of minutes.

    Once you find a likely IP - check if they should be firewalled or have been firewalled before. I have a small shell script I put togehter to check my firewall setup and the fail2ban logs:

    echo 'Enter IP/CIDR: ';
    read IP
    echo "$IP|`date`" >>/root/blockfile/checkone_log.txt
    echo 'IPTABLES:'
    iptables -L -n | grep $IP
    echo 'fail2ban blockfiles:'
    grep -l "$IP" /etc/fail2ban/ip.blocklist.*

    I also have a tiny script for adding them right there and then to the iptables firewall:

    echo 'Enter IP/CIDR: ';
    read IP
    echo "/sbin/iptables -A INPUT -s $IP -j DROP ; ";
    echo 'running...'
    /sbin/iptables -A INPUT -s $IP -j DROP ;
    fail2ban is your friend on these kind of issues - a basic fail2ban installation + a repeat offender add-on:

    on top of that, you can add mod_security and use the logfiles of mod_security to up your fail2ban - but it gets dangerous.

    The thing to note with fail2ban being quite strict, is you firewall out your own valid customers who don't have their phones/tablets/pc/macs properly configured to collect email - which is fun...

Similar Threads

  1. Debugging suden load peaks on webserver
    By Prestahost in forum Hosting Security and Technology
    Replies: 3
    Last Post: 09-19-2012, 04:42 PM
  2. Huge Load on webserver ... linux or windows
    By mixmox in forum Hosting Security and Technology
    Replies: 7
    Last Post: 11-29-2010, 06:26 AM
  3. Webserver load balance, question
    By cheaptraffic in forum Dedicated Server
    Replies: 6
    Last Post: 03-31-2008, 02:01 PM
  4. webserver load test programs
    By tonkagunner in forum Dedicated Server
    Replies: 2
    Last Post: 01-09-2005, 02:41 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts