最近在尋找這方面的資料:
1,查看apache進程:
ps aux | grep httpd | grep -v grep | wc -l
2,查看80端口的tcp連接:
netstat -tan | grep "ESTABLISHED" | grep ":80" | wc -l
3,通過日志查看當天ip連接數(shù),過濾重復(fù):
cat access_log | grep "24/Jul/2007" | awk '{print $2}' | sort | uniq -c | sort -nr
4,當天ip連接數(shù)最高的ip都在干些什么(原來是蜘蛛):
cat access_log | grep "24/Jul/2007:00" | grep "61.135.166.230" | awk '{print $8}' | sort | uniq -c | sort -nr | head -n 10
5,當天訪問頁面排前10的url:
cat access_log | grep "24/Jul/2007:00" | awk '{print $8}' | sort | uniq -c | sort -nr | head -n 10
6,用tcpdump嗅探80端口的訪問看看誰最高
tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr
接著從日志里查看該ip在干嘛:
cat access_log | grep 220.181.38.183| awk '{print $1"\t"$8}' | sort | uniq -c | sort -nr | less
7,查看某一時間段的ip連接數(shù):
grep "2006:0[7-8]" www20060723.log | awk '{print $2}' | sort | uniq -c| sort -nr | wc -l
posted on 2010-03-31 16:55
Alpha 閱讀(1941)
評論(0) 編輯 收藏 所屬分類:
Java J2EE JSP