Tracing Cause Of Server Load Spike *after* Reboot
Apr 9, 2009
I have a cpanel, centos server that had to be rebooted due to the high load spike. I was unable to ssh in nor enter whm prior to the reboot so my only option was of course to reboot the server.
Now, I'm trying to trace the cause of the spike. RTG graphs show no indication of a ddos attack.
Inside whm, CPU/Memory/MySQL Usage shows no reds nor yellow warnings either except red for gzip (backup process) at 19% CPU. I doubt this is the cause.
This is from /var/log/messages of the logs slightly before and after the reboot.
Code:
Apr 9 13:31:49 server pure-ftpd: (?@70.250.201.162) [INFO] Logout.
Apr 9 13:32:05 server pure-ftpd: (?@xxx.xxx.85.3) [INFO] New connection from xxx.xxx.85.3
Apr 9 13:32:28 server pure-ftpd: (?@xxx.xxx.85.3) [INFO] New connection from xxx.xxx.85.3 .......
View 4 Replies
ADVERTISEMENT
Mar 4, 2008
what is causing a high serer load (25-30% cpu usage average).
Using cpanel 11 / centos 5 / php 5 / mysql 5 / phpsuexec
root@server3 [/proc/8052]# ps waux | grep -c exim
28
root@server3 [/proc/8052]#
root@server3 [/proc/8052]# ps waux | grep -c exim
27
root@server3 [/proc/8052]# ps waux | grep -c mysql
3
root@server3 [/proc/8052]# ps waux | grep -c httpd
46
root@server3 [/proc/8052]# ps waux | grep -c php
3
I am having a hard time tracing who/what is causing the high load
View 8 Replies
View Related
Mar 8, 2007
What is the most effective, surest way to trace server load (centos / cpanel, shared hosting environment)? I'm aware of top and top -c but I'm looking at it and nothing shows high usage, yet whm server status shows about 12-20% cpu (dual xeon box, 4gb memory). Disk usage is 32% (10k scsi, 300GB) I've attached 4 samples of top -c
View 1 Replies
View Related
Jul 8, 2007
Just few mins ago, my site went down so I went to check up through putty, and when i put Top this is what i got:
top - 09:49:35 up 5 days, 14:41, 2 users, load average: 192.59, 109.31, 62.29
Tasks: 299 total, 3 running, 296 sleeping, 0 stopped, 0 zombie
Cpu(s): 4.0% us, 5.3% sy, 0.0% ni, 0.0% id, 88.7% wa, 0.3% hi, 1.7% si
Mem: 1009272k total, 1001268k used, 8004k free, 124k buffers
Swap: 3919840k total, 1518816k used, 2401024k free, 14676k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
14263 apache 17 0 201m 9m 3788 D 1.0 1.0 0:04.74 httpd
16772 apache 17 0 152m 13m 5340 R 1.0 1.4 0:00.82 httpd
16881 apache 16 0 155m 14m 5368 D 1.0 1.4 0:00.52 httpd
16767 apache 16 0 154m 14m 5352 D 0.7 1.4 0:00.48 httpd
16864 apache 16 0 155m 15m 5364 D 0.7 1.6 0:00.80 httpd
16874 apache 17 0 155m 14m 5416 D 0.7 1.4 0:00.60 httpd
8900 apache 17 0 200m 12m 3844 D 0.3 1.3 0:10.60 httpd
13680 apache 17 0 202m 10m 3944 D 0.3 1.0 0:06.05 httpd
14687 apache 17 0 202m 11m 4060 D 0.3 1.2 0:06.12 httpd
14838 apache 16 0 206m 16m 5624 D 0.3 1.6 0:08.19 httpd
15858 apache 17 0 152m 13m 5452 D 0.3 1.4 0:01.39 httpd
16593 apache 17 0 150m 9180 3664 D 0.3 0.9 0:00.49 httpd
16668 apache 17 0 200m 7304 3496 D 0.3 0.7 0:00.72 httpd
16703 apache 17 0 149m 7208 3192 D 0.3 0.7 0:00.61 httpd
16750 apache 17 0 151m 14m 5268 D 0.3 1.5 0:00.81 httpd
16855 apache 17 0 200m 6616 3480 D 0.3 0.7 0:00.68 httpd
16863 apache 17 0 156m 13m 5500 D 0.3 1.3 0:00.61 httpd
But after few mins, the server load went down to 5 What could've caused the huge server overload problem?
Server spec:
64 3500+
1Gb of Ram
View 9 Replies
View Related
Feb 28, 2008
I have a server that has server load showing at 25-40 (once it was even 53!), running like that for hours. The server has 4 cpus - and yet the sites on the server seem to run fine when I check them. What I'm wondering is, what exactly is load in this context; and how can load run so high like that without the server crashing?
According to top, the load is caused by httpd processes running under user 'nobody', that often take up double digit CPU percentage.
Does Apache always run under 'nobody'?
Is there any way to trace an httpd processes - which account it's for, or which physical script or URL is calling it?
And for top itself, the TIME field on one server of mine is in the format xx:xx (e.g. 3:25), on another it's TIME+ and in the format xx:xx.xx (e.g. 30:02.77). What exactly does this mean? I would asume it's minutes:seconds and minutes:seconds:hundredths, but while watching top it doesn't seem to correlate with that.
View 11 Replies
View Related
Jun 19, 2009
I have a shared server (root access) using Cpanel / Centos with suphp enabled.
Twice this week the sever's load skyrocketed and was unable to login to trace teh cause, had to reboot instead.
After reboot, I went to whm > CPU/Memory/MySQL Usage and saw nothing in red aside netstat (21% cpu). I'm not sure if this is the cause, but how can I trace the absolute user or script causing this spike?
View 3 Replies
View Related
May 3, 2009
Is there a method for tracking events prior to severe server load? I get these load spikes and am trying to track down their cause ..
OS: CentOS
View 1 Replies
View Related
Sep 28, 2008
I just moved my site from other VPS hosting into Liquid Web for around 2weeks now. I choose the VPS1 package with WHT promotion..
First impression, I do really satisfied with the VPS performance (server load average bellow 1), also the support team. All of my eMail was replied pretty fast in under 15minutes.
But, I do have one problem. Please note that I'm not complaining here.. I just want to ask other user of LW or maybe other hosting.
Almost everyday (well, I think it is).. I got a load spike on my VPS. It's always around midnight (GMT -5). Based on LW staff have informed me, it's because of the main node full backup process, which is can't be altered. The load spike make my site sometimes temporary can't be accessed, because the server load might become above 5, and the highest one is around 28.
Do WHT user has any similar issue like me? Any solution or suggestion I can take to minimize the effect of the backup process?
View 13 Replies
View Related
Feb 8, 2015
I have a problem with my plesk panel. Ever since I rebooted my server it won't load the IP:8443 page at all.
View 5 Replies
View Related
Apr 2, 2008
I have an dedicated server 2 x Xeon CPU 3.20GHz (2GB RAM), now 30 minutes ago my admin tryed to make a benchmark test on it and after a period the server was not responding ( SSH or http.. ftp ) we asked DN to reboot the server. After the reboot in Service Status page (WHM) there ware many services down and the load was ~ 45.00 (4 cpus) .. after aprox. 5 - 10 minutes the load has droped:
Server Load 2.61 (4 cpus)
is it normal to have such a higher load 45.00 (4 cpus) after an reboot ? The memory used was 32%.
View 8 Replies
View Related
Apr 4, 2008
how to auto reboot when load average =5. and send an email to me before reboot.
View 3 Replies
View Related
Mar 24, 2008
Is it normal for PHP to spike in cpu usage often? Which setting in php.ini can affect the cpu usage?
View 6 Replies
View Related
Jul 5, 2008
I was checking my netstat and I saw something like this:
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 1 192.168.30.98:40493 207.45.xxx.xx:3306 SYN_SENT 48 3130522 5339/httpd
tcp 0 1 192.168.30.98:40510 207.45.xxx.xx:3306 SYN_SENT 48 3131478 7180/httpd
tcp 0 1 192.168.30.98:40502 207.45.xxx.xx:3306 SYN_SENT 48 3130994 6732/httpd
tcp 0 0 192.168.30.98:47493 65.55.xxx.xx:80 TIME_WAIT 0 0 -
tcp 0 0 192.168.30.98:47494 65.55.xxx.xx:80 TIME_WAIT 0 0 -
tcp 0 0 192.168.30.98:47495 65.55.xxx.xx:80 TIME_WAIT 0 0 -
tcp 0 0 192.168.30.98:47496 65.55.xxx.xx:80 TIME_WAIT 0 0 -
tcp 0 0 192.168.30.98:47497 65.55.xxx.xx:80 TIME_WAIT 0 0 -
I see that there are some connections from my server to some remote mySQL server, and I am curios to know which script is running them. (192.168.30.98:40493 207.45.xxx.xx:3306 5339/httpd)
I try through lsof but it is not that it points directly to the website running this connection.
I also see some strange connections like:
Code:
tcp 0 0 192.168.30.98:47493 65.55.xxx.xx:80 TIME_WAIT 0 0
I want to know if this is some uncontroled script in my server.
View 4 Replies
View Related
Nov 24, 2007
I have a customer that uses mailman to send out newsletters. For some reason he has a few users on that list at AOL that feel they need to report them as spam instead of simply unsubscribing or deleting. I'm on the AOL feedback loop, and receive these complaints each time he sends.
AOL removes (redacts) all traces that might make it possible to simply remove the complainer, instead making me have to go in and trace the mail. Ok, privacy and all that. Fine. Unfortunately, since he has a few hundred AOL addresses on that list, it's nearly impossible (AFAIK) to figure out who it is so I can remove that user (or three).
I've searched through the mail logs using the message ID and timestamp, as well as grepping for AOL in the results. This has narrowed it down to about 120 addresses. From here I'm stuck. Can anyone recommend something else to try in order to narrow it down further? What am I missing?
Here are the headers that came with the complaint, edited for privacy.
Quote:
Return-Path: <redacted-bounces@customerdomain.com>
Received: from rly-dd06.mx.aol.com (rly-dd06.mail.aol.com [172.19.141.153]) by air-dd03.mail.aol.com (v120.9) with ESMTP id MAILINDD034-b804748865c294; Sat, 24 Nov 2007 15:15:39 -0400
Received: from neo.myserver.com (ns3.myserver.com [my.server.ip.addy]) by rly-dd06.mx.aol.com (v120.9) with ESMTP id MAILRELAYINDD062-b804748865c294; Sat, 24 Nov 2007 15:15:29 -0400
Received: from localhost ([127.0.0.1] helo=neo.myserver.com)
by neo.myserver.com with esmtp (Exim 4.68)
(envelope-from <redacted-bounces@customerdomain.com>)
id 1Iw1P8-0006og-3w; Sat, 24 Nov 2007 15:15:06 -0500
Received: from adsl-225-31-27.mia.bellsouth.net ([customer's.ip] helo=Home)
by neo.myserver.com with esmtpa (Exim 4.68)
(envelope-from <customer_email@customerdomain.com>) id 1Iw1P1-0006l0-Tc
for redacted@customerdomain.com; Sat, 24 Nov 2007 15:15:00 -0500
Message-ID: <002d01c82ed6$b4485f20$210110ac@Home>
From: <customer_email@customerdomain.com>
To: redacted@customerdomain.com
Date: Sat, 24 Nov 2007 15:15:05 -0500p
View 12 Replies
View Related
Aug 11, 2008
The company I work for is doing a promotional site that will probably involve a good chunk of progressive (as in, not quite the same as streaming) video -- basically my best guess is that everyone who views the site will likely download between 6 and 50 megabytes of video depending on how long they spend on the site, etc... I would imagine most people would be at the low end of that, maybe 12 megs, but it's hard to predict...
The tough spot is there will be TV and banner ads purchased for this promotion, and it's not entirely clear to us how good response will be. It could be 5,000 visitors in a day ... it could be 250,000 in a day... the response to various advertising campaigns our clients have done has just varied a lot...
So let's say we have 150,000 visitors downloading an average of 12.5 megs of video - that's about 2 terabytes of transfer in a month.
How much should we expect to pay for that kind of data transfer, and are there good providers that will scale with us? I don't think we mind sacrificing a few hundred bucks our first month only to find that traffic was low -- but if it's going to cost thousands to move 2-3 terabytes of data via a CDN, what are our other options? Does anyone scale well even if it's unpredictable? I realize we have to pay some sort of premium for that scalability or it's not really fair to the hosting provider.. but what price range should we be looking at?
View 13 Replies
View Related
Jan 8, 2008
I had to reboot my server and about 20 minutes later I tried to access the web site but the page was not found... I am able to login to SSH. However, I am not familiar with *nix or the workings of CPanel... What should I do to get the sites back online?
View 9 Replies
View Related
Apr 16, 2008
I'm worried a server is dead, and I haven't made any backups of the database
Server went down last night, submitted a reboot request and now the server is not responding to SSH.
It does respond to ping, so I'm assuming Linux might have booted up OK
Has anyone experience with this type of issue?
View 3 Replies
View Related
May 6, 2008
Anyone know of some good server load testers ( commercial )?
Im not looking for application based load testing, I need real web server load testing... need to see how much traffic this one site can take before it cries.
View 1 Replies
View Related
Sep 8, 2008
I ordered a leaseweb express server 4 box with windows server 2003 and have been running it, installed some software etc which worked out fine.
Anyways, I wanted to disable tcp/ip filtering which I did and afterwards it prompted me that I would have to reboot the server for the changes to take place, I clicked ok and it rebooted. Now I just can't connect with remote desktop, I tried everything.
I'm guessing it either shut down or didn't reboot properly? I tried sending an email to leaseweb support 2 days ago but still no shadow of any reply..
It says that I can reboot the server using the SSC but when I log in there, I can't really find any reboot option.
View 13 Replies
View Related
Mar 26, 2007
How can I see the logs for my server before doing reboot to see why was high load in my server?
View 2 Replies
View Related
Jul 7, 2009
I was searching google when I saw this => [url]and decided to sign up and post my issue...
I've been plagued over the past few weeks when I noticed the server keeps rebooting randomly ...
View 14 Replies
View Related
Jun 7, 2009
my datacenter says that they have not had power failures(lol yeh right) but i cant seem to figure out why my server seems to be rebooting randomly. so far its happened early 3-5am my times today and yesterday, just its happened 4x more times this morning.
im not sure if cpanel is sending me bind start failures because its not set to auto start up on reboot or if it might be related... but the server seems fine.
View 6 Replies
View Related
May 11, 2009
anyway to auto reboot server every 6 hours?
will this effect on the server?
i'm running on CentOS 5 and whm
View 12 Replies
View Related
Jun 17, 2009
i have a dedicated server at theplanet.I dont have a remote reboot option.
a friend of mine said,that all dedicated servers have remote reboot options.he says that since i dont have a remote reboot option,i am probably on a shared server.is that correct.does theplanet have shared or vps offerings in the first place ?
i cannot reboot the server,but i can log in through shell as root type in shutdown - and turn the damn thing off.....
View 6 Replies
View Related
May 25, 2008
I have Plesk 8 installed I would like to create Scheduled Task as root to reboot the server in every 8 hours.
View 7 Replies
View Related
Feb 19, 2009
problem I was having which was Windows Small Business Server 2003 would hang on boot up. I never got the time to reinstall the server until now.
I have installed the server and applied all updates. This worked fine until I install the Windows Server 2003 Service Pack 1 or 2. When I install SP1 or SP2 on reboot the server loads the Dell splash screen then the monitor LED light goes orange then green then orange and then just hangs with a blank screen.
I can boot into Safe Mode and uninstall the Service Pack and I can then reboot without any problems. I have installed ADAM SP1.
View 12 Replies
View Related
Apr 14, 2009
I have a problem with the server time, when I reboted the server, the time change 4 hours back. Only the time changed not the time zone.
To solve this, I have to sync the time from WHM and then it get the correct time.
View 14 Replies
View Related
Nov 29, 2007
at getting PDUs for the new facility where we plan to move our servers to. Our cabinet will have 2*20a circuits, so we're thinking of getting 2 APC PDUs (1 per circuit). Some offer remote reboot capability.
Our servers (Dell PowerEdge) have dual power supplies, and I assume the best thing is to plug one power supply into each circuit, so things stay up even if a circuit fails.
So, how would this work if we want to reboot? The servers can run on only one power supply, so does that mean we have to click reboot on the web interface of each PDU at exactly the same time?
I've never worked with PDUs before.. just cheap power strips and a call to the datacenter
View 10 Replies
View Related
Jul 3, 2007
Everytime i rebooted my server, my FTPd is always down and it won't start unless i restart my FTPd via WHM (CPanel server)
Sometimes, named failed too.
View 7 Replies
View Related
