As root, use the command netstat --inet -a. To keep a dynamic log file, use netstat --inet -a -c & > /path/to/netstat.log.
Issue the command less /path/to/netstat.log. Keep paging down as it continues to be updated. Pay attention to the columns Recv-Q and Send-Q. These should be 0, except briefly. If the Recv-Q keeps jamming up, then you might be experiending a DoS attack. On Wed, 8 Dec 2004 07:56:02 +0800, Philip Villamin <[EMAIL PROTECTED]> wrote: > Our server got unstable last night and had to be rebooted. I am interested > to know what transpired in the server before it went down. How can I check > for spamming, server overload, brute attack ? What log files can I check ? > What other records to check so we will know the cause? Your tips and advice > are deeply appreciated. -- Dong B. Calmada Board Member Philippine Linux Users Group (PLUG) Linux Registered User #317296 Blogs: http://foss.peace.net.ph/ -- Philippine Linux Users' Group (PLUG) Mailing List [EMAIL PROTECTED] (#PLUG @ irc.free.net.ph) Official Website: http://plug.linux.org.ph Searchable Archives: http://marc.free.net.ph . To leave, go to http://lists.q-linux.com/mailman/listinfo/plug . Are you a Linux newbie? To join the newbie list, go to http://lists.q-linux.com/mailman/listinfo/ph-linux-newbie
