说明:
1.我的日志预先设定好按日生成文件:“CustomLog "|/opt/apache/bin/rotatelogs /opt/apache/logs/www.website.com-access_log.%Y-%m-%d 86400" common”
2.我的日志格式:“61.135.194.120 - - [08/Aug/2011:08:00:28 +0800] "GET /favicon.ico HTTP/1.1" 404 209”
命令行日志分析:
1,查看apache进程:
ps aux | grep httpd | grep -v grep | wc -l
2,查看80端口的tcp连接:
netstat -tan | grep "ESTABLISHED" | grep ":80" | wc -l
3,通过日志查看当天ip连接数,过滤重复:
cat www.website.com-access_log.2011-08-08 |awk '{print $1}' | sort | uniq -c | sort -nr
4,当天ip连接数最高的ip都在干些什么,取前十条记录:
cat www.website.com-access_log.2011-08-08 |grep 114.255.136.70 |awk '{print $7}' | sort | uniq -c | sort -nr|head -n 10
5,当天访问页面排前10的url:
cat www.website.com-access_log.2011-08-08 |awk '{print $7}' | sort | uniq -c | sort -nr|head -n 10
6,用tcpdump嗅探80端口的访问看看谁最高,我的apache有前端负载均衡来nat,所以本条不适用:
tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr
接着就可以从日志里查看该ip在干嘛
评论(0)