How can I figure out which site on my server is getting swamped with traffic?

Solution 1:

Make sure you have mod_status.so loaded within your apache modules then look for/add the above to your httpd.conf:

# Uncomment the following lines to enable mod_status support:
#
ExtendedStatus On

<Location /server-status>
SetHandler server-status

Order Deny,Allow
Deny from all
Allow from YOUR_IP_HERE
</Location>

This will allow you to see all the pages being used load domain within your http server.

To access it use http://your_ip/server-status and only the ip defined at Allow from YOUR_IP_HERE will be able to view it.

Aside from that, like recommended i would use netstat, the server logs and mod_backdoor (serves to get information from an apache that's too sick to respond normally).

Taken from the mod_backdoor.txt

To compile/install mod_backdoor, perform the following operations:

# apxs -c mod_backdoor.c
# apxs -i mod_backdoor.la

To enable mod_backdoor, add something like the following to your conf file:

loadmodule backdoor_module modules/mod_backdoor.so
<IfModule mod_backdoor.c>
    BackdoorAddress 127.0.0.1:65535
</IfModule>

Although the controls below are redundant with the BackdoorAddress shown above, it may be useful as an example. You could specify 0.0.0.0:port for BackdoorAddress then use mod_access directives to control which clients can use the back door.

<VirtualHost 127.0.0.1:65535>
    <location />
        order deny,allow
        allow from 127.0.0.1
        deny from all
    </location>
</VirtualHost>

Solution 2:

I've had some good results with wtop / logrep in the past for a box with a single site on it. I don't see any reason why it wouldn't scale to multiple sites, and has support for a url field that could be filtered on.