Lets say that my web server (one of them, mutliple, w/e doesnt matter) is being "attacked", and as a result the CPU of the box is hitting 100% and staying there, or perhaps the attack is causing a seg fault in apache and crashing the instance.
What is a way to determine who is the "target" of the attack with out actually sorting through packet captures.
Does using piped logs in plesk assist or hinder finding the offending domain?
ApacheTop has been mentioned, but since each domain uses its own log file it doesnt help much unless we know the domain under attack.
Any usefull thoughts or suggestions on this problem? (yes I know buying ASL can assist) I am looking for something free and open source preferably, but pay for solutions are not ruled out if they perform and are low cost with no recurring licensing.
What is a way to determine who is the "target" of the attack with out actually sorting through packet captures.
Does using piped logs in plesk assist or hinder finding the offending domain?
ApacheTop has been mentioned, but since each domain uses its own log file it doesnt help much unless we know the domain under attack.
Any usefull thoughts or suggestions on this problem? (yes I know buying ASL can assist) I am looking for something free and open source preferably, but pay for solutions are not ruled out if they perform and are low cost with no recurring licensing.