Find the answer to your Linux question:
Results 1 to 5 of 5
Hello, I have CentOS server, its runing apache, mysql, php website, there are few ssh users. I have munin installed. My server traffic limit is 15GB per month. On graphics ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2010
    Posts
    6

    big upload traffic (how to detect)


    Hello,

    I have CentOS server, its runing apache, mysql, php website, there are few ssh users. I have munin installed. My server traffic limit is 15GB per month. On graphics I see that before few days was some big data sent/upload from my server, and it reached my traffic limit. I checked apache logs, I cant find any big response. I dont know where I can find some logs which can help me to detect who made this big load on traffic.

  2. #2
    Linux Engineer Kloschüssel's Avatar
    Join Date
    Oct 2005
    Location
    Italy
    Posts
    773
    I would try to determine when exactly the traffic was used up. Once I knew when this happened, I could check the access logs of the webserver to identify big or repeated downloads. If I couldn't find anything there, I would crawl the sshd log and see if some authorized user was logged in at the specified time. The chances are high that he did transfer data by using scp.

  3. #3
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    ^Or rsync, likely also over ssh. Pulling the entire site by rsync would probably max you out quickly.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined! jippie's Avatar
    Join Date
    May 2006
    Location
    Eindhoven, the Netherlands
    Posts
    76
    - You're not clear whether it is inbound or outbound traffic (with respect to the server). If it is inbound traffic, look for large files that weren't there before. Check timestamp and owner
    - Find the exact moment that it happened.
    - You can check who was logged in with the "last" command. Not sure if you need root privileges to see other users too.
    - If someone was logged in at that moment you can check his/her .bash_history for commands issued
    - Are you aware apache logs (or can log) the size of the transfer for each request?

  6. #5
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    ^I took "sent/upload from my server" to indicate outbound.

    Root privileges not needed to see full "last" output on CentOS 5.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •