understanding netstat, and where to fnd detailed bandwidth usage
my server is currently experiencing high bandwidth usage causing higher loads, so.....
where can i find what exactly is using all the bandwidth? techs looked at the logs and pointed out some ip's using like 300mb in one day but that doesn't account for the usage which is in the dozens of gbs per day
it has spiked from below 1gb a day to 10gb+ a day
is there anywhere else other than the logs to look?
just looking at netstat and could someone give me an idea of what
imply? i ofcourse assume established means a connection has been established, but in what way? does that mean someone is logged into the server or could it just be a friend logged into his ftp account on the server? i noticed my useragent and quite rightly had ssh established next to it, as i was connected with putty.
and what about send-q, i noticed some had a really high value for this?
In general, the http server (apache normally) is run by the user nobody in order to provide some security versus running it as root, this is normal and nothing to be alarmed about. Also, you generally have one httpd process for each person currently looking at your site (or any site on that server served by apache). Hope that helps a little.