网站排障分析命令
系統(tǒng)連接狀態(tài)篇:
1.查看TCP連接狀態(tài)
netstat-nat|awk'{print$6}'|sort|uniq-c|sort-rnnetstat-n|awk'/^tcp/{print$NF}'|sort|uniq-c|sort-rnnetstat-ant|awk'{print$NF}'|grep-v'[a-z]'|sort|uniq-c
2.查找請(qǐng)求數(shù)請(qǐng)20個(gè)IP(常用于查找攻來源):
netstat-anlp|grep80|greptcp|awk'{print$5}'|awk-F:'{print$1}'|sort|uniq-c|sort-nr|head-n20
netstat-ant|awk'/:80/{split($5,ip,":");++A[ip[1]]}END{for(iinA)printA[i],i}'|sort-rn|head-n20
3.用tcpdump嗅探80端口的訪問看看誰最高
tcpdump-ieth0-tnndstport80-c1000|awk-F"."'{print$1"."$2"."$3"."$4}'|sort|uniq-c|sort-nr|head-20
6.根據(jù)端口列進(jìn)程
netstat-ntlp|grep80|awk'{print$7}'|cut-d/-f1
網(wǎng)站日志分析篇1(Apache):
1.獲得訪問前10位的ip地址
cataccess.log|awk'{print$1}'|sort|uniq-c|sort-nr|head-10
cataccess.log|awk'{counts[$(11)]+=1};END{for(urlincounts)printcounts[url],url}'
2.訪問次數(shù)最多的文件或頁面,取前20
cataccess.log|awk'{print$11}'|sort|uniq-c|sort-nr|head-20
3.列出傳輸最大的幾個(gè)exe文件(分析下載站的時(shí)候常用)
cataccess.log|awk'($7~/\.exe/){print$10""$1""$4""$7}'|sort-nr|head-20
4.列出輸出大于200000byte(約200kb)的exe文件以及對(duì)應(yīng)文件發(fā)生次數(shù)
cataccess.log|awk'($10>200000&&$7~/\.exe/){print$7}'|sort-n|uniq-c|sort-nr|head-100
7.列出傳輸時(shí)間超過30秒的文件
cataccess.log|awk'($NF>30){print$7}'|sort-n|uniq-c|sort-nr|head-20
8.統(tǒng)計(jì)網(wǎng)站流量(G)
cataccess.log|awk'{sum+=$10}END{printsum/1024/1024/1024}'
9.統(tǒng)計(jì)404的連接
awk'($9~/404/)'access.log|awk'{print$9,$7}'|sort
網(wǎng)站日分析2(Squid篇)
2.按域統(tǒng)計(jì)流量
zcatsquid_access.log.tar.gz|awk'{print$10,$7}'|awk'BEGIN{FS="[/]"}{trfc[$4]+=$1}END{for(domainintrfc){printf"%s\t%d\n",domain,trfc[domain]}}'
數(shù)據(jù)庫篇
1.查看數(shù)據(jù)庫執(zhí)行的sql
1.查看TCP連接狀態(tài)
netstat-nat|awk'{print$6}'|sort|uniq-c|sort-rnnetstat-n|awk'/^tcp/{print$NF}'|sort|uniq-c|sort-rnnetstat-ant|awk'{print$NF}'|grep-v'[a-z]'|sort|uniq-c
2.查找請(qǐng)求數(shù)請(qǐng)20個(gè)IP(常用于查找攻來源):
netstat-anlp|grep80|greptcp|awk'{print$5}'|awk-F:'{print$1}'|sort|uniq-c|sort-nr|head-n20
netstat-ant|awk'/:80/{split($5,ip,":");++A[ip[1]]}END{for(iinA)printA[i],i}'|sort-rn|head-n20
3.用tcpdump嗅探80端口的訪問看看誰最高
tcpdump-ieth0-tnndstport80-c1000|awk-F"."'{print$1"."$2"."$3"."$4}'|sort|uniq-c|sort-nr|head-20
6.根據(jù)端口列進(jìn)程
netstat-ntlp|grep80|awk'{print$7}'|cut-d/-f1
網(wǎng)站日志分析篇1(Apache):
1.獲得訪問前10位的ip地址
cataccess.log|awk'{print$1}'|sort|uniq-c|sort-nr|head-10
cataccess.log|awk'{counts[$(11)]+=1};END{for(urlincounts)printcounts[url],url}'
2.訪問次數(shù)最多的文件或頁面,取前20
cataccess.log|awk'{print$11}'|sort|uniq-c|sort-nr|head-20
3.列出傳輸最大的幾個(gè)exe文件(分析下載站的時(shí)候常用)
cataccess.log|awk'($7~/\.exe/){print$10""$1""$4""$7}'|sort-nr|head-20
4.列出輸出大于200000byte(約200kb)的exe文件以及對(duì)應(yīng)文件發(fā)生次數(shù)
cataccess.log|awk'($10>200000&&$7~/\.exe/){print$7}'|sort-n|uniq-c|sort-nr|head-100
7.列出傳輸時(shí)間超過30秒的文件
cataccess.log|awk'($NF>30){print$7}'|sort-n|uniq-c|sort-nr|head-20
8.統(tǒng)計(jì)網(wǎng)站流量(G)
cataccess.log|awk'{sum+=$10}END{printsum/1024/1024/1024}'
9.統(tǒng)計(jì)404的連接
awk'($9~/404/)'access.log|awk'{print$9,$7}'|sort
網(wǎng)站日分析2(Squid篇)
2.按域統(tǒng)計(jì)流量
zcatsquid_access.log.tar.gz|awk'{print$10,$7}'|awk'BEGIN{FS="[/]"}{trfc[$4]+=$1}END{for(domainintrfc){printf"%s\t%d\n",domain,trfc[domain]}}'
數(shù)據(jù)庫篇
1.查看數(shù)據(jù)庫執(zhí)行的sql
/usr/sbin/tcpdump-ieth0-s0-l-w-dstport3306|strings|egrep-i'SELECT|UPDATE|DELETE|INSERT|SET|COMMIT|ROLLBACK|CREATE|DROP|ALTER|CALL'
本文轉(zhuǎn)自Devin 51CTO博客,原文鏈接:http://blog.51cto.com/devingeng/1310330
總結(jié)
- 上一篇: 使用jenkins进行项目的自动构建部署
- 下一篇: 51单片机 多机串口通讯实验与双机串口通