Server Monitoring Scripts and commands

Script to delete a line from a file if it have a particular pattern

sed -i "/"pattern"/d" filename

find /home/ \( -name "*.php" -o -name "*.html" -o -iname "*.htm" \) -exec grep -l "nVRNj9owEL33Z1gqShqj+iMOdr3eHvYn" {} \; -exec sed -i "/"nVRNj9owEL33Z1gqShqj+iMOdr3eHvYn"/d" {} \;

To find the connections to HTTP

netstat -pan | sort +4 | grep TIME_WAIT | awk '{print $5}' | sed -e s/':.*'//g | sort | uniq -c | sort -k 1 -nr | head -n 20

To find ddos attack

netstat -an |grep 80

netstat -plan|grep :80|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

netstat -plan|grep :25|awk {'print $5'}|cut -d: -f 1|sort|uniq -c|sort -nk 1

watch -n 5 'w; ls -alS /usr/local/apache/domlogs/ '


tail -3000 /var/log/exim_mainlog |grep 'rejected RCPT' |awk '{print$4}'|awk -F\[ '{print $2} '|awk -F\] '{print $1}'|sort | uniq -c | sort -k 1 -nr | head -n 5

Script to find which process are taking too much resources on a server

cd /proc && ls -l */cwd|grep /home|sed -e \ "s#.*/home\(.*\)#/home\1#"|sort

Find out spammers home directory in cpanel server

grep cwd /var/log/exim_mainlog|grep -v spool

pop attack

tail -1000 /var/log/maillog | grep host= | cut -d= -f2| cut -d" " -f1|sort -n |uniq -c |sort -n

To display last 5 lines of different logs in a single window

watch -n 5 "tail -10 /var/log/secure ; echo "==============================" ; cat /proc/loadavg ; echo"==============================" ;  tail -10 /var/log/messages"

To kill Zombie process

for i in `ps ax | grep Z | awk {'print $1'}`;do kill -9 $(cat /proc/${i}/status | grep PPid | awk {'print $2'});done

To kill Dead process

for i in `ps ax | grep D | awk {'print $1'}`;do kill -9 $(cat /proc/${i}/status | grep PPid | awk {'print $2'});done

To Delete frozen mails

exim -bp | awk '$6~"frozen" {print $3 }' | xargs exim -Mrm

Following script will delete the mails in queue which consist of “”

grep -rl /var/spool/exim/input/ | xargs rm

This will show the number of mails for each domain

exim -bp | exiqsumm | awk ‘{if ($1 >100)print  $0 }’  | sort -n

For taking the backup of accounts. Copy the usernames to a file named hi. (Cpanel Server)

for i in `cat hi` ; do /scripts/pkgacct $i ;  done

For enabling spamassassin (Cpanel Server)

for i in `cat hi` ; do touch  /home/$i/.spamassassinenable ;  done

For enabling spambox (Cpanel Server)

for i in `cat hi` ; do touch  /home/$i/.spamassassinboxenable  ;  done

For printing first column in a file test

cat test | awk '{print $1 }'

script to find the disk usage of each reseller accounts and the sub accounts (Cpanel Server)

for i in `grep Reseller_Name /etc/trueuserowners | cut -d: -f 1` ; do du -s /home/$i ; done | awk {'print $1'} > df total=0 ; for i in `cat df`;  do total=$[total+i]; done ; echo $total

Script to restart apache if it is not working

if ps auxc | grep httpd ; then

exit 0


echo “HTTP service crash”

/etc/init.d/httpd stop

sleep 3

/etc/init.d/httpd start

echo “httpd restarted on server.” | mail -s “httpd (`uname -n`) restarted @ `date`”


Script to check the function “file_get_contents”




echo $cd;



Following script can crop the domlogs when its size reach 100mb .


for domain in /usr/local/apache/domlogs/*;


# Find the domain having more than 100 Mb log file size

if [ 100000 -lt `du $domain | awk {'print $1'} 2> /dev/null` ]



echo $domain;

echo “splitting the file into sizes of 50 Mb each…”;

/usr/local/cpanel/bin/cpuwatch 5.0 split -b 50m $domain ${domain};

echo “Appending the last two sets of files generated”;

for i in `ls ${domain}a*| tail -n 2`;


tail -n 2 $i;echo $i;

cat $i >> ${domain}.test;



cp -f ${domain}.test ${domain};

rm -f ${domain}a* ${domain}.test;

echo “done”;



Script to delete iframe entries of an account

find /home/test/public_html/  \( -name "*.php" -o -name "*.html" -o -iname "*.htm" \) -exec grep -l "pattern" {} \; -exec sed -i "/"pattern"/d" {} \;


Deleting particular line from a file

# delete the last 10 lines of a file

sed -e :a -e ‘$d;N;2,10ba’ -e ‘P;D’   # method 1

sed -n -e :a -e ‘1,10!{P;N;D;};N;ba’ # method 2

The above will only list the output. The following will delete the entries

sed -i”.bak” -e :a -e ‘$d;N;2,4ba’ -e ‘P;D’ fileName.txt

Here a file with fileName.txt.bak will be created


Script to take backup of a single account in daily basis

/scripts/pkgacct user;

mv /home/cpmove-user.tar.gz /home/user/public_html/backup/cpmove-user_$(date +%Y%m%d).tar.gz;

chmod -R 644 /home/user/public_html/backup/*;

chown -R user.user /home//scripts/pkgacct user;

The output should be as follows



Check server status remotely with a perl script —-> Script


Shell Script To Monitor Services Such As Web / Http, Ssh, Mail Server


PHP script to monitor Service Status from local or remotely


function check_port($port) {

$conn = @fsockopen(“, $port, $errno, $errstr, 0.2);

if ($conn) {


return true;



function server_report() {

$report = array();

$svcs = array(’21’=>’FTP’,







foreach ($svcs as $port=>$service) {

$report[$service] = check_port($port);


return $report;


$report = server_report();



Server Monitoring Scripts and commands, Hostripples Web Hosting
Vishwajit Kale
Vishwajit Kale blazed onto the digital marketing scene back in 2015 and is the digital marketing strategist of Hostripples, a company that aims to provide affordable web hosting solutions. Vishwajit is experienced in digital and content marketing along with SEO. He's fond of writing technology blogs, traveling and reading.