To keep the server up and running, it is important to monitor the processor load and determine which processes use the most resources.
For this, use vmstat, top and htop utilities.
LA (load average) is the total indicator of server load. In the top utility, it is represented by three digits – metrics for the past 5, 10 and 15 minutes. These values are relative and depend on the number of kernels on your server. For instance, if there is one kernel on your server and LA is 1, this means that the server is fully loaded and some processes take up all available resources. This also means that other processes lack resources and the server is generally unstable. The same value 1 on the 4-kernel processor will mean that the server is loaded only by a quarter and all features work properly.
All these tools have the following characteristics:
total: all RAM;
free: actually free RAM, i.e., the volume of storage that is not in use. Linux always strives to reduce it to the minimum;
used: shows how much RAM is currently in use;
shared: storage shared by processes. Most often, it works for communication between processes, so as not to use too many kernel system calls;
cached: cached RAM (for example, a set of data that is frequently accessed by the program can be cached in RAM from the hard disk, for faster access);
buffered: buffered RAM (for example, intermediate storage of data before processing, or moving them to the disk); You can often see buffered/cached as a single entity, logically showing the area of the storage that can be freed if needed.
available: the storage that can be used without the need to access “swap” (i.e., storage that will be available if you clear all caches, etc.);
active: storage that is actively used by the process;
inactive: storage that was allocated for the processes, but is no longer used;
swapped: in the swap (on the hard drive – in the partition or in the file).
You don’t need to remember all these parameters all the time. They are needed only when there is an issue on the server, i.e., they help understand what you need to look out for to find the main reason for the overload.
In all these commands, top processes are shown, which are executed on the server at a given moment. The topmost process uses the most resources. If this is MySQL and Apache – this is a normal situation. If these processes exceed resources, check for a DDoS attack.
If you find the following among the processes:
./annizod -B
./milemined -B
./cnrig -a cryptonight
check server resources for viruses. Such processes are characteristic of miners – special virus software used to mine cryptocurrency using the resources of your machine. In such cases, we recommend stopping the webserver service and scanning the server with ai-bolit or another antivirus with similar operating principles.