Investigating a server load spike after if has finished?
I just had a server load spike to almost 100%. While httpd seemed responsive, cPanel and POP3 were very slow. I managed to catch this early and SSH in and run top. A user (who was only setup this morning) owned four cpsrvd processes using about 25% CPU each.
I suspeneded their account which brought the load back to normal, and contacted my server management team asking them to investigate what happened. The response from the team was that he had checked the maillog and seen nothing abnormal, and was monitoring to see if the problem reoccured after unsuspending.
Does fedora linux include a processor usage log? Is there any way I can investigate what the user was doing at the time?
in WHM, you can check the highest cpu usage processes. There's a function called "CPU/Memory/MySQL Usage"
That will tell you the processes.
On the other hand, we usually find that combing through their user directories and looking at the scripts they are running is enough most times to see what they are up to.
Yesterday for example, one of the server we manage started seeing loads of 7 to 8 constantly through the day. On a closer look, we notice that the user is running Hivemail. Disabling that user drop the load immediately.