I have a couple of servers. The first runs cPanel, and is a DNS server and a Mail Server. The second runs Plesk, and is a Web server, and a MySQL server, hosting approximately 10 sites. Also I have UptimeMonitor to test GET of every site every one minute. For the past couple of weeks, I have been getting a notification every other night that one of the sites is experiencing downtime. I am getting an incident start date/time, and an end date/time. On average the reported downtime lasts for 30 to 40 minutes, and it takes place during the early morning hours, so there is no one active at that time to notice it. If it wasn't for UptimeMonitor I would probably not have known myself either.
Anyway, I have SSH'ed in the cPanel server and have run uptime which yields an uptime of days since the last restart.
I have checked the journalctl output, and there are some records in red lettering like systemd-logind[652]: Failed to remove runtime directory /run/user/1005: Device or resource busy otherwise it is mostly white-font records on imap-login or failed password for root from [some IPv4] and then received disconnect from [said IPv4] Bye Bye, or Firewall TCP_IN Blocked and Firewall: UDP_IN Blocked ones.
I have verified that the time-zones are correctly set across both the cPanel server and UptimeRobot, so that I am not checking logs that are X hours off. But just to stay on the safe side of things I have also checked the timestamps before and after the reported timestamps according to my timezone.
I have been unable to trace any indication that the cPanel server is the culprit here.
Would you kindly advise what else I could/should check prior to ruling out this server, and steering my attention to the web server next?
Anyway, I have SSH'ed in the cPanel server and have run uptime which yields an uptime of days since the last restart.
I have checked the journalctl output, and there are some records in red lettering like systemd-logind[652]: Failed to remove runtime directory /run/user/1005: Device or resource busy otherwise it is mostly white-font records on imap-login or failed password for root from [some IPv4] and then received disconnect from [said IPv4] Bye Bye, or Firewall TCP_IN Blocked and Firewall: UDP_IN Blocked ones.
I have verified that the time-zones are correctly set across both the cPanel server and UptimeRobot, so that I am not checking logs that are X hours off. But just to stay on the safe side of things I have also checked the timestamps before and after the reported timestamps according to my timezone.
I have been unable to trace any indication that the cPanel server is the culprit here.
Would you kindly advise what else I could/should check prior to ruling out this server, and steering my attention to the web server next?
Last edited by a moderator:
