List of checks that you can perform on a linux server to try and figure out why it keeps going down
Disk Space:
df -h
(Make sure you have enough disk space)
Memory:
free -m
(Check you're not out of memory)
Processes / Load average
top (shift + m)
htop
(Check for processes that are taking up a lot of memory/CPU)
Apache errors
cat /var/log/apache2/error.log
(Look for 500 errors caused by erroneous code on the server)
High hit rate
grep MaxClients /var/log/apache2/error.log
(Check for MaxClients warningdamn in your apache error logs)
tail -f /var/log/apache2/access.log
(Check for bots/spiders) [You might need to lower your MaxClients settings]
Check recent logs
ls -lrt /var/log/
(the -lrt flag will show you the most recently modified files at the end)
Check your cronjobs
ls -la /var/spool/cron/*
ls -la /etc/cron*
(You might find your server is going down at a certain time, this could be result of a cronjob eating up too many resources)
Check Kernel Messages
dmesg
Check inodes
df -i
(Check inodes remaining when you have a disk that looks full but is reporting free space)
Install Systat for collective stats (cpu, i/o, memory, networking)
http://www.thegeekstuff.com/2011/03/sar-examples/
Determine how many apache threads are running (if you're not using mod_status)
ps -e | grep apache2 | wc -l
For DOS attacks: Start
Number of active, and recently torn down TCP sessions
netstat -ant | egrep -i '(ESTABLISHED|WAIT|CLOSING)' | wc -l
Number of sessions waiting for ACK (SYN Flood)
netstat -ant | egrep -i '(SYN)' | wc -l
List listening TCP sockets
netstat -ant | egrep -i '(LISTEN)'
List arguments passed to program
cat /proc/<PID>/cmdline
For DOS attacks: END