Common Apache Log Analysis commands

1.1 view the number of Apache connections

Method 1

[Root @ web10 ~] # Netstat-N | awk '/^ TCP/{++ s [$ NF]} end {for (a in S) print a, s [a]}'
Last_ack 8
Syn_recv 1
Established 1747
Fin_wait1 12
Time_wait 14208

Method 2

Netstat-an | grep estab | awk '{print $5}' | cut-d ": "-F1 | egrep-V" ^ $ "| sort | uniq-c | sort-Nr-K1 | head-10

1.2 obtain the top 10 IP addresses
Cat access. log | gawk '{print $1}' | sort | uniq-c | sort-Nr | head-10

1.3 most accessed files or pages
Cat access. log | gawk '{print $11}' | sort | uniq-c | sort-NR

1.4 The number of times of access through a subdomain name is calculated based on referer.
Cat access. log | awk '{print $11}' | sed-E's/HTTP: \/\ // '-E's /\/. * // '| sort | uniq-c | sort-Rn | head-20

1.5 list the objects with the largest transfer
Cat access. log | awk '($7 ~ /\. Php/) {print $10 "" $1 "" $4 "" $7} '| sort-Nr | head-100

1.6 list the pages with an output greater than 200000 bytes (about KB) and the number of corresponding page occurrences
Cat access. log | awk '($10> 200000 & $7 ~ /\. Php/) {print $7} '| sort-N | uniq-c | sort-Nr | header-100

1.7 if the last column of the log records the page file transfer time, it lists the most time-consuming pages on the client.
Cat access. log | awk '($7 ~ /\. Php/) {print $ NF "" $1 "" $4 "" $7} '| sort-Nr | head-20

1.8 list the most time-consuming pages (more than 60 seconds) and the number of corresponding page occurrences
Cat access. log | awk '($ NF> 60 & $7 ~ /\. Php/) {print $7} '| sort-N | uniq-c | sort-Nr | header-100

1.9 List objects whose transmission time exceeds 30 seconds
Cat access. log | awk '($ NF> 30) {print $7}' | sort-N | uniq-c | sort-Nr | head-20

1.10 The 10th fields in the log indicate the connection time and calculate the average connection time.
Cataccess. log | grep "Connect CBP" | awk 'in in {sum = 0; Count = 0 ;}{ sum + = $10; count ++ ;} end {printf ("sum = % d, Count = % d, AVG = % F \ n", S, M, Count, sum/count )}'

1.11 use tcpdump to sniff access to port 80 to see who is the highest

[Root @ web5 ~] # Tcpdump-I eth0-tnn DST port 80-C 1000 | awk-F ". "'{print $1 ". "$2 ". "$3 ". "$4} '| sort | uniq-c | sort-Nr | head-20

1.12 view the number of concurrent connections of Apache

[Root @ web5 ~] # Netstat-antp | grep 80 | grep established | WC-l
378

1.13 check that Apache works in that mode

[Root @ c26-xcar-bbsweb9 ~] #/Opt/apache2/bin/apachectl-l
Compiled in modules:
Core. c
Mod_access.c
Mod_auth.c
Mod_include.c
Mod_deflate.c
Mod_log_config.c
Mod_env.c
Mod_expires.c
Mod_setenvif.c
Prefork. c
Http_core.c
Mod_mime.c
Mod_status.c
Mod_autoindex.c
Mod_asis.c
Mod_cgi.c
Mod_negotiation.c
Mod_dir.c
Mod_imap.c
Mod_actions.c
Mod_userdir.c
Mod_alias.c
Mod_rewrite.c
Mod_so.c

1.14 What are the top 10 IP Access rankings?

[Root @ web5 newcar] # Cat access_2012030810.log | sort | uniq-c | sort-Nr | head-N 10