Sleeping Processes
Feb 1, 2008How do I get a list of just the sleeping processes on a Red Hat server?
View 4 RepliesHow do I get a list of just the sleeping processes on a Red Hat server?
View 4 RepliesI've found I've got tons of processes "sleeping" on my server, how do I view what processes are sleeping? Is there a command I can run that lists all sleeping (only) processes?
View 4 Replies View RelatedKernel Version(uname -r):
2.6.9-42.ELsmp
 Hardware Information:
Intel C2D E6400
2GB DDRAM Memory
120GB EIDE Hard Drive
Software Version(if it is a specific peice of software causing problems)
IPB Forum Software
Control Panel(if any)
Plesk
A "ps -auxf" and/or a "top"(if possible)
Code:
[root@server ~]# ps -auxf
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.3/FAQ
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  1892  384 ?        S    19:42   0:00 init [3]                                   
root         2  0.0  0.0     0    0 ?        S    19:42   0:00 [migration/0]
root         3  0.0  0.0     0    0 ?        SN   19:42   0:00 [ksoftirqd/0]
root         4  0.0  0.0     0    0 ?        S    19:42   0:00 [migration/1]
root         5  0.0  0.0     0    0 ?        SN   19:42   0:00 [ksoftirqd/1]
root         6  0.0  0.0     0    0 ?        S<   19:42   0:00 [events/0]
root         8  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [khelper]
root         9  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [kacpid]
root        31  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [kblockd/0]
root        32  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [kblockd/1]
root        53  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [aio/0]
root        54  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [aio/1]
root      1858  0.0  0.0     0    0 ?        S<   19:43   0:00  \_ [kauditd]
root      5022  0.0  0.0     0    0 ?        S    19:52   0:00  \_ [pdflush]
root         7  0.0  0.0     0    0 ?        S<   19:42   0:00 [events/1]
root       311  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [ata/0]
root       312  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [ata/1]
root       334  0.0  0.0     0    0 ?        S<   19:42   0:00  \_ [kmirrord]
root      5021  0.0  0.0     0    0 ?        S    19:52   0:00  \_ [pdflush]
root        33  0.0  0.0     0    0 ?        S    19:42   0:00 [khubd]
root        52  0.6  0.0     0    0 ?        S    19:42   0:54 [kswapd0]
root       200  0.0  0.0     0    0 ?        S    19:42   0:00 [kseriod]
root       316  0.0  0.0     0    0 ?        S    19:42   0:00 [scsi_eh_0]
root       317  0.0  0.0     0    0 ?        S    19:42   0:00 [scsi_eh_1]
root       346  0.0  0.0     0    0 ?        S    19:42   0:01 [kjournald]
root      1427  0.0  0.0  2576  296 ?        S<s  19:43   0:00 udevd
root      1931  0.0  0.0     0    0 ?        S    19:43   0:00 [kjournald]
root      2525  0.0  0.0  3400  256 ?        Ss   19:43   0:00 cpuspeed -d -n
root      2526  0.0  0.0  3400  252 ?        S    19:43   0:00  \_ cpuspeed -d -n
root      2875  0.0  0.0  1644  460 ?        Ss   19:43   0:00 syslogd -m 0
root      2879  0.0  0.0  2544  340 ?        Ss   19:43   0:00 klogd -x
root      2889  0.0  0.0  3252  284 ?        Ss   19:43   0:00 irqbalance
rpc       2907  0.0  0.0  2136  336 ?        Ss   19:43   0:00 portmap
root      2926  0.0  0.0  2784  440 ?        Ss   19:43   0:00 rpc.statd
root      2954  0.0  0.0  5252  160 ?        Ss   19:43   0:00 rpc.idmapd
root      3021  0.0  0.0  2472  424 ?        S    19:43   0:00 /usr/sbin/smartd
root      3030  0.0  0.0  3048  312 ?        Ss   19:43   0:00 /usr/sbin/acpid
root      3039  0.0  0.0  8816  852 ?        Ss   19:43   0:00 cupsd
root      3114  0.0  0.0  4932  480 tty8     Ss+  19:43   0:00 /bin/bash
root      3252  0.0  0.0  5500  948 ?        Ss   19:43   0:00 /usr/sbin/sshd
root      4926  0.0  0.1  9852 2456 ?        Ss   19:47   0:02  \_ sshd: root@pts/0,pts/1
root      4930  0.0  0.0  4452 1400 pts/0    Ss   19:48   0:00      \_ -bash
root      5029  0.1  0.0  2812  984 pts/0    S+   19:54   0:13      |   \_ top -c
root      4968  0.0  0.0  5276 1408 pts/1    Ss   19:49   0:00      \_ -bash
root     13543  0.0  0.0  3868  820 pts/1    R+   21:57   0:00      |   \_ ps -auxf
root      5656  0.0  0.0  4520 1244 ?        Ss   20:18   0:00      \_ /usr/libexec/openssh/sftp-server
root      3265  0.0  0.0  3476  656 ?        Ss   19:43   0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root      3291  0.0  0.0  5296  580 ?        S    19:43   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd -maxproc
root      3293  0.0  0.0  4884  464 ?        S    19:43   0:00 /usr/sbin/courierlogger imapd
root      3303  0.0  0.0  3956  512 ?        S    19:43   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=imapd-ssl -max
root      3305  0.0  0.0  4168  208 ?        S    19:43   0:00 /usr/sbin/courierlogger imapd-ssl
root      3313  0.0  0.0  5300  512 ?        S    19:43   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d -maxproc
root      3315  0.0  0.0  5180  208 ?        S    19:43   0:00 /usr/sbin/courierlogger pop3d
root      3324  0.0  0.0  3524  512 ?        S    19:43   0:00 /usr/lib/courier-imap/couriertcpd -address=0 -stderrlogger=/usr/sbin/courierlogger -stderrloggername=pop3d-ssl -max
root      3326  0.0  0.0  5260  208 ?        S    19:43   0:00 /usr/sbin/courierlogger pop3d-ssl
root      3336  0.0  0.0  2604  220 ?        Ss   19:43   0:00 gpm -m /dev/input/mice -t exps2
named     3365  0.0  0.0 47804 1552 ?        Ssl  19:43   0:00 /usr/sbin/named -u named -c /etc/named.conf -u named -t /var/named/run-root
root      3431  0.0  0.0  5492  476 ?        S    19:43   0:00 /bin/sh /usr/bin/mysqld_safe --defaults-file=/etc/my.cnf --pid-file=/var/run/mysqld/mysqld.pid
mysql     3461  2.3  1.7 180312 36012 ?      Sl   19:43   3:06  \_ /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/usr --datadir=/var/lib/mysql --user=mysql --pid-file
qmails    3485  0.0  0.0  2816  408 ?        S    19:43   0:00 qmail-send
qmaill    3487  0.0  0.0  3364  392 ?        S    19:43   0:00  \_ splogger qmail
root      3488  0.0  0.0  3432  192 ?        S    19:43   0:00  \_ qmail-lspawn ./Maildir/
qmailr    3489  0.0  0.0  2340  320 ?        S    19:43   0:00  \_ qmail-rspawn
qmailq    3490  0.0  0.0  2960  264 ?        S    19:43   0:00  \_ qmail-clean
postgres  3533  0.0  0.0 19968  964 ?        S    19:44   0:00 /usr/bin/postmaster -p 5432 -D /var/lib/pgsql/data
popuser   3549  0.0  0.0 28160 1112 ?        Ss   19:44   0:00 /usr/bin/spamd --username=popuser --daemonize --nouser-config --helper-home-dir=/var/qmail --max-children 5 --creat
popuser   3550  0.0  0.0 28160  360 ?        S    19:44   0:00  \_ spamd child
popuser   3551  0.0  0.0 28160  360 ?        S    19:44   0:00  \_ spamd child
popuser   3552  0.0  0.0 28160  360 ?        S    19:44   0:00  \_ spamd child
popuser   3553  0.0  0.0 28160  360 ?        S    19:44   0:00  \_ spamd child
popuser   3554  0.0  0.0 28160  360 ?        S    19:44   0:00  \_ spamd child
root      3638  0.0  0.0 36808  836 ?        Ss   19:44   0:00 /usr/local/psa/admin/bin/httpsd
psaadm    3643  0.0  1.3 48492 27292 ?       S    19:44   0:01  \_ /usr/local/psa/admin/bin/httpsd
psaadm    4927  0.0  0.6 42516 13556 ?       S    19:48   0:00  \_ /usr/local/psa/admin/bin/httpsd
root      3899  0.0  0.0  5292  512 ?        Ss   19:44   0:00 crond
root      3917  0.0  0.0  2800  328 ?        Ss   19:44   0:00 /usr/sbin/atd
dbus      3931  0.0  0.0  3272  312 ?        Ss   19:44   0:00 dbus-daemon-1 --system
root      3953  0.0  0.0  8380 1368 ?        Ss   19:44   0:00 hald
root      4022  0.0  0.0  2284  292 tty1     Ss+  19:44   0:00 /sbin/mingetty tty1
root      4023  0.0  0.0  3188  292 tty2     Ss+  19:44   0:00 /sbin/mingetty tty2
root      4024  0.0  0.0  1724  292 tty3     Ss+  19:44   0:00 /sbin/mingetty tty3
root      4025  0.0  0.0  3012  292 tty4     Ss+  19:44   0:00 /sbin/mingetty tty4
root      4026  0.0  0.0  1924  292 tty5     Ss+  19:44   0:00 /sbin/mingetty tty5
root      4027  0.0  0.0  3276  292 tty6     Ss+  19:44   0:00 /sbin/mingetty tty6
root      5067  0.0  0.6 30840 13108 ?       Ss   20:10   0:00 httpd -k start
apache    5068  0.0  0.2 21704 4800 ?        S    20:10   0:00  \_ httpd -k start
apache    9257  1.9  1.2 46684 25732 ?       S    21:06   1:01  \_ httpd -k start
apache    9675  1.9  1.2 46492 25892 ?       S    21:11   0:54  \_ httpd -k start
apache   10137  1.5  1.2 46532 25944 ?       S    21:16   0:38  \_ httpd -k start
apache   10556  2.0  1.2 46332 25732 ?       S    21:21   0:44  \_ httpd -k start
apache   10627  1.5  1.2 46932 25980 ?       S    21:21   0:33  \_ httpd -k start
apache   10633  1.8  1.2 46640 26052 ?       S    21:21   0:39  \_ httpd -k start
apache   10727  2.0  1.2 46312 25360 ?       S    21:22   0:43  \_ httpd -k start
apache   10734  2.1  1.2 47100 26144 ?       S    21:22   0:44  \_ httpd -k start
apache   11350  1.9  1.2 46048 25444 ?       S    21:29   0:32  \_ httpd -k start
apache   11352  1.7  1.1 45764 24804 ?       S    21:29   0:28  \_ httpd -k start
apache   11625  1.8  1.2 46344 25380 ?       S    21:32   0:27  \_ httpd -k start
apache   12100  1.2  1.1 45220 24244 ?       S    21:37   0:15  \_ httpd -k start
apache   12273  1.5  1.2 46028 25428 ?       S    21:39   0:16  \_ httpd -k start
apache   12511  1.6  1.2 46444 25468 ?       S    21:42   0:15  \_ httpd -k start
apache   12816  2.1  1.1 45372 24680 ?       S    21:46   0:13  \_ httpd -k start
apache   12896  1.7  1.1 44264 23292 ?       S    21:48   0:09  \_ httpd -k start
apache   13096  1.6  1.2 46684 25704 ?       S    21:51   0:06  \_ httpd -k start
apache   13102  1.7  1.1 44272 23300 ?       S    21:51   0:06  \_ httpd -k start
apache   13320  1.2  1.0 42392 21408 ?       S    21:54   0:02  \_ httpd -k start
apache   13344  0.9  1.0 41808 20812 ?       S    21:54   0:01  \_ httpd -k start
vmstat 5 5(if possible):
Code:
[root@server ~]# vmstat 5 5
procs -----------memory---------- ---swap-- -----io---- --system-- ----cpu----
 r  b   swpd   free   buff  cache   si   so    bi    bo   in    cs us sy id wa
 0  0 346036 1017716  19312 331832   48  145    73   189  606   190 16  2 75  7
 1  0 346036 1015972  19320 331824    0    0     9    82 1189   494 34  3 63  0
 0  0 346036 1008156  19332 332072    0    0    20   134 1364   594 36  3 61  0
 1  0 346036 1009820  19340 332064    0    0     0    91 1153   300 12  1 87  0
 0  0 346036 1009844  19348 332056    0    0     1    83 1165   216 13  1 87  0
Linux Distro and Version
Linux 2.6.9-42.ELsmp
Log File(s)
Problem:
Tasks: 580 total,   1 running, 579 sleeping,   0 stopped,   0 zombie
I keep getting too many sleeping processes (300-500) - making the load shoot to 20-50 within 30 minutes.
I stop apache, and restart it in 5 minutes, everythings fine.
Cycle repeats.
Where can I stop this? By editing the httpd.conf file?
Which setting would it be under?
When I run the command -
 
uptime; free -m; mysqladmin processlist
 
- I get a list of my mysql activity.
 
There are about 10 sleeping processes for mysql on one of my accounts. 
 
Does anyone know why mysql processes might be sleeping like this?
 
For the record, there is a very quiet PHPBB forum running on the site in question.
ps x
Quote:
 7992 ?        S      0:08 [cifsd]
26898 ?        S      0:00 [cifsoplockd]
26899 ?        S      0:00 [cifsdnotifyd]
What are those processes? 
anybody here have a review or a way to trace proccess from scratch after top -c or ps -aux
how i got the exact file or user cause this process ....
I just recently switched to using fcgid with cPanel and was wondering how I can go about seeing what is actually running under each process. Before when I was running PHP as CGI I could do psauxwe|grep PID and see all the environmental variables along with the path. I'm not able to do that any longer with fcgid. Is there anyway to get this info now?
View 2 Replies View Related
rpc       1749     1  0 04:15 ?        00:00:00 rpcbind
dbus      1766     1  0 04:15 ?        00:00:00 dbus-daemon --system
root      1790     1  0 04:15 ?        00:00:00 /usr/sbin/acpid
68        1798     1  0 04:15 ?        00:00:00 hald
root      1801     1  0 04:15 ?        00:00:00 /usr/sbin/console-kit-daemon
root      1802  1798  0 04:15 ?        00:00:00 hald-runner
root      1898  1802  0 04:15 ?        00:00:00 hald-addon-input: Listening on /dev/input/event1 /dev/input/event0
68        1939  1802  0 04:15 ?        00:00:00 hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
just wondering if i really need them...
Well one of my servers has been under a DDoS attack for a while and I've been doing things to keep it down but there is a suspicious process that keeps running and I am guessing that is whats keeping the server load up because when I stop apache the load goes down but not for long.
The process is this:
Code:
  /opt/adobe/fms/fmscore -adaptor _defaultRoot_ -vhost _defaultVHost_ -app registry -inst registry -tag -conf /opt/adobe/fms/conf/Server.xml -name _defaultRoot_:_defaultVHost_:registry:registry:
Does anyone know what this process is or how to block it?
Got some processes that regularly eat up my cpu resources:
%CPU 36.0netstat -plan
%CPU 36.0 /usr/local/apache/bin/httpd -k start -DSSL
%CPU 6.2httpd [truncurl.com] [/leisha?.jpg]
Note leisha.jpg does not even exist!! 
%CPU 7.0  /usr/local/bin/python2.4 -S /usr/local/cpanel/3rdparty/mailman/cron/disabled
Something is going seriously wrong with my server, 
what can I do ? 
 
My server is frequently down because of kmemsize errors and I'm sure something is misconfigured. 
Will try to disable mailman now, pretty strange to find that in my log. 
urrent Time: Tuesday, 12-Feb-2008 04:38:22 PST
Restart Time: Tuesday, 12-Feb-2008 04:11:28 PST
Parent Server Generation: 0
Server uptime: 26 minutes 53 seconds
Total accesses: 16026 - Total Traffic: 14.8 MB
CPU Usage: u1.97 s1.55 cu0 cs0 - .218% CPU load
9.94 requests/sec - 9.4 kB/second - 971 B/request
46 requests currently being processed, 20 idle workers ....
I was wondering why are there so many Httpd processes running? 
Code:
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   4808   656 ?        Ss   Apr17   0:00 init [3]
root      5579  0.0  0.0   3660   580 ?        Ss   Apr17   0:00 syslogd -m 0
named     5596  0.0  0.0  51260  3064 ?        Ssl  Apr17   0:00 /usr/sbin/named -u named -n1 -c /etc/named.conf -u named -t /
root      5612  0.0  0.0  23000  1228 ?        Ss   Apr17   0:00 /usr/sbin/sshd
root      5620  0.0  0.0   8748   908 ?        Ss   Apr17   0:00 xinetd -stayalive -pidfile /var/run/xinetd.pid
root      5679  0.0  0.0   6432  1192 ?        S    Apr17   0:00 /bin/sh /usr/bin/mysqld_safe --defaults-file=/etc/my.cnf --pi
mysql     5713  1.2  1.0 152112 43796 ?        Sl   Apr17  28:39 /usr/libexec/mysqld --defaults-file=/etc/my.cnf --basedir=/us
qmails    5771  0.0  0.0   2612   492 ?        S    Apr17   0:00 qmail-send
qmaill    5773  0.0  0.0   2560   496 ?        S    Apr17   0:00 splogger qmail
root      5774  0.0  0.0   2600   400 ?        S    Apr17   0:00 qmail-lspawn ./Maildir/
qmailr    5776  0.0  0.0   2600   432 ?        S    Apr17   0:00 qmail-rspawn
qmailq    5777  0.0  0.0   2556   380 ?        S    Apr17   0:00 qmail-clean
root      5798  0.0  0.0   9740   944 ?        Ss   Apr17   0:00 crond
root     27839  0.0  0.4 165396 16396 ?        Ss   18:09   0:00 /usr/sbin/httpd
apache   27853  0.5  0.4 225028 19380 ?        S    18:09   0:18 /usr/sbin/httpd
apache   27855  0.5  0.4 223784 18060 ?        S    18:09   0:21 /usr/sbin/httpd
apache   27861  0.5  0.4 224336 18696 ?        S    18:10   0:19 /usr/sbin/httpd
apache   27862  0.5  0.4 223276 17408 ?        S    18:10   0:19 /usr/sbin/httpd
apache   27876  0.3  0.4 223892 18248 ?        S    18:10   0:13 /usr/sbin/httpd
apache   27877  0.5  0.4 223936 18284 ?        S    18:10   0:18 /usr/sbin/httpd
apache   27878  0.4  0.4 222672 16728 ?        S    18:10   0:15 /usr/sbin/httpd
apache   27879  0.2  0.4 224328 18588 ?        S    18:10   0:08 /usr/sbin/httpd
apache   27880  0.5  0.4 224164 18528 ?        S    18:10   0:20 /usr/sbin/httpd
apache   27915  0.2  0.4 224072 18380 ?        S    18:10   0:10 /usr/sbin/httpd
apache   27916  0.5  0.5 226436 20704 ?        S    18:10   0:18 /usr/sbin/httpd
apache   27917  0.5  0.4 223208 17236 ?        S    18:10   0:19 /usr/sbin/httpd
apache   31980  0.4  0.4 223152 17156 ?        S    18:31   0:09 /usr/sbin/httpd
apache   32121  0.3  0.5 226344 20612 ?        S    18:32   0:07 /usr/sbin/httpd
apache   32205  0.6  0.4 224272 18616 ?        S    18:33   0:13 /usr/sbin/httpd
apache    1749  0.4  0.4 224520 18896 ?        S    18:42   0:07 /usr/sbin/httpd
apache    1752  0.5  0.4 223272 17204 ?        S    18:42   0:09 /usr/sbin/httpd
apache    1759  0.6  0.4 223316 17344 ?        S    18:42   0:11 /usr/sbin/httpd
apache    1760  0.6  0.4 222940 16960 ?        S    18:42   0:10 /usr/sbin/httpd
apache    1789  0.3  0.4 223372 17392 ?        S    18:42   0:06 /usr/sbin/httpd
apache    1893  0.4  0.4 223256 17264 ?        S    18:43   0:06 /usr/sbin/httpd
root      3469  0.0  0.0  41260  3036 ?        Ss   18:47   0:00 sshd: root@pts/0
root      3478  0.0  0.0   6588  1524 pts/0    Ss   18:47   0:00 -bash
apache    5175  0.7  0.4 171244 17208 ?        S    18:52   0:07 /usr/sbin/httpd
apache    9237  0.7  0.4 223288 17236 ?        S    19:08   0:00 /usr/sbin/httpd
apache    9260  0.2  0.3 170156 15756 ?        S    19:08   0:00 /usr/sbin/httpd
apache    9454  0.7  0.3 170576 16128 ?        S    19:09   0:00 /usr/sbin/httpd
root      9558  0.0  0.0   5484   836 pts/0    R+   19:10   0:00 ps -aux
thanks!
And I just upgraded my Vps to 256mb how does the new spec compare to other 256 vps systems:
Code:
Processing UBC version 2.5 for VEID: 44763202
Wed Apr 18 19:17:27 CEST 2007       s15248973.onlinehome-server.com
 19:17:27 up 1 day, 14:39,  1 user,  load average: 0.49, 0.41, 0.30
-----------------------------------------------
****** vmguarpages and oomguarpages limits are unspecified
****** each VE privvmpages limit should be <= 0.6 * RAM (=1228 MB), probably [much] lower.
 563 MB Allocation Limit [privvmpages limit]
****** only high value processes have a chance in this range
****** having this safety range is important to permit critical processes
 512 MB Allocation Barrier [privvmpages barrier]
****** allocation requests in this range have a chance
  64 MB Allocation Guarantee [vmguarpages barrier]
****** allocation will succeed in this range
 256 MB Memory Guarantee [oomguarpages barrier]
 416 MB ( 419 MB Max) page memory allocated [privvmpages held]
 229 MB ( 231 MB Max) memory + swap used [oomguarpages held]
 229 MB ( 231 MB Max) page memory used [physpages held]
  33 MB ( 33792 KB) kernel memory limit [kmemsize limit]
****** a safety range here, between limit and barrier, is important
  30 MB ( 30720 KB) kernel memory barrier [kmemsize barrier]
  16 MB ( 16497 KB) kernel memory used [kmemsize held]
   0 MB (   910 KB) buffer memory used [*buf held]
-----------------------------------------------
 Used : Max_Used : Limit    for Other Resources
  1779    1785    8192   numfile
     6       8     413   numflock
    14      14     150   numiptent
    11      15     720   numothersock
    54      55     128   numproc
     1       1      32   numpty
     0       1     512   numsiginfo
    46      47     720   numtcpsock
-----------------------------------------------
Fail Count conditions: 1
privvmpages 106709 107460 131072 144180 870
On jaguarpc.com, their terms of service state, 
"We do not allow programs to run continually in the background. This is to minimize system resources used and operational maintenance needed. We do not allow any chat or topsite programs on our servers other than the ones we pre-install for our clients to use. IRC: We currently DO NOT allow IRC or IRC bots to be operated on our network."
I thought the whole point of using a VPS was so you could run a continuous application (like a chat/game/etc server)?  Why are so many VPS services against IRC (the chat server I use is not IRC based, but I just think its wierd so many prohibit IRC)
I'm having a problem with one user account, every 5-10 minutes a spamd process of this user gets locked using 60-90% cpu and never ends. If I don't kill the process another one does the same and they all get locked causing very high loads
I reinstalled exim but it did nothing
The problem persisted even when this user's account was suspended
I'm sure this isn't normal, but I have to ask. Is this normal :
...and if not, why on earth will it be doing this? ....
We have one centos vps, with whm 11 on it. This VPS continuously have following process running and that is eating too much of memory on the server 
 1953 root 18 0 1580 416 348 S 0 0.0 0:00.00 courierlogger 
1954 root 15 0 1688 544 464 S 0 0.0 0:00.00 couriertcpd 
1960 root 25 0 1576 336 280 S 0 0.0 0:00.00 courierlogger 
1961 root 25 0 1688 520 440 S 0 0.0 0:00.00 couriertcpd 
1969 root 18 0 1584 420 348 S 0 0.0 0:00.00 courierlogger 
1972 root 15 0 1684 540 464 S 0 0.0 0:00.00 couriertcpd 
1980 root 25 0 1576 336 280 S 0 0.0 0:00.00 courierlogger 
1981 root 25 0 1688 516 440 S 0 0.0 0:00.00 couriertcpd 
 1989 root      25   0  1580  420  348 S    0  0.0   0:00.00 courierlogger
how to disable this processes, because after killing it, it again starts.
OS: CentOS 5
Software: Apache 2 / PHP CGI 5.8 / suPHP
Today I took the leap and switched to suPHP, rather than the Apache module. This is just what suited us best for hosting our own websites, keeping them more isolated from eachother bar a certain shared directory.
All is great, apart from I'm now noticing Zombie processes all of the time. These processes do seem to go away though, if I watch top the amount of Zombie processes will go up and down between 0 and 10.
Code:
17471 gnation   15   0     0    0    0 Z    1  0.0   0:00.03 php-cgi <defunct>                                                                               
17463 gnation   16   0     0    0    0 Z    1  0.0   0:00.02 php-cgi <defunct>                                                                               
17467 gnation   16   0     0    0    0 Z    1  0.0   0:00.02 php-cgi <defunct>
Are these processes a problem, considering they do leave after a while? I've read up about Zombie processes and it would seem that as long as they are closing at some point, instead of hanging around, then that's fine. Is this supposed to happen in my setup?
how can i discover hidden processes running? Already running rkhunter, chrootkit.
[root@kenny ~]# ps auxfww
USER       PID %CPU %MEM  SIZE   RSS TTY STAT START   TIME COMMAND
Segmentation fault
[root@kenny ~]# 
This just appen when i use flag "f = --full". Some running process causing this.
I recently modified my loadavg script to store in a database the output of a top command if there's ever server loads of over 1. Overnight I've had 12 such times logged to a database.
Upon inspecting things (I was expected there is a recurring problem), the top command reveals that there are always three queries running together which take over 30 seconds each, and take up ~9% of memory each:
PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
26119 nobody    25   0 73492  38m 4792 S    0  8.5   0:30.00 httpd              
 7313 nobody    25   0 76716  42m 4992 S    0  9.5   0:29.99 httpd              
14212 nobody    19   0 70688  39m 4844 S    0  8.8   0:30.03 httpd
Is there a command that will tell me exactly what these processes are? Like in WHM's "CPU/Memory/MySQL Usage" whereby it says what account these httpd processes are coming from, and the actual page they are coming from as well?
If I could log these details (i.e. account and page these are coming from) along with the output of the top command, I can hopefully troubleshoot where this problem is coming from.
My server has been crashing quite alot lately, it does have some high traffic sites on there but it has never really been this bad before. Today i noticed these in cpanel, what are they and is there anyway I can control them?
View 13 Replies View Relatedi am facing slight problem with one of my VPSes. It had happened earlier also but had got resolved automatically.
Please see this screenshot: [url]
i know that the server load is not that great to cause this much SWAP usage. i think this is because of the processes not getting killed.
UPDATE: here is the screenshot of my other server with the same provider. which is not really overloaded but i think is facing the same problem of processes not getting killed [url]
so here is a simple question that i just can't seem to figure out.. when i run the command top or ps -auxw.. they show the httpd processes as the command httpd or /usr/sbin/httpd, but how do i know what file that is? is there anyway to find out what file that is actually getting executed or served?
View 2 Replies View RelatedIs there a way to prevent a certain service from taking up a certain amount of load on the server? 
 
Like, shouldn't there be a way I can tell gzip or exim how much server load they are allowed to take up on my server?  
 
I know it may run them slower, but it will be for the better if I could set each one to only be able to have a max load peak or something.
how to kill all mysql processes? Either all in general, or those only with sleep status, or all for a given user.
View 7 Replies View RelatedCode:
1(init)/sbin/init/init [3]����������������������������������������������������������������������������������������
2(ksoftirqd/0)/
3(events/0)/
4(khelper)/
5(kacpid)/
20(kblockd/0)/
38(pdflush)/
39(pdflush)/
41(aio/0)/
21(khubd)/
40(kswapd0)/
187(kseriod)/
301(kjournald)/
1345(udevd)/sbin/udevd/udevd�
1704(kauditd)/
1745(kmirrord)/
1975(kjournald)/
1976(kjournald)/
1977(kjournald)/
1978(kjournald)/
1979(kjournald)/
2668(syslogd)/sbin/syslogd/syslogd�-m�0�
2672(klogd)/sbin/klogd/klogd�-x�
2693(named)/usr/sbin/named/var/named/usr/sbin/named�-u�named�
2736(courierlogger)/usr/sbin/courierlogger//usr/sbin/courierlogger�-pid=/var/spool/authdaemon/pid�-facility=mail�-start�/usr/libexec/courier-authlib/authdaemond�
2737(authdaemond)/usr/libexec/courier-authlib/authdaemond//usr/libexec/courier-authlib/authdaemond�
2772(authdaemond)/usr/libexec/courier-authlib/authdaemond//usr/libexec/courier-authlib/authdaemond�
2773(authdaemond)/usr/libexec/courier-authlib/authdaemond//usr/libexec/courier-authlib/authdaemond�
2774(authdaemond)/usr/libexec/courier-authlib/authdaemond//usr/libexec/courier-authlib/authdaemond�
2775(authdaemond)/usr/libexec/courier-authlib/authdaemond//usr/libexec/courier-authlib/authdaemond�
2776(authdaemond)/usr/libexec/courier-authlib/authdaemond//usr/libexec/courier-authlib/authdaemond�
2814(smartd)/usr/sbin/smartd//usr/sbin/smartd�
2823(acpid)/usr/sbin/acpid//usr/sbin/acpid�
4454(sshd)/usr/sbin/sshd//usr/sbin/sshd�
4467(xinetd)/usr/sbin/xinetd/xinetd�-stayalive�-pidfile�/var/run/xinetd.pid�
4534(chkservd)/usr/bin/perl/chkservd
4545(courierlogger)/usr/sbin/courierlogger//usr/sbin/courierlogger�-pid=/var/run/imapd.pid�-start�-name=imapd�/usr/lib/courier-imap/libexec/couriertcpd�-address=0�-maxprocs=40�-maxperip=30�-nodnslookup�-noidentlookup�143�/usr/lib/courier-imap/sbin/imaplogin�/usr/lib/courier-imap/bin/imapd�Maildir�
4546(couriertcpd)/usr/lib/courier-imap/libexec/couriertcpd//usr/lib/courier-imap/libexec/couriertcpd�-address=0�-maxprocs=40�-maxperip=30�-nodnslookup�-noidentlookup�143�/usr/lib/courier-imap/sbin/imaplogin�/usr/lib/courier-imap/bin/imapd�Maildir�
4553(courierlogger)/usr/sbin/courierlogger//usr/sbin/courierlogger�-pid=/var/run/imapd-ssl.pid�-start�-name=imapd-ssl�/usr/lib/courier-imap/libexec/couriertcpd�-address=0�-maxprocs=40�-maxperip=30�-nodnslookup�-noidentlookup�993�/usr/lib/courier-imap/bin/couriertls�-server�-tcpd�/usr/lib/courier-imap/sbin/imaplogin�/usr/lib/courier-imap/bin/imapd�Maildir�
4554(couriertcpd)/usr/lib/courier-imap/libexec/couriertcpd//usr/lib/courier-imap/libexec/couriertcpd�-address=0�-maxprocs=40�-maxperip=30�-nodnslookup�-noidentlookup�993�/usr/lib/courier-imap/bin/couriertls�-server�-tcpd�/usr/lib/courier-imap/sbin/imaplogin�/usr/lib/courier-imap/bin/imapd�Maildir�
4559(courierlogger)/usr/sbin/courierlogger//usr/sbin/courierlogger�-pid=/var/run/pop3d.pid�-start�-name=pop3d�/usr/lib/courier-imap/libexec/couriertcpd�-address=0�-maxprocs=40�-maxperip=30�-nodnslookup�-noidentlookup�110�/usr/lib/courier-imap/sbin/pop3login�/usr/lib/courier-imap/bin/pop3d�Maildir�
4560(couriertcpd)/usr/lib/courier-imap/libexec/couriertcpd//usr/lib/courier-imap/libexec/couriertcpd�-address=0�-maxprocs=40�-maxperip=30�-nodnslookup�-noidentlookup�110�/usr/lib/courier-imap/sbin/pop3login�/usr/lib/courier-imap/bin/pop3d�Maildir�
4565(courierlogger)/usr/sbin/courierlogger//usr/sbin/courierlogger�-pid=/var/run/pop3d-ssl.pid�-start�-name=pop3d-ssl�/usr/lib/courier-imap/libexec/couriertcpd�-address=0�-maxprocs=40�-maxperip=30�-nodnslookup�-noidentlookup�995�/usr/lib/courier-imap/bin/couriertls�-server�-tcpd�/usr/lib/courier-imap/sbin/pop3login�/usr/lib/courier-imap/bin/pop3d�Maildir�
4566(couriertcpd)/usr/lib/courier-imap/libexec/couriertcpd//usr/lib/courier-imap/libexec/couriertcpd�-address=0�-maxprocs=40�-maxperip=30�-nodnslookup�-noidentlookup�995�/usr/lib/courier-imap/bin/couriertls�-server�-tcpd�/usr/lib/courier-imap/sbin/pop3login�/usr/lib/courier-imap/bin/pop3d�Maildir�
4644(clamd)/usr/sbin/clamd//usr/sbin/clamd�
4648(exim)/usr/sbin/exim/var/spool/exim/usr/sbin/exim�-bd�-oX�26�
4654(exim)/usr/sbin/exim/var/spool/exim/usr/sbin/exim�-bd�-q60m�
4658(exim)/usr/sbin/exim/var/spool/exim/usr/sbin/exim�-tls-on-connect�-bd�-oX�465�
4666(antirelayd)/usr/bin/perl/antirelayd
4752(spamd)/usr/bin/perl//usr/bin/spamd -d --allowed-ips=127.0.0.1 --pidfile=/var/run/spamd.pid --max-children=5
4762(spamd)/usr/bin/perl/spamd child
4763(spamd)/usr/bin/perl/spamd child
4826(pure-ftpd)/usr/sbin/pure-ftpd/pure-ftpd (SERVER)������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
4829(pure-authd)/usr/sbin/pure-authd//usr/sbin/pure-authd�-s�/var/run/ftpd.sock�-r�/usr/sbin/pureauth�
4856(crond)/usr/sbin/crond/var/spoolcrond�
4874(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
4877(xfs)/usr/X11R6/bin/xfs/xfs�-droppriv�-daemon�
4886(anacron)/usr/sbin/anacron/var/spool/anacronanacron�-s�
4969(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
4995(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
4998(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
5001(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
5004(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
5005(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
5034(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
5083(cphulkd.pl)/usr/bin/perl/cPhulkd - processor
5105(cpdavd)/usr/bin/perl/cpdavd - accepting connections on 2077 and 2078
5116(cpbandwd)/usr/bin/perl/cpbandwd
5117(cpanellogd)/usr/bin/perl/cpanellogd - sleeping for logs
5154(mailmanctl)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/mailmanctl�-s�start�
5155(python2.4)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/qrunner�--runner=ArchRunner:0:1�-s�
5156(python2.4)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/qrunner�--runner=BounceRunner:0:1�-s�
5157(python2.4)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/qrunner�--runner=CommandRunner:0:1�-s�
5158(python2.4)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/qrunner�--runner=IncomingRunner:0:1�-s�
5159(python2.4)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/qrunner�--runner=NewsRunner:0:1�-s�
5160(python2.4)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/qrunner�--runner=OutgoingRunner:0:1�-s�
5161(python2.4)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/qrunner�--runner=VirginRunner:0:1�-s�
5162(python2.4)/usr/local/bin/python2.4/usr/local/cpanel/3rdparty/mailman/usr/local/bin/python2.4�/usr/local/cpanel/3rdparty/mailman/bin/qrunner�--runner=RetryRunner:0:1�-s�
5172(dbus-daemon-1)/usr/bin/dbus-daemon-1/dbus-daemon-1�--system�
5183(hald)/usr/sbin/hald/hald�
5194(mingetty)/sbin/mingetty//sbin/mingetty�tty1�
5195(mingetty)/sbin/mingetty//sbin/mingetty�tty2�
5196(mingetty)/sbin/mingetty//sbin/mingetty�tty3�
5197(mingetty)/sbin/mingetty//sbin/mingetty�tty4�
5198(mingetty)/sbin/mingetty//sbin/mingetty�tty5�
5199(mingetty)/sbin/mingetty//sbin/mingetty�tty6�
5806(cpsrvd-ssl)/usr/local/cpanel/cpsrvd-ssl/usr/local/cpanel/basecpsrvd - waiting for connections
5924(authProg)/usr/local/cpanel/bin/courier-auth//etc/authlib/authProg�
5959(mysqld_safe)/bin/bash/var/lib/bin/sh�/usr/bin/mysqld_safe�--datadir=/var/lib/mysql�--pid-file=/var/lib/mysql/tiny.dnsprotect.org.pid�
5994(mysqld)/usr/sbin/mysqld/var/lib/mysql/usr/sbin/mysqld�--basedir=/�--datadir=/var/lib/mysql�--user=mysql�--pid-file=/var/lib/mysql/tiny.dnsprotect.org.pid�--skip-external-locking�--socket=/var/lib/mysql/mysql.sock�
6081(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
7291(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
7293(mono)/opt/mono/bin/mono//opt/mono/bin/mono�/opt/mono/lib/mono/1.0/mod-mono-server.exe�--filename�/tmp/mod_mono_server_global�--nonstop�--master�
7298(httpd)/usr/local/apache/bin/httpd//usr/local/apache/bin/httpd�-k�start�-DSSL�
7740(eximstats)/usr/bin/perl/eximstats
7822(authProg)/usr/local/cpanel/bin/courier-auth//etc/authlib/authProg�
8527(authProg)/usr/local/cpanel/bin/courier-auth//etc/authlib/authProg�
9234(cpsrvd-ssl)/usr/local/cpanel/cpsrvd-ssl/usr/local/cpanel/whostmgr/docrootwhostmgrd - serving 81.104.99.97
9236(whostmgr)/usr/local/cpanel/whostmgr/bin/whostmgr/usr/local/cpanel/whostmgr/docroot/usr/local/cpanel/whostmgr/bin/whostmgr�./simpleps�
9237(simpleps)/usr/bin/perl/usr/local/cpanel/whostmgr/docroot/usr/bin/perl�/scripts/simpleps�--html�
Recently server been a lil unstable... unsure why.. only recent thing i've installed is eaccelerator thingy.
and It was a lil unstable before that..
I have some problems with apache.
As you can see below, long-live httpd processes use a lot of CPU / Ram.
Usually this processes caused high LA - 8-12.
Code:
%CPU CPU  NI S     TIME COMMAND
 0.2   -   0 S 00:00:27 nginx: worker process
 0.3   -   0 S 00:00:29 nginx: worker process
 0.3   -   0 S 00:00:30 nginx: worker process
 3.3   -   0 S 00:04:09 /usr/local/apache/bin/httpd -k start -DSSL
 3.4   -   0 S 00:04:16 /usr/local/apache/bin/httpd -k start -DSSL
 3.5   -   0 S 00:05:50 /usr/local/apache/bin/httpd -k start -DSSL
 3.6   -   0 S 00:05:40 /usr/local/apache/bin/httpd -k start -DSSL
 3.6   -   0 S 00:05:16 /usr/local/apache/bin/httpd -k start -DSSL
 3.6   -   0 S 00:06:04 /usr/local/apache/bin/httpd -k start -DSSL
 3.7   -   0 S 00:06:06 /usr/local/apache/bin/httpd -k start -DSSL
 3.7   -   0 S 00:00:55 /usr/local/apache/bin/httpd -k start -DSSL
 3.7   -   0 S 00:06:10 /usr/local/apache/bin/httpd -k start -DSSL
 3.7   -   0 S 00:06:10 /usr/local/apache/bin/httpd -k start -DSSL
 3.7   -   0 S 00:06:10 /usr/local/apache/bin/httpd -k start -DSSL
 3.8   -   0 S 00:06:12 /usr/local/apache/bin/httpd -k start -DSSL
 3.8   -   0 S 00:05:40 /usr/local/apache/bin/httpd -k start -DSSL
 3.9   -   0 S 00:06:28 /usr/local/apache/bin/httpd -k start -DSSL
I've had a shared hosting account for several years and never had this problem before. Since yesterday I occasionally get 500 internal server errors on all my websites simultaneously due to a large number of processes on my account. When I log into cPanel and click on View Processes I only see 1 or 2 at a time, but support tells me that there are actually more than 25 processes and this is not allowed.
Apparently they are defunct PHP processes (zombies?) that are waiting on their 'parent' processes to clean them up and for some reason my account is accumulating a lot of these.
Support is not able to tell me which of my PHP scripts is causing this. All they can give me is something like this:
USERNAME 4541 0.0 0.0 0 0 ? ZN 18:25 0:00 [php] <defunct>
USERNAME 4828 0.0 0.0 0 0 ? ZN 18:25 0:00 [php] <defunct>
USERNAME 5114 0.0 0.0 0 0 ? ZN 18:26 0:00 [php] <defunct>
USERNAME 5265 0.0 0.0 0 0 ? ZN 18:26 0:00 [php] <defunct>
...etc
I have several websites on the account that use my own written PHP. I especially use a lot of functions related to mySQL, simplexml_load_file and reading/writing cache files. I don't know where to start looking to find the PHP that is causing these defunct processes.
To me, this sounds really strange and really unrelated, hopefully it will ring a bell in somebody-who-reads-this' mind...
After enabled suexec in my webserver (litespeed), every day at two regular times, I notice a ton of crond processes on many different users. This slows down my entire server until they go away and it must be resolved.
I have only recently noticed that it is infact crond processes causing this and I hope I have finally found the correct issue. It causes a chain reaction of events and so I have slowly had to crawl up the chain to find the root of the issue... (high iowait, high swapping, high memory, normal processes taking up more cpu%, etc. etc. ........ crond processes)
I have checked every single file in /var/spool/cron and none of the cron jobs run remotely near these times (except some that run every minute/15 minutes for example). Also, I don't understand how so many crond processes could be made at once. I will make a better rough estimate when it next happens.
What could it be causing this to happen? 
I was checking my netstat and I saw something like this: 
Proto Recv-Q Send-Q Local Address               Foreign Address             State       User       Inode      PID/Program name
tcp        0      1 192.168.30.98:40493         207.45.xxx.xx:3306          SYN_SENT    48         3130522    5339/httpd
tcp        0      1 192.168.30.98:40510         207.45.xxx.xx:3306          SYN_SENT    48         3131478    7180/httpd
tcp        0      1 192.168.30.98:40502         207.45.xxx.xx:3306          SYN_SENT    48         3130994    6732/httpd
tcp        0      0 192.168.30.98:47493         65.55.xxx.xx:80             TIME_WAIT   0          0          -
tcp        0      0 192.168.30.98:47494         65.55.xxx.xx:80             TIME_WAIT   0          0          -
tcp        0      0 192.168.30.98:47495         65.55.xxx.xx:80             TIME_WAIT   0          0          -
tcp        0      0 192.168.30.98:47496         65.55.xxx.xx:80             TIME_WAIT   0          0          -
tcp        0      0 192.168.30.98:47497         65.55.xxx.xx:80             TIME_WAIT   0          0          -
I see that there are some connections from my server to some remote mySQL server, and I am curios to know which script is running them. (192.168.30.98:40493   207.45.xxx.xx:3306 5339/httpd)
I try through lsof but it is not that it points directly to the website running this connection.
I also see some strange connections like: 
Code:
tcp        0      0 192.168.30.98:47493         65.55.xxx.xx:80             TIME_WAIT   0          0
I want to know if this is some uncontroled script in my server.
why I have long processes on these two? (time wise)
7712 named     15   0 40088  39M  1688 S     1.1  1.9  50:33   0 named
13 root      15   0     0    0     0 SW    0.1  0.0  29:35   0 kjournald
iowait goes up and down too, along with server loads load average: 2.19, 2.76, 4.31
Do you think I need to change ext3 to ext2?
If so here's my fstab, which bits do I need to change?
LABEL=/ / ext3 defaults,usrquota 1 1
LABEL=/boot /boot ext3 defaults 1 2
none /dev/pts devpts gid=5,mode=620 0 0
none /proc proc defaults 0 0
none /dev/shm tmpfs defaults 0 0
/dev/hda2 swap swap defaults 0 0
/usr/tmpDSK /tmp ext3 defaults,noauto 0 0
/tmp /var/tmp ext3 defaults,bind,noauto 0 0
Or should I troubleshoot for something else? If so how/what should I do?
WHM 11.15.0 cPanel 11.18.3-C21703
CENTOS Enterprise 4.6 i686 on standard - WHM X v3.1.0
Few days ago i upgraded cPanel, and then Apache, PHP5, eAccelerator, hadn't updated in ages.
Server worked lightning fast compared to old (PHP 4, older Apache, no eAccelerator), and seemed stable.
Few hours later, server is unresponsive, it took over a day to get the server on the status that i can even see what's happening!
Downgraded back to PHP4, removed suhosin. Still happens. Reworked all the configs, and took all resource limits so low that it survives that, PRM gives 12secs time, enough apache processes etc. Maximum clients lowered to 50 etc. you get the general feel what i did, just to see what's going on.
Now the server survives those 2200+ processes somehow and comes back responsive in some minutes. Killing all PHP processes alone does not solve the problem, but need to restart other services too. All services tend to start crashing when this happens.
Thing is, they are specific user PHP processes, ALL of them, and thus HTTP Request (suPHP), but no log entries for those, i do not see where from they originate, what PHP files are being requested, reworking individual PHP files for that account didn't help at all etc.
I cannot just suspend this account, it's an high importance account for my own needs. 
This account gets ~2½million requests a month regularly, and server can handle that.
There was one new reseller account setup for someone else the day this started happening (i upgraded to PHP5 just after accoutn creation) but i think that's unrelated.
Any ideas how to start pursuing a resolution for this? It has started happening more frequently than before, so i'm also suspecting a DDoS, ubt there should be log entries. 
Is it possible the requests come so fast that Apache just don't have the time needed to write log?
HDD is the bottleneck actually on this server (ty Leaseweb, you guys gave me the worst HDD of the size you could find and want to charge 25euros a month extra for a proper HDD of same size, 250gb!)
i've noticed a number of times in the past few weeks where the spamd process gets stuck (apache 2 server / whm) with a single user name running the process. there is no spam being sent out, no major incoming influx of mail either - the process is just stuck but consumes 100% of cpu and runs for ages before it terminates itself.
for e.g. right now my top output:
2789 <username>  25   0   99 287:44.76  1.3 79760  49m 2288 R spamd child
the 287 is the cumulative CPU time - no way it should be stuck like this.
how i can figure out what's causing this problem?