currently running:
# ps -C exim -fH ewww|awk '{for(i=1;i<=40;i++){print $i}}'|sort|uniq -c|grep PWD|sort -n
Few times ago:
# grep "cwd=" /var/log/exim_mainlog|awk '{for(i=1;i<=10;i++){print $i}}'|sort|uniq -c|grep cwd|sort -n
Tracking direct Spammers.(apache):
# netstat -plan |grep :25 | awk '{print $5}' |cut -d: -f1 |sort |uniq -c |sort -n
See the IP addresses accessing php files. This will work only in servers running php as CGI.
# ps aeuxf | grep php|awk -F'REMOTE_ADDR=' '{ print $2 }' |cut -d\ -f 1 | uniq -c | sed 's/^[ ]*//'
To get the active php processes running on the server.
# ps aeuxf | grep php | awk -F'SCRIPT_FILENAME=' '{ print $2 }' |cut -d\ -f 1 | uniq -c | sed 's/^[ ]*//'
To list the php processes and the time they have been running on the server.
# ps -eo pid,cmd,etime,args --sort:etime | grep php
