Results 1 to 5 of 5
  1. #1

    Investigating a server load spike after if has finished?

    Hey everyone,
    I just had a server load spike to almost 100%. While httpd seemed responsive, cPanel and POP3 were very slow. I managed to catch this early and SSH in and run top. A user (who was only setup this morning) owned four cpsrvd processes using about 25% CPU each.

    I suspeneded their account which brought the load back to normal, and contacted my server management team asking them to investigate what happened. The response from the team was that he had checked the maillog and seen nothing abnormal, and was monitoring to see if the problem reoccured after unsuspending.

    Does fedora linux include a processor usage log? Is there any way I can investigate what the user was doing at the time?

    Thanks.

  2. #2
    in WHM, you can check the highest cpu usage processes. There's a function called "CPU/Memory/MySQL Usage"

    That will tell you the processes.

    On the other hand, we usually find that combing through their user directories and looking at the scripts they are running is enough most times to see what they are up to.

    Yesterday for example, one of the server we manage started seeing loads of 7 to 8 constantly through the day. On a closer look, we notice that the user is running Hivemail. Disabling that user drop the load immediately.
    Like us on Facebook to qualify for discounts!
    http://www.sprintserve.net
    Offering: | Internap FCP Bandwidth! | Rebootless Kernel Updates! | Magento Optimized Hosting | Wordpress Hosting |
    Services: | Managed Multiple Cores 64bit Servers | Server Management |

  3. #3
    Thanks sprintserve. I didn't find anything noteworthy in WHM or the account's webspace. I'll put it down to a one-off but keep an eye on them.

    Thanks again.

  4. #4
    Join Date
    Nov 2001
    Posts
    551
    I don't suppose you could look at their shell history file? (ie ~badbaduser/.bash_history)

  5. #5
    Join Date
    Mar 2004
    Location
    Chicago, IL
    Posts
    384

    Re: Investigating a server load spike after if has finished?

    Originally posted by coffeecoder
    A user (who was only setup this morning) owned four cpsrvd processes using about 25% CPU each.
    cpsrvd is the cPanel server. Look in /usr/local/cpanel/logs/access_log to find out what the user was doing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •