Bandwidth Mystery

Nathan Lyle

• March 03, 2019 13:36

Hello! Is there some way of getting more detail in the cpanel Bandwidth tool to see exactly what the HTTP traffic breaks down into? I'm having trouble where small WordPress sites on my server are exceeding their limit, and I'm unable to track down why. (I've optimized them six ways from Sunday without making a difference.) They don't have large files, there doesn't appear to be high bot issues, etc., and there's a discrepancy between Awstats and the Bandwidth tools. My hardware provider says I should use the Bandwidth tool (as opposed to Awstats) and I'm assuming that's what's used by WHM to limit accounts? I see that it reports much higher numbers there than in Awstats. I've been trying to find answers online and have been going in circles. Any help would be very much appreciated. :-)

• 

  cPanelLauren

  • March 05, 2019 17:24

  Hi @Nathan Lyle While you can click on the graph in the Bandwidth page to look further into the usage if you need information on the actual traffic that was hitting the sites you can check the domlogs. The graph should be able to pinpoint down to a time frame during the day, then you can check the raw access logs at cPanel>>Metrics>>Raw Access Thanks!

  0
• 

  Nathan Lyle

  • June 18, 2019 02:51

  The raw access just shows an address and date... is there something that shows the actual measurement of bandwidth used? I have a number of sites that show much different numbers in Awstats, and are smaller sites that shouldn't be using what the bandwidth tool is saying they're using. I've yet to find a good way of tracking down the actual issue.

  0
• 

  cPanelLauren

  • June 18, 2019 18:40

  This may be useful for you: Apparent Discrepancies in Bandwidth Usage Statistics - Version 80 Documentation - cPanel Documentation

  0
• 

  Nathan Lyle

  • June 18, 2019 18:53

  Sorry, but it doesn't help - I've run across that page before. My problem is that the tool that's showing the most use and is used to measure when a plan exceeds it's set limits, doesn't really show how and why that happens. The closest I can get is a list of URLs and dates, but what I need to find out is whether or not there's a "bad actor" from a particular IP address or a particular file or set of files that's getting hammered, or something along those lines. Because the statistics I see in generic don't make sense based on the website in question - it's too small and has too few actual visits. Ideally the bandwidth tool would show more than just percentage by protocol, but would show a breakdown similar to what Awstats shows, to allow for tracking down the aggressive bandwidth requests.

  0
• 

  cPanelLauren

  • June 18, 2019 20:04

  The raw access logs won't give you that data but awastats gets its data for that from the domain.tld-bytes_log. The bandwidth tool uses that as well as mail and FTP related logs to populate the bandwidth for HTTP, FTP, IMAP POP3 and SMTP Any of the metrics tools will give you the most frequently visiting IP's and the amount of bandwidth they're consuming. The bytes per request is noted in the RAW access log as well, for example: 54.36.X.X - - [18/Jun/2019:09:22:45 -0500] "GET /robots.txt HTTP/1.1" 301 248 "-" "Mozilla/5.0 (compatible; AhrefsBot/6.1; +http://ahrefs.com/robot/)"
  

  IP Address	Date/Time	Request Type/URL	HTTP Response Code	Bytes	Referring URL	User-Agent
  54.36.X.X	[18/Jun/2019:09:22:45 -0500]	"GET /robots.txt HTTP/1.1"	301	248	"-"	"Mozilla/5.0 (compatible; AhrefsBot/6.1; +AhrefsBot. Learn About the Ahrefs' Web Crawler)"

  This is broken down in Visitors (within metrics) as well. You should be able to correlate a high number of bytes to the usage - screenshots of the discrepancy may help me give you some answers as well.

  0

Please sign in to leave a comment.