Apache日誌分析(shell命令)
查看apache進程: ps aux | grep httpd | grep -v grep | wc -l
2,查看80端口的tcp連接: netstat -tan | grep “ESTABLISHED” | grep “:80″ | wc -l
3,通過日誌查看當天ip連接數,過濾重複: cat access_log | grep “20/Oct/2008″ | awk ‘{print $2}’ | sort | uniq -c | sort -nr
4,當天ip連接數最高的ip (原來是蜘蛛): cat access_log | grep “20/Oct/2008:00″ | grep “122.102.7.212″ | awk ‘{print $8}’ | sort | uniq -c | sort -nr | head -n 10
5,當天訪問頁面排前10的url: cat access_log | grep “20/Oct/2008:00″ | awk ‘{print $8}’ | sort | uniq -c | sort -nr | head -n 10
6,用tcpdump嗅探80端口的訪問看看誰最高 tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F”.” ‘{print $1″.”$2″.”$3″.”$4}’ | sort | uniq -c | sort -nr
接着從日誌裏查看該ip在幹嘛:
cat access_log | grep 122.102.7.212| awk '{print $1"\t"$8}' | sort | uniq -c | sort -nr | less 7,查看某一時間段的ip連接數: grep "2006:0[7-8]" www20060723.log | awk '{print $2}' | sort | uniq -c| sort -nr | wc