On one of the servers I ran in 2013-14, I used Webmin to keep track of what was going on with the server, memory usage, drive space and so on. It was a bit overkill, I thought I would need it more than I really did.
The server I am trying this out on is resource limited, low RAM mostly, only 512MB. So I was concerned about too many processes weighing it down and was trimming RAM use for Apache, mySql and PHP. I wanted an easy way to look at what is going on with the server, web based, so putting the info on a dynamically created page seemed like the way to go.
Restricting Directory Access with Apache
I don’t want just anyone to have access to the status directory. Clever folks might gain too much insight from what is shown there, a potential hack risk. On the server the location /var/www/status is restricted. What I mean by this is that I have edited the Apache default file to restrict access by IP, as I am only accessing this from a few IP’s. Below is an example of the mod to the Apache default file. Obviously I want to allow from my local net, so that is 192.168.1 ranging from 0-255. In the default file you don’t have to list the entire IP if you want to cover a range. Additionally at the time, there were a few IP’s in the 74.67.XX.XX range so I opened that range up for testing access to. Basically you can add as many as you want. Another option would be to password protect the directory, but for now this is all I need.
To edit the Apache default file, make a backup copy first, then on Ubuntu at least…
sudo nano /etc/apache2/sites-available/default
Example code from Apache default file to allow certain IP’s access to a directory and deny all others
<Directory /var/www/status/> Order deny,allow Allow from 192.168.1 Allow from 74.67 Deny from all </Directory>
With this server instead of using Webmin to look at the status of the server, I made a simple file called logcreate, ran by putting it in the cron.hourly folder and chmodding it +x! It makes a status page at /var/www/status/log.txt. Also generated is /var/www/status/fulllog.txt a concatenated version of the log.txt added to on an hourly basis. I used dash instead of bash, it’s a slight improvement in memory use when called. Don’t use an extension, cron won’t run files such as logcreate.sh.
Logcreate basically it gives you a synopsis of the servers state in text form…
- Date and time stamp on top ( date )
- Tail of the syslog ( tail /var/log/syslog )
- Memory usage ( free )
- Drive space usage ( df -h )
- Processes sorted by RAM usage ( ps aux | sort -nrk 4 | head )
- Free standing copy of the process tree ( pstree )
The code for logcreate, the file to be placed in /etc/cron.hourly
#!/bin/dash # Remove old log rm /var/www/status/log.txt # Print logged outputs into new log.txt # Starting with date stamp date >> /var/www/status/log.txt echo >> /var/www/status/log.txt # Grab the tail of the syslog file tail /var/log/syslog >> /var/www/status/log.txt echo >> /var/www/status/log.txt # Log RAM usage free >> /var/www/status/log.txt echo >> /var/www/status/log.txt # Disk Usage df -h >> /var/www/status/log.txt echo >> /var/www/status/log.txt # Top memory using processes http://www.commandlinefu.com/commands/view/3/display-the-top-ten-running-processes-sorted-by-memory-usage #ps aux | sort -nk +4 | tail >> log.txt #echo 'USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND ' >> log.txt ps aux | sort -nrk 4 | head >> /var/www/status/log.txt echo >> /var/www/status/log.txt echo >> /var/www/status/log.txt # Copy log.txt into the full log that is collected from the hourly updates. cat /var/www/status/log.txt >> /var/www/status/fulllog.txt # Create a free standing copy of the process tree pstree > /var/www/status/pstree.txt
Figuring out a good command to list the running processes sorted by RAM use was something I needed some help figuring out as far as the best way to do it. The link below was where I got my info from.
Top memory using processes: http://www.commandlinefu.com/commands/view/3/display-the-top-ten-running-processes-sorted-by-memory-usage