Although the RunCloud Monitoring platform provides extensive information about your server and resources, some advanced users may feel limited by its functionality.

This post will provide step-by-step instructions for manually monitoring and troubleshooting high server usage on Linux servers.

Prerequisites:

  1. SSH access to the server
  2. Basic knowledge of Linux Bash commands

Steps for Monitoring Linux Servers via CLI

1. Check Server Load

The ‘top’ command is a powerful real-time system monitoring tool in Linux that provides a dynamic view of system processes. It displays a continuously updated list of the system’s most CPU-intensive tasks, allowing administrators to quickly identify which processes are consuming the most resources.

You can view crucial information by using the ‘top’ command, such as CPU usage, memory usage, load average, and process IDs; this information is invaluable for diagnosing performance issues and understanding overall system health.

top -c

2. Analyze Nginx Access Logs

RunCloud provides users with complete access to their server. You can connect to your server via SSH and effortlessly navigate to the Nginx logs directory, which is located at /home/[username]/logs/nginx, using the following command:

cd /home/[username]/logs/nginx

Don’t forget to replace [username] with the appropriate username (e.g., ‘runcloud’ in the provided example). In this directory, you can either view the log files directly or export them to perform more in-depth analysis or maintain backups of their server’s activity history.

3. Identify Top IP Hits

Let’s analyze one of the Nginx log files to get the IP addresses with the most hits. Run the following command to perform the following actions:

  • Read the access log
  • Filter for the current date
  • Extract IP addresses
  • Count unique occurrences
  • Sort the results numerically
cat [site_name]_access.log | grep "[current_date]" | awk '{print $1}' | sort -n | uniq -c | sort -n

Don’t forget to replace [site_name] with your site’s name (e.g., ‘yummy-blog’ in the provided example) and [current_date] with the date you’re investigating (e.g., “28/Aug/2024”).

4. Block High-Traffic IPs (if necessary)

When you identify IP addresses sending an unusually high number of requests, you can block them using WAF. As we mentioned in our firewall documentation and blog post titled “How to Unban IP Address in Fail2Ban”, users can easily manage IP bans directly from the RunCloud panel.

5. Identify Top Requested Pages

You can also use your Nginx access logs to extract and rank the most frequently requested URLs. This is useful for understanding which parts of your website are experiencing the heaviest traffic. You can use it to identify popular content, problematic pages, or potential security vulnerabilities.

Run the following command to view the most requested pages from your site:

cat [site_name]_access.log | grep "[current_date]" | awk '{print $7}' | sort -n | uniq -c | sort -n