Following are some useful script you can use for finding the user that is causing the load and for finding the procees,ip which has high cpu usage.
To check number of IPs connected to port 80
# netstat -tn 2>/dev/null | grep ':80 ' | awk '{print $5}' |sed -e 's/::ffff://' | cut -f1 -d: | sort | uniq -c | sort -rn | head
To list number of connections to domains in the server
# /usr/bin/lynx -dump -width 500 http://127.0.0.1/whm-server-status | awk 'BEGIN { FS = ” ” } ; { print $12 }' | sed '/^$/d' | sort | uniq -c | sort -n
To list the Busiest Site in the server
# /usr/bin/lynx -dump -width 500 http://127.0.0.1/whm-server-status | grep GET | awk '{print $12}' | sort | uniq -c | sort -rn | head
To list the Busiest Script running on the server
# /usr/bin/lynx -dump -width 500 http://127.0.0.1/whm-server-status | grep GET | awk '{print $14}' | sort | uniq -c | sort -rn | head
To list the most running process in the server
# ps aux | awk '{print $1}' | sort | uniq -c | sort -nk1 | tail -n5
To list the total process running by the users
# ps aux | awk '{print $1}' | sort | uniq -c | sort -nk1
When we see the process in the top result with “php” or “/usr/bin/php”, we can find the directory it is working with. You can use,
# for i in `ps -ef | awk '/php/{print $2}'`; do ls -l /proc/${i}/cwd; done
We can even check this dynamically with in a particular time limit, say 5 sec. We can use it as below.
# while true; do clear; for i in `ps -ef | awk '/php/{print $2}'`;do ls -l /proc/${i}/cwd; done; sleep 5; done
