Solved

how to check virtual server logs over ssh

Posted on 2013-11-14
13
501 Views
Last Modified: 2013-11-19
Hi. i have a virtual server that jumps up to 100% CPU for a day or 2 then goes back down to 5% at for the rest of the time.

i have been told that i can look at the message logs using ssh and i it will have some info on what is using the CPU.

I know how to log in to the virtual server with root access and cd into folders but where are the message logs stored and how do i download them when i find them?

i don't regard myself as a pro when it comes to ssh / command line please help! thanks.

server is running plesk version 9.5 (much out of date version)
centOS
0
Comment
Question by:helpchrisplz
  • 5
  • 4
  • 2
  • +2
13 Comments
 
LVL 2

Expert Comment

by:goubun
ID: 39649976
The file that have system logs is /var/log/messages you can see this with:

vi /var/log/messages or using WinSCP with the ssh credentials to download the file to your computer
0
 
LVL 14

Expert Comment

by:jb1dev
ID: 39649977
On RedHat based distros (like centos) you can typically find logs in /var/log

Without more information on what exact logs you are looking for, I can't be more specific.
0
 
LVL 1

Assisted Solution

by:wimiles
wimiles earned 166 total points
ID: 39650416
Hello,

If you have been running Plesk for a while, and have your stats turned on (Webalyzer or AWstats) then that is probably your culprit.  When your server is running at 100% CPU usage, try to SSH into it, and run the following command:

 top -c

This will list the processes that are using the most CPU on your server.  (q will quit out)

Once you have this information, I would suggest proceeding from there.  Once you know the process that is using your server so much, it will be easier to resolve the problem.
0
 
LVL 61

Expert Comment

by:gheist
ID: 39650576
You need to install and enable psacct, then try to use lastcomm to detect what happens)
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 39650664
@goubun:
i just get a load or dashes in putty when i do:

 vi /ver/log/messages

~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
"/ver/log/messages" [New DIRECTORY]

and i think i was writing to the file? didnt know how to exit out of this so closed putty and logged in again.

@wimiles
if i use:
 top -c i can see the cpu usage for mysql apache and all the rest are called root. just not sure what i can do to fix the problem if i find that its apache thats using all the CPU. it doesn't tell me why. server isnt at 100% right now so waiting for this moment to happen.

so looking back at the logs method of doing things:

if i cd in to /var/log this is what i see.
 
[root@server***-***-**-*** ~]# cd /var/log
[root@server***-***-**-*** log]# pwd
/var/log
[root@server***-***-**-*** log]# ls
anaconda.log     cron       maillog.3     rkhunter.log.old  spooler.1
anaconda.syslog  cron.1     maillog.4     rpmpkgs           spooler.2
atmail           cron.2     mailman       rpmpkgs.1         spooler.3
audit            cron.3     messages      rpmpkgs.2         spooler.4
boot.log         cron.4     messages.1    rpmpkgs.3         sso
boot.log.1       dmesg      messages.2    rpmpkgs.4         sw-cp-server
boot.log.2       faillog    messages.3    sa                tallylog
boot.log.3       httpd      messages.4    samba             tomcat5
boot.log.4       kav        mysqld.log    secure            wtmp
brcm-iscsi.log   lastlog    pm            secure.1          wtmp.1
btmp             mail       ppp           secure.2          yum.log
btmp.1           maillog    prelink       secure.3          yum.log.1
conman           maillog.1  psa-horde     secure.4          yum.log.2
conman.old       maillog.2  rkhunter.log  spooler
[root@server***-***-**-*** log]#


@gheist
am not sure what  psacct is or how to even start using lastcomm.
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 39650672
what log is best to download and how can i download it using putty?
0
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

 
LVL 61

Expert Comment

by:gheist
ID: 39650936
You have pscp in same directory
pscp user@server:/var/log/* c:\logs\
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 39650943
sorry for being a noob. I have used the following command in putty but dont see any thing in my computers c:\logs\ folder


[root@server***-***-**-*** log]# pscp user@server:/var/log/* c:\logs\
>
[root@server***-***-**-*** log]#

what am i doing wrong? thanks.

done this  also

[root@server***-***-**-*** log]# pscp root@server***-***-**-***:/var/log/* c:\logs\
>

but no joy
0
 
LVL 61

Assisted Solution

by:gheist
gheist earned 167 total points
ID: 39651143
Add -r parameter and remove * wildcard
0
 
LVL 1

Author Comment

by:helpchrisplz
ID: 39651170
so that would be:

pscp -r root@server***-***-**-***:/var/log/ c:\logs\

this correct?
0
 
LVL 61

Expert Comment

by:gheist
ID: 39651854
idont know i dont use windows 95
0
 
LVL 2

Accepted Solution

by:
goubun earned 167 total points
ID: 39652397
You run vi /ver/log/messages and it is : vi /var/log/messages
0
 
LVL 1

Author Closing Comment

by:helpchrisplz
ID: 39660561
ty
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Oracle 12c patching 1 61
Xymon customize http timeout 2 65
Virtualizing very old guest OS 4 80
How to find Linux Server's last patch date 9 37
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Fine Tune your automatic Updates for Ubuntu / Debian
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now