Archive for July, 2009

Logging server load to /var/log/messages

There can be issues when the server goes offline and you can’t find any related log entries in the server. One of the issue that can cause is high load in the server. But we wont be able to conclude whether the load was the exact issue after the server reboot.

The better solution to find the load is set a cronjob to enter the load in the server to /var/log/messages for a particular amount of time. A sample cron is shown below which will log the server load every 10 minutes to /var/log/messages.

*/10 * * * * uptime | logger -t “SERVER LOAD”

Now you will be able to get the load from /var/log/messages


Difference in du and df results

Difference in du and df results

We normally see issues where the “du” and “df” outputs different disk space usage.

A common scenario is filling up of /var partition due to log files.

We usually clear the logs and the “du” outputs the expected result whereas “df” still shows the earlier reading.

This is due to the fact that, some user processes keeps the deleted files open. “du” doesn’t show that since the file (if it is removed), or the file contents (if it is cleared) is not there in the current working directory.

“df” will continue to display the previous disk space, until the space is de-allocated. To de-allocate this space either the file descriptor of the file should close or the process should exit.

Therefore you can try restarting the daemons used by these files or reboot the server.

How can I check to see if DNS is working?

Dont use “ping” to test DNS. Use tools called “nslookup” and “dig”.

Check to see whether or not your registrar is pointing your domain to the correct nameservers. The “whois” information is often wrong, and should not be used. Go to a command prompt/console and enter the command:

nslookup -type=NS

If the response does not contain all of the correct name servers, then you should contact your registrar and have them fix it.

Check to see whether a particular server is responding, you can add the server name:


If the response has a bunch of ‘root-servers’ that means the server does not know about the domain name and is referring you elsewhere.

To look for a certain record type, like the “MX” record or the “SOA” record, you can use the parameter “-type=MX” or “-type=SOA”.

nslookup -type=MX

see all tcp sockets currently open

In order to see all TCP sockets currently open, run (as root).

# lsof -i TCP

If all of the sockets in question on your webserver port (port 80), you should be able to list only those with

# lsof -i TCP:80

lsof is another tool for locating open files. lsof (no options) will list all files opened by any processes currently running. To restrict this to processes owned by username, use

lsof -u username.

Booting into Emergency Mode

Booting into Emergency Mode

In emergency mode, you are booted into the most minimal environment possible. The root file system is mounted read-only and almost nothing is set up. The main advantage of emergency mode over single-user mode is that the init files are not loaded. If init is corrupted or not working, you can still mount file systems to recover data that could be lost during a re-installation.
To boot into emergency mode, use the same method for single-user mode,

“Booting into Single-User Mode” with one exception, replace the keyword single with the keyword emergency.

« Prev - Next »