{"id":286,"date":"2012-06-18T14:14:49","date_gmt":"2012-06-18T06:14:49","guid":{"rendered":"http:\/\/rmohan.com\/?p=286"},"modified":"2012-06-18T14:16:11","modified_gmt":"2012-06-18T06:16:11","slug":"commands-to-monitor-servers-centos-and-redhat","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=286","title":{"rendered":"Commands to Monitor Servers  (CENTOS AND REDHAT)"},"content":{"rendered":"<p>Commands to Monitor Servers  (CENTOS AND REDHAT) <\/p>\n<p>These commands are mainly for rpm based linux servers like CentOS etc.. <\/p>\n<p>May be some commands works in ubuntu servers etc&#8230;<\/p>\n<p>Command to find out total established connections, closing connection, TIME_WAIT and much more.<\/p>\n<p>    netstat -nat | awk &#8216;{print $6}&#8217; | sort | uniq -c | sort -n<\/p>\n<p>Sample Output:<\/p>\n<p>1 established<br \/>\n1 Foreign<br \/>\n5 LISTEN<br \/>\n16 TIME_WAIT<br \/>\n19 ESTABLISHED<\/p>\n<p>ig out more information about a specific ip address<\/p>\n<p>    netstat -nat |grep {IP-address} | awk &#8216;{print $6}&#8217; | sort | uniq -c | sort -n<\/p>\n<p>2 LISTEN<br \/>\n4 FIN_WAIT1<br \/>\n4 ESTABLISHED<br \/>\n7 TIME_WAIT<\/p>\n<p>To print list of all unique IP address connected to server, enter:<\/p>\n<p>    netstat -nat | awk &#8216;{ print $5}&#8217; | cut -d: -f1 | sed -e &#8216;\/^$\/d&#8217; | uniq<\/p>\n<p>To print total of all unique IP address, enter:<\/p>\n<p>    netstat -nat | awk &#8216;{ print $5}&#8217; | cut -d: -f1 | sed -e &#8216;\/^$\/d&#8217; | uniq | wc -l<\/p>\n<p><strong><br \/>\nIf Box is Under DoS Attack or Not<\/strong><\/p>\n<p>If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:<\/p>\n<p>    netstat -atun | awk &#8216;{print $5}&#8217; | cut -d: -f1 | sed -e &#8216;\/^$\/d&#8217; |sort | uniq -c | sort -n<\/p>\n<p>ommand to list the connections to port 80:<\/p>\n<p>    netstat -alntp | grep :80<\/p>\n<p>To check the number of connections to port 80:<\/p>\n<p>    netstat -alntp | grep :80 | wc -l<\/p>\n<p>Command To Find Out Top 10 CPU Consuming Process<\/p>\n<p>    ps -auxf | sort -nr -k 3 | head -10<\/p>\n<p>Command To Find Out The Top 10 Memory Consuming Process<\/p>\n<p>    ps -auxf | sort -nr -k 4 | head -10<\/p>\n<p>An useful command to list connections to a particular port with its proccess id.<\/p>\n<p>For eg: Port 8080<\/p>\n<p>    lsof -w -n -i tcp:8080<\/p>\n<p>Linux Screen Command<\/p>\n<p>Steps<\/p>\n<p>&#8211; Create a screen using the command<\/p>\n<p>    screen -S geopc<\/p>\n<p>&#8211; Close the shell without logout<\/p>\n<p>&#8211; Open a new shell and type<\/p>\n<p>    screen -ls<\/p>\n<p>Sample Output:<\/p>\n<p>There are screens on:<br \/>\n16921.joemon (Dead ???)<br \/>\n3981.name (Attached)<br \/>\n5002.geopc (Attached)<br \/>\nRemove dead screens with &#8216;screen -wipe&#8217;.<br \/>\n3 Sockets in \/tmp\/screens\/S-root.<\/p>\n<p>&#8211; You can login to that screen using the command screen -r &#8216;screen name&#8217;<\/p>\n<p>    screen -r 5002.geopc<\/p>\n<p>To attach a scree that is already attached with the following command:<\/p>\n<p>    screen -x -R<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Commands to Monitor Servers (CENTOS AND REDHAT) <\/p>\n<p>These commands are mainly for rpm based linux servers like CentOS etc.. <\/p>\n<p>May be some commands works in ubuntu servers etc&#8230;<\/p>\n<p>Command to find out total established connections, closing connection, TIME_WAIT and much more.<\/p>\n<p> netstat -nat | awk &#8216;{print $6}&#8217; | sort | uniq -c [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/286"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=286"}],"version-history":[{"count":3,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/286\/revisions"}],"predecessor-version":[{"id":288,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/286\/revisions\/288"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=286"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=286"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=286"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}