Docs / Troubleshooting / How to Troubleshoot High CPU Usage on Linux

How to Troubleshoot High CPU Usage on Linux

By Admin · Mar 2, 2026 · Updated Apr 24, 2026 · 27 views · 3 min read

Recognizing the Problem

High CPU usage on your Breeze causes sluggish performance, slow page loads, and can eventually make the server unresponsive. Diagnosing and resolving CPU bottlenecks quickly is essential for maintaining uptime.

Step 1: Assess the Situation

# Quick load average check
uptime
# Output: load average: 8.52, 7.10, 5.23
# Numbers represent 1, 5, and 15 minute averages
# If these exceed your CPU core count, you are overloaded

# Check CPU core count for context
nproc

Step 2: Identify the Offending Process

# Top consumers (sorted by CPU)
top -b -n 1 -o %CPU | head -25

# Detailed per-process view with htop
htop

# Process tree — see parent-child relationships
ps auxf --sort=-%cpu | head -20

# Specific user processes
ps -u www-data --sort=-%cpu -o pid,pcpu,pmem,etime,comm

Step 3: Investigate the Process

# What binary is the process running?
ls -la /proc/PID/exe

# Full command line
cat /proc/PID/cmdline | tr '\0' ' ' ; echo

# Open files and connections
ls -la /proc/PID/fd | head -20

# System calls being made (attach for 10 seconds)
sudo strace -cp PID -e trace=all
# Or trace live
sudo strace -p PID 2>&1 | head -50

# Per-CPU breakdown over 5 seconds
mpstat -P ALL 1 5

Common Causes

Runaway Application

A script stuck in an infinite loop or a misconfigured worker process:

# Kill the offending process gracefully
kill -TERM PID

# Force kill if it does not respond after 10 seconds
kill -9 PID

Database Queries

# Check MySQL process list
mysql -e "SHOW FULL PROCESSLIST;"

# Find slow queries
sudo tail -50 /var/log/mysql/slow-query.log

# Kill a long-running query
mysql -e "KILL QUERY thread_id;"

Web Server Overload

# Check active connections
ss -tnp | grep :80 | wc -l
ss -tnp | grep :443 | wc -l

# Check Nginx/Apache worker count
ps aux | grep -c nginx
ps aux | grep -c apache2

Cryptocurrency Miner (Compromised Server)

# Check for known miner processes
ps aux | grep -iE "xmrig|minerd|cryptonight|kworker.*mining"

# Check for suspicious cron jobs
crontab -l
sudo crontab -l
ls -la /etc/cron.d/

# Check for suspicious network connections
ss -tnp | grep ESTABLISHED

Step 4: Immediate Mitigation

# Lower priority of a CPU-intensive process
sudo renice -n 19 -p PID

# Limit CPU with cpulimit
sudo apt install -y cpulimit
sudo cpulimit -p PID -l 50    # Limit to 50% of one core

# Set CPU affinity (pin to specific cores)
sudo taskset -cp 0,1 PID

Step 5: Long-Term Solutions

  • Set up monitoring and alerting (e.g., with Prometheus/Grafana or simple cron scripts)
  • Configure resource limits in /etc/security/limits.conf or with systemd's CPUQuota=
  • Optimize application code and database queries
  • Scale horizontally if the workload genuinely exceeds capacity
  • Implement proper caching (Redis, Varnish, opcache) to reduce compute load

Was this article helpful?

Related Articles