Last week, I had a big io spike at 06:39 on April 4 that forced my linode into using swap.

The /var/sys/log showed:

Apr  4 06:25:10 rs3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.6" x-pid="2473" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Apr  4 06:27:37 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=60.191.170.186 DST=173.255.194.87 LEN=40 T
OS=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0 
Apr  4 06:30:01 rs3 CRON[6276]: (mysite) CMD (/home/mysite/deployment/rsproject/my_script.sh)
Apr  4 06:35:01 rs3 CRON[6665]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr  4 06:35:35 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=42.96.174.253 DST=173.255.194.87 LEN=40 TO
S=0x00 PREC=0x00 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0 
Apr  4 06:36:26 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=202.96.216.195 DST=173.255.194.87 LEN=40 T
OS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 
Apr  4 06:37:49 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=199.34.228.161 DST=173.255.194.87 LEN=48 T
OS=0x00 PREC=0x00 TTL=111 ID=58716 DF PROTO=TCP SPT=80 DPT=17820 WINDOW=65535 RES=0x00 ACK SYN URGP=0 
Apr  4 06:38:13 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=116.248.88.197 DST=173.255.194.87 LEN=40 T
OS=0x00 PREC=0x00 TTL=102 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0 
Apr  4 06:38:40 rs3 kernel: Kernel logging (proc) stopped.
Apr  4 06:38:40 rs3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.6" x-pid="2473" x-info="http://www.rsyslog.com"] exiting on signal 15.
Apr  4 06:39:07 rs3 kernel: imklog 5.8.6, log source = /proc/kmsg started.
Apr  4 06:39:07 rs3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.6" x-pid="2456" x-info="http://www.rsyslog.com"] start
Apr  4 06:39:07 rs3 rsyslogd: rsyslogd's groupid changed to 103
Apr  4 06:39:07 rs3 rsyslogd: rsyslogd's userid changed to 101
Apr  4 06:39:07 rs3 rsyslogd-2039: Could not open output pipe '/dev/xconsole' [try http://www.rsyslog.com/e/2039 ]
Apr  4 06:39:07 rs3 kernel: Initializing cgroup subsys cpuset
Apr  4 06:39:07 rs3 kernel: Initializing cgroup subsys cpu
Apr  4 06:39:07 rs3 kernel: Linux version 3.8.4-x86_64-linode31 (maker@build) (gcc version 4.4.5 (Debian 4.4.5-8) ) #1 SMP Mon Mar 25 16:00:34 EDT 201
3
Apr  4 06:39:07 rs3 kernel: Command line: root=/dev/xvda xencons=tty console=tty1 console=hvc0 nosep nodevfs ramdisk_size=32768 ip_conntrack.hashsize=
8192 nf_conntrack.hashsize=8192 ro  devtmpfs.mount=1 
Apr  4 06:39:07 rs3 kernel: e820: BIOS-provided physical RAM map:
Apr  4 06:39:07 rs3 kernel: Xen: [mem 0x0000000000000000-0x000000000009ffff] usable
Apr  4 06:39:07 rs3 kernel: Xen: [mem 0x00000000000a0000-0x00000000000fffff] reserved
Apr  4 06:39:07 rs3 kernel: Xen: [mem 0x0000000000100000-0x00000000607fffff] usable
Apr  4 06:39:07 rs3 kernel: NX (Execute Disable) protection: active
Apr  4 06:39:07 rs3 kernel: DMI not present or invalid.
Apr  4 06:39:07 rs3 kernel: e820: update [mem 0x00000000-0x0000ffff] usable ==> reserved
Apr  4 06:39:07 rs3 kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
Apr  4 06:39:07 rs3 kernel: e820: last_pfn = 0x60800 max_arch_pfn = 0x400000000
Apr  4 06:39:07 rs3 kernel: initial memory mapped: [mem 0x00000000-0x022cefff]
Apr  4 06:39:07 rs3 kernel: Base memory trampoline at [ffff88000009a000] 9a000 size 24576
Apr  4 06:39:07 rs3 kernel: init_memory_mapping: [mem 0x00000000-0x607fffff]
Apr  4 06:39:07 rs3 kernel: [mem 0x00000000-0x607fffff] page 4k
Apr  4 06:39:07 rs3 kernel: kernel direct mapping tables up to 0x607fffff @ [mem 0x01fc8000-0x022cefff]
Apr  4 06:39:07 rs3 kernel: xen: setting RW the range 22b9000 - 22cf000
Apr  4 06:39:07 rs3 kernel: NUMA turned off
Apr  4 06:39:07 rs3 kernel: Faking a node at [mem 0x0000000000000000-0x00000000607fffff]
Apr  4 06:39:07 rs3 kernel: Initmem setup node 0 [mem 0x00000000-0x607fffff]
Apr  4 06:39:07 rs3 kernel:  NODE_DATA [mem 0x5fffc000-0x5fffffff]
Apr  4 06:39:07 rs3 kernel: Zone ranges:
Apr  4 06:39:07 rs3 kernel:  DMA      [mem 0x00010000-0x00ffffff]
Apr  4 06:39:07 rs3 kernel:  DMA32    [mem 0x01000000-0xffffffff]
Apr  4 06:39:07 rs3 kernel:  Normal   empty
Apr  4 06:39:07 rs3 kernel: Movable zone start for each node
Apr  4 06:39:07 rs3 kernel: Early memory node ranges
Apr  4 06:39:07 rs3 kernel:  node   0: [mem 0x00010000-0x0009ffff]
Apr  4 06:39:07 rs3 kernel:  node   0: [mem 0x00100000-0x607fffff]
Apr  4 06:39:07 rs3 kernel: On node 0 totalpages: 395152
Apr  4 06:39:07 rs3 kernel:  DMA zone: 64 pages used for memmap
Apr  4 06:39:07 rs3 kernel:  DMA zone: 6 pages reserved
Apr  4 06:39:07 rs3 kernel:  DMA zone: 3914 pages, LIFO batch:0
Apr  4 06:39:07 rs3 kernel:  DMA32 zone: 6112 pages used for memmap
Apr  4 06:39:07 rs3 kernel:  DMA32 zone: 385056 pages, LIFO batch:31
Apr  4 06:39:07 rs3 kernel: smpboot: Allowing 8 CPUs, 0 hotplug CPUs
Apr  4 06:39:07 rs3 kernel: No local APIC present
Apr  4 06:39:07 rs3 kernel: APIC: disable apic facility
Apr  4 06:39:07 rs3 kernel: APIC: switched to apic NOOP
Apr  4 06:39:07 rs3 kernel: nr_irqs_gsi: 16
Apr  4 06:39:07 rs3 kernel: e820: [mem 0x60800000-0xffffffff] available for PCI devices
Apr  4 06:39:07 rs3 kernel: Booting paravirtualized kernel on Xen
Apr  4 06:39:07 rs3 kernel: Xen version: 3.4.4 (preserve-AD)
Apr  4 06:39:07 rs3 kernel: setup_percpu: NR_CPUS:64 nr_cpumask_bits:64 nr_cpu_ids:8 nr_node_ids:1
Apr  4 06:39:07 rs3 kernel: PERCPU: Embedded 28 pages/cpu @ffff88005f800000 s82304 r8192 d24192 u262144
Apr  4 06:39:07 rs3 kernel: pcpu-alloc: s82304 r8192 d24192 u262144 alloc=1*2097152
Apr  4 06:39:07 rs3 kernel: pcpu-alloc: [0] 0 1 2 3 4 5 6 7 
Apr  4 06:39:07 rs3 kernel: Built 1 zonelists in Node order, mobility grouping on.  Total pages: 388970
Apr  4 06:39:07 rs3 kernel: Policy zone: DMA32
Apr  4 06:39:07 rs3 kernel: Kernel command line: root=/dev/xvda xencons=tty console=tty1 console=hvc0 nosep nodevfs ramdisk_size=32768 ip_conntrack.ha
shsize=8192 nf_conntrack.hashsize=8192 ro  devtmpfs.mount=1 
Apr  4 06:39:07 rs3 kernel: PID hash table entries: 4096 (order: 3, 32768 bytes)
Apr  4 06:39:07 rs3 kernel: __ex_table already sorted, skipping sort
Apr  4 06:39:07 rs3 kernel: Memory: 1523404k/1581056k available (7619k kernel code, 448k absent, 57204k reserved, 5442k data, 688k init)
Apr  4 06:39:07 rs3 kernel: SLUB: Genslabs=15, HWalign=64, Order=0-3, MinObjects=0, CPUs=8, Nodes=1
Apr  4 06:39:07 rs3 kernel: Hierarchical RCU implementation.
Apr  4 06:39:07 rs3 kernel:    RCU restricting CPUs from NR_CPUS=64 to nr_cpu_ids=8.
Apr  4 06:39:07 rs3 kernel: NR_IRQS:4352 nr_irqs:80 16
Apr  4 06:39:07 rs3 kernel: Console: colour dummy device 80x25
Apr  4 06:39:07 rs3 kernel: console [tty0] enabled
Apr  4 06:39:07 rs3 kernel: console [hvc0] enabled
Apr  4 06:39:07 rs3 kernel: Xen: using vcpuop timer interface
Apr  4 06:39:07 rs3 kernel: installing Xen timer for CPU 0
Apr  4 06:39:07 rs3 kernel: tsc: Detected 2266.746 MHz processor
Apr  4 06:39:07 rs3 kernel: Calibrating delay loop (skipped), value calculated using timer frequency.. 4533.49 BogoMIPS (lpj=2266746)
Apr  4 06:39:07 rs3 kernel: pid_max: default: 32768 minimum: 301
Apr  4 06:39:07 rs3 kernel: Security Framework initialized
Apr  4 06:39:07 rs3 kernel: Dentry cache hash table entries: 262144 (order: 9, 2097152 bytes)
Apr  4 06:39:07 rs3 kernel: Inode-cache hash table entries: 131072 (order: 8, 1048576 bytes)
Apr  4 06:39:07 rs3 kernel: Mount-cache hash table entries: 256
Apr  4 06:39:07 rs3 kernel: Initializing cgroup subsys debug
Apr  4 06:39:07 rs3 kernel: Initializing cgroup subsys cpuacct
Apr  4 06:39:07 rs3 kernel: Initializing cgroup subsys devices
Apr  4 06:39:07 rs3 kernel: Initializing cgroup subsys freezer
Apr  4 06:39:07 rs3 kernel: Initializing cgroup subsys blkio
Apr  4 06:39:07 rs3 kernel: Initializing cgroup subsys perf_event
Apr  4 06:39:07 rs3 kernel: CPU: Physical Processor ID: 0
Apr  4 06:39:07 rs3 kernel: CPU: Processor Core ID: 0
Apr  4 06:39:07 rs3 kernel: Last level iTLB entries: 4KB 512, 2MB 7, 4MB 7
Apr  4 06:39:07 rs3 kernel: Last level dTLB entries: 4KB 512, 2MB 32, 4MB 32
Apr  4 06:39:07 rs3 kernel: tlb_flushall_shift: 6
Apr  4 06:39:07 rs3 kernel: cpu 0 spinlock event irq 17
Apr  4 06:39:07 rs3 kernel: Performance Events: unsupported p6 CPU model 26 no PMU driver, software events only.
Apr  4 06:39:07 rs3 kernel: installing Xen timer for CPU 1
Apr  4 06:39:07 rs3 kernel: cpu 1 spinlock event irq 24
Apr  4 06:39:07 rs3 kernel: SMP alternatives: switching to SMP code
Apr  4 06:39:07 rs3 kernel: installing Xen timer for CPU 2
Apr  4 06:39:07 rs3 kernel: cpu 2 spinlock event irq 31
Apr  4 06:39:07 rs3 kernel: installing Xen timer for CPU 3
Apr  4 06:39:07 rs3 kernel: cpu 3 spinlock event irq 38
Apr  4 06:39:07 rs3 kernel: installing Xen timer for CPU 4
Apr  4 06:39:07 rs3 kernel: cpu 4 spinlock event irq 45
Apr  4 06:39:07 rs3 kernel: installing Xen timer for CPU 5
Apr  4 06:39:07 rs3 kernel: cpu 5 spinlock event irq 52
Apr  4 06:39:07 rs3 kernel: installing Xen timer for CPU 6
Apr  4 06:39:07 rs3 kernel: cpu 6 spinlock event irq 59
Apr  4 06:39:07 rs3 kernel: installing Xen timer for CPU 7
Apr  4 06:39:07 rs3 kernel: cpu 7 spinlock event irq 66
Apr  4 06:39:07 rs3 kernel: Brought up 8 CPUs
Apr  4 06:39:07 rs3 kernel: devtmpfs: initialized
Apr  4 06:39:07 rs3 kernel: xor: automatically using best checksumming function:
Apr  4 06:39:07 rs3 kernel:   generic_sse:  3900.000 MB/sec
Apr  4 06:39:07 rs3 kernel: Grant tables using version 1 layout.
Apr  4 06:39:07 rs3 kernel: Grant table initialized
Apr  4 06:39:07 rs3 kernel: NET: Registered protocol family 16
Apr  4 06:39:07 rs3 kernel: bio: create slab <bio-0> at 0
Apr  4 06:39:07 rs3 kernel: raid6: sse2x1    3894 MB/s
Apr  4 06:39:07 rs3 kernel: raid6: sse2x2    4679 MB/s
Apr  4 06:39:07 rs3 kernel: raid6: sse2x4    4593 MB/s
Apr  4 06:39:07 rs3 kernel: raid6: using algorithm sse2x2 (4679 MB/s)
Apr  4 06:39:07 rs3 kernel: raid6: using ssse3x2 recovery algorithm
Apr  4 06:39:07 rs3 kernel: xen/balloon: Initialising balloon driver.
Apr  4 06:39:07 rs3 kernel: xen-balloon: Initialising balloon driver.
Apr  4 06:39:07 rs3 kernel: SCSI subsystem initialized
Apr  4 06:39:07 rs3 kernel: libata version 3.00 loaded.
Apr  4 06:39:07 rs3 kernel: Advanced Linux Sound Architecture Driver Initialized.
Apr  4 06:39:07 rs3 kernel: cfg80211: Calling CRDA to update world regulatory domain
Apr  4 06:39:07 rs3 kernel: NetLabel: Initializing
Apr  4 06:39:07 rs3 kernel: NetLabel:  domain hash size = 128
Apr  4 06:39:07 rs3 kernel: NetLabel:  protocols = UNLABELED CIPSOv4
Apr  4 06:39:07 rs3 kernel: NetLabel:  unlabeled traffic allowed by default
Apr  4 06:39:07 rs3 kernel: Switching to clocksource xen
Apr  4 06:39:07 rs3 kernel: FS-Cache: Loaded
Apr  4 06:39:07 rs3 kernel: CacheFiles: Loaded
Apr  4 06:39:07 rs3 kernel: NET: Registered protocol family 2
Apr  4 06:39:07 rs3 kernel: TCP established hash table entries: 16384 (order: 6, 262144 bytes)
Apr  4 06:39:07 rs3 kernel: TCP bind hash table entries: 16384 (order: 6, 262144 bytes)
Apr  4 06:39:07 rs3 kernel: TCP: Hash tables configured (established 16384 bind 16384)
Apr  4 06:39:07 rs3 kernel: TCP: reno registered
Apr  4 06:39:07 rs3 kernel: UDP hash table entries: 1024 (order: 3, 32768 bytes)
Apr  4 06:39:07 rs3 kernel: UDP-Lite hash table entries: 1024 (order: 3, 32768 bytes)
Apr  4 06:39:07 rs3 kernel: NET: Registered protocol family 1
Apr  4 06:39:07 rs3 kernel: RPC: Registered named UNIX socket transport module.
Apr  4 06:39:07 rs3 kernel: RPC: Registered udp transport module.
Apr  4 06:39:07 rs3 kernel: RPC: Registered tcp transport module.
Apr  4 06:39:07 rs3 kernel: RPC: Registered tcp NFSv4.1 backchannel transport module.
Apr  4 06:39:07 rs3 kernel: platform rtc_cmos: registered platform RTC device (no PNP device found)
Apr  4 06:39:07 rs3 kernel: microcode: CPU0 sig=0x106a5, pf=0x1, revision=0x11
Apr  4 06:39:07 rs3 kernel: microcode: CPU1 sig=0x106a5, pf=0x1, revision=0x11
Apr  4 06:39:07 rs3 kernel: microcode: CPU2 sig=0x106a5, pf=0x1, revision=0x11
Apr  4 06:39:07 rs3 kernel: microcode: CPU3 sig=0x106a5, pf=0x1, revision=0x11
Apr  4 06:39:07 rs3 kernel: microcode: CPU4 sig=0x106a5, pf=0x1, revision=0x11
Apr  4 06:39:07 rs3 kernel: microcode: CPU5 sig=0x106a5, pf=0x1, revision=0x11
Apr  4 06:39:07 rs3 kernel: microcode: CPU6 sig=0x106a5, pf=0x1, revision=0x11
Apr  4 06:39:07 rs3 kernel: microcode: CPU7 sig=0x106a5, pf=0x1, revision=0x11
Apr  4 06:39:07 rs3 kernel: microcode: Microcode Update Driver: v2.00 <tigran@aivazian.fsnet.co.uk>, Peter Oruba
Apr  4 06:39:07 rs3 kernel: AVX or AES-NI instructions are not detected.
Apr  4 06:39:07 rs3 kernel: AVX instructions are not detected.
Apr  4 06:39:07 rs3 kernel: AVX instructions are not detected.
Apr  4 06:39:07 rs3 kernel: audit: initializing netlink socket (disabled)
Apr  4 06:39:07 rs3 kernel: type=2000 audit(1365057543.045:1): initialized
Apr  4 06:39:07 rs3 kernel: HugeTLB registered 2 MB page size, pre-allocated 0 pages
Apr  4 06:39:07 rs3 kernel: VFS: Disk quotas dquot_6.5.2
Apr  4 06:39:07 rs3 kernel: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
Apr  4 06:39:07 rs3 kernel: DLM installed
Apr  4 06:39:07 rs3 kernel: squashfs: version 4.0 (2009/01/31) Phillip Lougher
Apr  4 06:39:07 rs3 kernel: NFS: Registering the id_resolver key type
Apr  4 06:39:07 rs3 kernel: Key type id_resolver registered
Apr  4 06:39:07 rs3 kernel: Key type id_legacy registered
Apr  4 06:39:07 rs3 kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de).
Apr  4 06:39:07 rs3 kernel: Key type cifs.spnego registered
Apr  4 06:39:07 rs3 kernel: fuse init (API version 7.20)
Apr  4 06:39:07 rs3 kernel: JFS: nTxBlock = 8192, nTxLock = 65536
Apr  4 06:39:07 rs3 kernel: SGI XFS with ACLs, security attributes, realtime, large block/inode numbers, no debug enabled
Apr  4 06:39:07 rs3 kernel: GFS2 installed
Apr  4 06:39:07 rs3 kernel: ceph: loaded (mds proto 32)
Apr  4 06:39:07 rs3 kernel: msgmni has been set to 2975
Apr  4 06:39:07 rs3 kernel: Key type asymmetric registered
Apr  4 06:39:07 rs3 kernel: Asymmetric key parser 'x509' registered
Apr  4 06:39:07 rs3 kernel: Block layer SCSI generic (bsg) driver version 0.4 loaded (major 252)
Apr  4 06:39:07 rs3 kernel: io scheduler noop registered
Apr  4 06:39:07 rs3 kernel: io scheduler deadline registered
Apr  4 06:39:07 rs3 kernel: io scheduler cfq registered (default)
Apr  4 06:39:07 rs3 kernel: Event-channel device installed.
Apr  4 06:39:07 rs3 kernel: Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
Apr  4 06:39:07 rs3 kernel: Non-volatile memory driver v1.3
Apr  4 06:39:07 rs3 kernel: [drm] Initialized drm 1.1.0 20060810
Apr  4 06:39:07 rs3 kernel: brd: module loaded
Apr  4 06:39:07 rs3 kernel: loop: module loaded
Apr  4 06:39:07 rs3 kernel: nbd: registered device at major 43
Apr  4 06:39:07 rs3 kernel: events: mcg drbd: 5
Apr  4 06:39:07 rs3 kernel: drbd: initialized. Version: 8.4.2 (api:1/proto:86-101)
Apr  4 06:39:07 rs3 kernel: drbd: built-in
Apr  4 06:39:07 rs3 kernel: drbd: registered as block device major 147
Apr  4 06:39:07 rs3 kernel: rbd: loaded rbd (rados block device)
Apr  4 06:39:07 rs3 kernel: tun: Universal TUN/TAP device driver, 1.6
Apr  4 06:39:07 rs3 kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Apr  4 06:39:07 rs3 kernel: PPP generic driver version 2.4.2
Apr  4 06:39:07 rs3 kernel: PPP BSD Compression module registered
Apr  4 06:39:07 rs3 kernel: PPP Deflate Compression module registered
Apr  4 06:39:07 rs3 kernel: PPP MPPE Compression module registered
Apr  4 06:39:07 rs3 kernel: NET: Registered protocol family 24
Apr  4 06:39:07 rs3 kernel: PPTP driver version 0.8.5
Apr  4 06:39:07 rs3 kernel: Initialising Xen virtual ethernet driver.
Apr  4 06:39:07 rs3 kernel: blkfront: xvda: barrier: enabled 
Apr  4 06:39:07 rs3 kernel: xvda: unknown partition table
Apr  4 06:39:07 rs3 kernel: Setting capacity to 124256256
Apr  4 06:39:07 rs3 kernel: xvda: detected capacity change from 0 to 63619203072
Apr  4 06:39:07 rs3 kernel: aoe: AoE v81 initialised.
Apr  4 06:39:07 rs3 kernel: blkfront: xvdb: barrier: enabled 
Apr  4 06:39:07 rs3 kernel: xvdb: unknown partition table
Apr  4 06:39:07 rs3 kernel: Setting capacity to 1056768
Apr  4 06:39:07 rs3 kernel: xvdb: detected capacity change from 0 to 541065216
Apr  4 06:39:07 rs3 kernel: i8042: No controller found
Apr  4 06:39:07 rs3 kernel: mousedev: PS/2 mouse device common for all mice
Apr  4 06:39:07 rs3 kernel: md: raid0 personality registered for level 0
Apr  4 06:39:07 rs3 kernel: md: raid1 personality registered for level 1
Apr  4 06:39:07 rs3 kernel: md: raid10 personality registered for level 10
Apr  4 06:39:07 rs3 kernel: md: raid6 personality registered for level 6
Apr  4 06:39:07 rs3 kernel: md: raid5 personality registered for level 5
Apr  4 06:39:07 rs3 kernel: md: raid4 personality registered for level 4
Apr  4 06:39:07 rs3 kernel: device-mapper: ioctl: 4.23.1-ioctl (2012-12-18) initialised: dm-devel@redhat.com
Apr  4 06:39:07 rs3 kernel: Netfilter messages via NETLINK v0.30.
Apr  4 06:39:07 rs3 kernel: nf_conntrack version 0.5.0 (8192 buckets, 65536 max)
Apr  4 06:39:07 rs3 kernel: ctnetlink v0.93: registering with nfnetlink.
Apr  4 06:39:07 rs3 kernel: xt_time: kernel timezone is -0000
Apr  4 06:39:07 rs3 kernel: ip_set: protocol 6
Apr  4 06:39:07 rs3 kernel: IPv4 over IPv4 tunneling driver
Apr  4 06:39:07 rs3 kernel: gre: GRE over IPv4 demultiplexor driver
Apr  4 06:39:07 rs3 kernel: ip_gre: GRE over IPv4 tunneling driver
Apr  4 06:39:07 rs3 kernel: IPv4 over IPSec tunneling driver
Apr  4 06:39:07 rs3 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Apr  4 06:39:07 rs3 kernel: TCP: cubic registered
Apr  4 06:39:07 rs3 kernel: Initializing XFRM netlink socket
Apr  4 06:39:07 rs3 kernel: NET: Registered protocol family 10
Apr  4 06:39:07 rs3 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Apr  4 06:39:07 rs3 kernel: sit: IPv6 over IPv4 tunneling driver
Apr  4 06:39:07 rs3 kernel: ip6_gre: GRE over IPv6 tunneling driver
Apr  4 06:39:07 rs3 kernel: NET: Registered protocol family 17
Apr  4 06:39:07 rs3 kernel: NET: Registered protocol family 15
Apr  4 06:39:07 rs3 kernel: Bridge firewalling registered
Apr  4 06:39:07 rs3 kernel: Ebtables v2.0 registered
Apr  4 06:39:07 rs3 kernel: sctp: Hash tables configured (established 65536 bind 65536)
Apr  4 06:39:07 rs3 kernel: Key type dns_resolver registered
Apr  4 06:39:07 rs3 kernel: Key type ceph registered
Apr  4 06:39:07 rs3 kernel: libceph: loaded (mon/osd proto 15/24, osdmap 5/6 5/6)
Apr  4 06:39:07 rs3 kernel: registered taskstats version 1
Apr  4 06:39:07 rs3 kernel: console [netcon0] enabled
Apr  4 06:39:07 rs3 kernel: netconsole: network logging started
Apr  4 06:39:07 rs3 kernel: ALSA device list:
Apr  4 06:39:07 rs3 kernel:  No soundcards found.
Apr  4 06:39:07 rs3 kernel: md: Waiting for all devices to be available before autodetect
Apr  4 06:39:07 rs3 kernel: md: If you don't use raid, use raid=noautodetect
Apr  4 06:39:07 rs3 kernel: md: Autodetecting RAID arrays.
Apr  4 06:39:07 rs3 kernel: md: Scanned 0 and added 0 devices.
Apr  4 06:39:07 rs3 kernel: md: autorun ...
Apr  4 06:39:07 rs3 kernel: md: ... autorun DONE.
Apr  4 06:39:07 rs3 kernel: EXT3-fs: barriers not enabled
Apr  4 06:39:07 rs3 kernel: kjournald starting.  Commit interval 5 seconds
Apr  4 06:39:07 rs3 kernel: EXT3-fs (xvda): mounted filesystem with writeback data mode
Apr  4 06:39:07 rs3 kernel: VFS: Mounted root (ext3 filesystem) readonly on device 202:0.
Apr  4 06:39:07 rs3 kernel: devtmpfs: mounted
Apr  4 06:39:07 rs3 kernel: Freeing unused kernel memory: 688k freed
Apr  4 06:39:07 rs3 kernel: Write protecting the kernel read-only data: 12288k
Apr  4 06:39:07 rs3 kernel: Freeing unused kernel memory: 560k freed
Apr  4 06:39:07 rs3 kernel: Freeing unused kernel memory: 780k freed
Apr  4 06:39:07 rs3 kernel: Adding 524284k swap on /dev/xvdb.  Priority:-1 extents:1 across:524284k SS
Apr  4 06:39:07 rs3 kernel: EXT3-fs (xvda): using internal journal
Apr  4 06:39:07 rs3 cron[2498]: (CRON) INFO (pidfile fd = 3)
Apr  4 06:39:07 rs3 cron[2503]: (CRON) STARTUP (fork ok)
Apr  4 06:39:07 rs3 cron[2503]: (CRON) INFO (Running @reboot jobs)
Apr  4 06:39:13 rs3 kernel: postgres (2659): /proc/2659/oom_adj is deprecated, please use /proc/2659/oom_score_adj instead.
Apr  4 06:39:19 rs3 ntpdate[2483]: step time server 199.102.46.72 offset 0.596600 sec
Apr  4 06:39:19 rs3 ntpd[3102]: ntpd 4.2.6p3@1.2290-o Tue Jun  5 20:12:08 UTC 2012 (1)
Apr  4 06:39:19 rs3 ntpd[3103]: proto: precision = 0.767 usec
Apr  4 06:39:19 rs3 ntpd[3103]: ntp_io: estimated max descriptors: 1024, initial socket boundary: 16
Apr  4 06:39:19 rs3 ntpd[3103]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123
Apr  4 06:39:19 rs3 ntpd[3103]: Listen and drop on 1 v6wildcard :: UDP 123
Apr  4 06:39:19 rs3 ntpd[3103]: Listen normally on 2 lo 127.0.0.1 UDP 123
Apr  4 06:39:19 rs3 ntpd[3103]: Listen normally on 3 eth0 173.255.194.87 UDP 123
Apr  4 06:39:19 rs3 ntpd[3103]: Listen normally on 4 lo ::1 UDP 123
Apr  4 06:39:19 rs3 ntpd[3103]: Listen normally on 5 eth0 2600:3c00::f03c:91ff:feae:e793 UDP 123
Apr  4 06:39:19 rs3 ntpd[3103]: Listen normally on 6 eth0 fe80::f03c:91ff:feae:e793 UDP 123
Apr  4 06:39:19 rs3 ntpd[3103]: peers refreshed
Apr  4 06:39:19 rs3 ntpd[3103]: Listening on routing socket on fd #23 for interface updates
Apr  4 06:41:01 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=117.25.148.95 DST=173.255.194.87 LEN=40 TO
S=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0 

I used the script found here:
http://stackoverflow.com/questions/1349 ... -all-users

to list all root cron jobs, and it displayed this (none of the users have cron jobs that would've caused the items listed above):

mi       h   d  m  w  user  command
25       6   *  *  *  root  /etc/cron.daily/apache2
25       6   *  *  *  root  /etc/cron.daily/apport
25       6   *  *  *  root  /etc/cron.daily/apt
25       6   *  *  *  root  /etc/cron.daily/aptitude
25       6   *  *  *  root  /etc/cron.daily/bsdmainutils
25       6   *  *  *  root  /etc/cron.daily/dpkg
25       6   *  *  *  root  /etc/cron.daily/exim4-base
25       6   *  *  *  root  /etc/cron.daily/logrotate
25       6   *  *  *  root  /etc/cron.daily/man-db
25       6   *  *  *  root  /etc/cron.daily/mlocate
25       6   *  *  *  root  /etc/cron.daily/ntp
25       6   *  *  *  root  /etc/cron.daily/passwd
25       6   *  *  *  root  /etc/cron.daily/standard
25       6   *  *  *  root  /etc/cron.daily/sysstat
25       6   *  *  *  root  /etc/cron.daily/update-notifier-common
47       6   *  *  7  root  /etc/cron.weekly/apt-xapian-index
47       6   *  *  7  root  /etc/cron.weekly/man-db
5-55/10  *   *  *  *  root  command -v debian-sa1 > /dev/null && debian-sa1 1 1
59       23  *  *  *  root  command -v debian-sa1 > /dev/null && debian-sa1 60 2

Any idea what could be causing this or how I can prevent it in the future? It's almost been a week, and it has not repeated itself so far. Any help is appreciated!

Umm, the log from 06:39:07 forward shows your Linode booting. That would tend to cause a lot of disk activity.

I must have grabbed the wrong part of the log. This spike certainly was not caused by a boot. I'll have to check whether I have more of the log available later.

Here is the rest of the log for the hour that the spike occured in:

Apr  4 06:41:01 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=117.25.148.95 DST=173.255.194.87 LEN=40 TO
S=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0 
Apr  4 06:45:01 rs3 CRON[11689]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr  4 06:49:01 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=60.173.14.75 DST=173.255.194.87 LEN=40 TOS
=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=8080 WINDOW=16384 RES=0x00 SYN URGP=0 
Apr  4 06:55:01 rs3 CRON[18534]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Apr  4 06:59:43 rs3 kernel: nf_conntrack: automatic helper assignment is deprecated and it will be removed soon. Use the iptables CT target to attach 
helpers instead.
Apr  4 06:59:43 rs3 kernel: iptables denied: IN=eth0 OUT= MAC=f2:3c:91:ae:e7:93:84:78:ac:0d:97:c1:08:00 SRC=188.132.242.132 DST=173.255.194.87 LEN=444

Clearly, the spike is occuring between 6 and 7, so it must be something I've listed...

Are the Manager graphs and your syslog operating at the same timezone for sure?
Note that your user account and the system-global setting (which syslog will use) may be different.
tail /var/log/syslog, and check if the most recent entries are close to the hour shown on the graph.

Also, keep in mind that if the IO spike was done by something outside of the system stack (eg. your SQL server receiving some full table scan queries - like it happened to me - or yandex imagebot pulling down 10GB of stuff from your gallery within ten minutes) you won't see it in syslog.

_________________
rsk, providing useless advice on the Internet since 2005.

Yes, I just checked, and my time zones are synced between the syslog and the linode graphs.