apache access log analyzer

Transferred from: volume analytics, etc., but ignored Apache access logs! Apache logs can record every request of the website for the Administrator's reference. Especially when a website is faulty, Apache log files can provide a lot of useful information. By analyzing

1.1 view the number of Apache connections Method 1 [Root @ web10 ~] # Netstat-N | awk '/^ TCP/{++ s [$ NF]} end {for (a in S) print a, s [a]}'Last_ack 8Syn_recv 1Established 1747Fin_wait1 12Time_wait 14208 Method 2 Netstat-an | grep estab | awk '{print $5}' | cut-d ": "-F1 | egrep-V" ^ $ "| sort | uniq-c | sort-Nr-K1 | head-10 1.2 obtain the top 10 IP addressesCat access.

In the case of a log, we log several logs each time we visit the site. If the log is not managed, the log files will grow larger and larger, too large to be open with cat, less, and vim, head and tail. To avoid generating such a large log file,

=1359376847 9/phpmyadmin/js/jquery/jquery-ui-1.8.16.custom.js?ts=1359376847 9/phpmyadmin/js/jquery/jquery.qtip-1.0.0-rc3.js?ts=1359376847 9/phpmyadmin/js/functions.js?ts=1359376847 8/phpmyadmin/js/cross_framing_protection.js?ts=1359376847 7/phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.16.custom.css 7/phpmyadmin/themes/pmahomme/img/sprites.png 5, in the Apache log to find the most visited (load the

Scenario: when we have LFI vul, the most common use is to construct malicious logs to exploit the vulnerability. Some problems may occur in this process. The following describes the problems and solutions.Topic: Apache Log bypass URL encoding methodFirst, briefly introduce Apache logs. Apache logs are stored in the log

second, refers to the day. Then the log will be cut once every day. The last combined is the log format, in which the httpd.conf has the definition of the log format.# grep logformat/usr/local/apache2/conf/httpd.confLogformat "%h%l%u%t \"%r\ "%>s%b \"%{referer}i\ "\"%{user-agent}i\ "" combinedLogformat "%h%l%u%t \"%r\ "%>s%b" commonLogformat "%h%l%u%t \"%r\ "%>s

/usr/local/apache2/bin/apachectl-m: See which modules are installed/usr/local/apache2/bin/apachectl-t: Checking for syntax errors/usr/local/apache2/bin/apachectl-l: Viewing the installed library files/usr/local/apache2/bin/apachectl Graceful: Reload configuration/usr/local/apache2/htcocs Home Store Directory/usr/local/apache2/bin/apachectl Startup file directory/usr/local/apache2/conf configuration file path1. Domain Jump site can set domain name alias, set the

Suppose the Apache log format is: 118.78.199.98–-[09/jan/2010:00:59:59 +0800] "Get/public/css/index.css http/1.1″304–" http://www.a.cn/common/ index.php " " mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.3) " Issue 1: Find the most visited 10 IP in Apachelog. awk ' {print $} ' apache_log |sort |uniq-c|sort-nr|head-n 10awk first grabs the IP from each

: This article mainly introduces php regular expression parsing apache log file. For more information about PHP tutorials, see. Logs can be rolled hourly and analyzed using php regular expressions. $ LogLine = '2017. 0.0.1--[22/May/2015: 17: 09: 13 + 0800] "GET/sale/images/y-select.png HTTP/1.1" 200 1095 '; $ pattern = '/^ (? P [0-9.] + )--\[(? P [^ \] +) \] + "GET (? P [^] +) HTTP \/1. [1

-cThe remaining content is similar to question 1. Question 3: Find the most visited page in the apache log:Awk '{print $11}' apache_log | sed's/^. * cn /(. */)/"// 1/G' | sort | uniq-c | sort-rn | head Similar to Problems 1 and 2, the only special feature is to replace "http://www.a.cn/common/index.php?" with the internal content of" http://www.a.cn (/common/index. php) "with the sed replacement function )" Question 4: In the

You can scroll the logs by the hour, using the PHP regular analysis log method to solve $logLine = ' 127.0.0.1--[22/may/2015:17:09:13 +0800] ' get/sale/images/y-select.png http/1.1 ' 1095 '; $pattern = '/^ (? P [0-9.] +) - - \[(? P [^\]]+] \]+ "GET (? P [^]+) http\/1.[ 1|0|2] "(? P [0-9.] +) (? P [0-9.] +)/I ';p reg_match ($pattern, $

Apache Log Statistics ExampleAdd some to learn how to count Apache access logs, you can generally use the tail command to view log file changes in real time, but a variety of applications in the log can be very complex, a lot of l

/apachectl -tSyntax OK[[emailprotected] ~]# /usr/local/apache2/bin/apachectl gracefulDefine all requests to access the pictures as variable img, and exclude them in the access record (log). Accessing the file contents in the format specified in the IMG variable with curl after reloading will not produce an access recor

1, log file is too big the first step: Stop all processes of Apache service, delete the Error.log, access.log files under the/var/log/httpd directory Step two: Open the/etc/httpd/conf httpd.conf configuration file and locate the following configuration Errorlog Logs/error.log put the above comment off and change it to # generate an error

to question 1. Issue 3: Find the most visited pages in the Apache log:awk ' {print $11} ' Apache_log |sed ' s/^.*cn/(. * *)/'//1/g ' |sort |uniq-c|sort-rn|head Similar to questions 1 and 2, the only special is to replace the "http://www.a.cn/common/index.php" with the one in parentheses with the SED replacement feature: "Http://www.a.cn (/common/index.php)" Question 4: In the Apache

/profileFile (required if first install) [y/n]? Y whether to create a new awstats configuration file----------------------------------3-----------------------------------Your Web site, virtual server or profile name: www.benet.com//Enter domain name --------------4--------------The default path should not enter .... EnterHttp://www.abc.com/awstats/awstats.pl?config=www.abc.com tells you that you can access it through this website.=======

Apache 2.4.4 automatically split logs, generated by date Wed software Apache Nginx lls7 Tomcat Software HTTP protocol 80 Port Domain name resolution DNS TCP 53 (with DNS connection) UDP 53 port (Resolve DNS) Language html5+css3 jsp php java python RPM-IVH/MNT/PACKAGES/HTTPD-2.2.15-29.EL6_4.X86_64.RPM installation httpd rpm-ivh/mnt/packages/bind-9.8.2-0.17.rc1.el6_4.6.x86_64 Installing DNS doma

You can scroll the logs by the hour, using the PHP regular analysis log method to solve $logLine = ' 127.0.0.1--[22/may/2015:17:09:13 +0800] ' get/sale/images/y-select.png http/1.1 ' 1095 '; $pattern = '/^ (? P [0-9.] +) - - \[(? P [^\]]+] \]+ "GET (? P [^]+) http\/1.[ 1|0|2] "(? P [0-9.] +) (? P [0-9.] +)/I ';p reg_match ($pattern, $

to question 1.Issue 3: Find the most visited pages in the Apache log:awk ' {print $11} ' Apache_log |sed ' s/^.*cn/(. */)/'//1/g ' |sort |uniq-c|sort-rn|headSimilar to questions 1 and 2, the only special is to replace "http://www.a.cn/common/index.php" in parentheses with the replacement function of sed: "http://www.a.cn (/common/index.php)"Question 4: In the Apache lo