Apache log some of the operational command tips _linux

Suppose the Apache log format is:

118.78.199.98–-[09/jan/2010:00:59:59 +0800] "Get/public/css/index.css http/1.1″304–" http://www.a.cn/common/ index.php "
" mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.3) "

Issue 1: Find the most visited 10 IP in Apachelog.

awk ' {print $} ' apache_log |sort |uniq-c|sort-nr|head-n 10
awk first grabs the IP from each log, such as the log format is customized, and the-F defines the separator and the print specified column;
Sort to arrange the initial order to align the same records together;
Upiq-c merges duplicate rows and records the number of repetitions.
Head for the first 10 screening;
Sort-nr the sequence of flashbacks by number.

My reference to the order is:
Show 10 most-used commands

Copy Code code as follows:

Sed-e "s/| /n/g "~/.bash_history | Cut-d '-F 1 | Sort | uniq-c | Sort-nr | Head

Question 2: Find the most visited minutes in the Apache log.

Copy Code code as follows:

awk ' {print $} ' Access_log |cut-c 14-18|sort|uniq-c|sort-nr|head

The fourth column in which Awk is separated by a space is [09/jan/2010:00:59:59;
CUT-C extracts 14 to 18 characters--00:59
The remaining content is similar to question 1.

Issue 3: Find the most visited pages in the Apache log:

Copy Code code as follows:

awk ' {print $11} ' Apache_log |sed ' S/^.*CN (. *) '/1/g ' |sort |uniq-c|sort-rn|head

Similar to questions 1 and 2, the only special is to replace the "http://www.a.cn/common/index.php" with the one in parentheses with the SED replacement feature: "Http://www.a.cn (/common/index.php)"

Question 4: In the Apache log, find the number of times (in minutes) of the most visited (the most heavily loaded), and then see which IP accesses the most at these times?

1, view the Apache process:

Copy Code code as follows:

PS aux | grep httpd | Grep-v grep | Wc-l//PS aux is the display of all processes and their status.

2, view TCP connections for port 80:

Copy Code code as follows:

Netstat-tan | grep "established" | grep ": 80" | Wc-l

3, through the log to view the number of IP connections, filter repeat:

Copy Code code as follows:

Cat Access_log | grep "19/may/2011" | awk ' {print $} ' | Sort | uniq-c | Sort-nr

4, the IP connection of the day the highest IP is doing something (the original spider):

Copy Code code as follows:

Cat Access_log | grep "19/may/2011:00" | grep "61.135.166.230" | awk ' {print $} ' | Sort | uniq-c | Sort-nr | Head-n 10

5, the same day access page row Top 10 URL:

Copy Code code as follows:

Cat Access_log | grep "19/may/2010:00" | awk ' {print $} ' | Sort | uniq-c | Sort-nr | Head-n 10

6, with tcpdump Sniff 80-port access to see who's the tallest

Copy Code code as follows:

Tcpdump-i ETH0-TNN DST Port 80-c 1000 | Awk-f "." ' {print $. ' $ "." $ "." $} ' | Sort | uniq-c | Sort-nr

Then from the log to see what the IP is doing:

Copy Code code as follows:

Cat Access_log | grep 220.181.38.183| awk ' {print ' t ' $} ' | Sort | uniq-c | Sort-nr | Less

7, view the number of IP connections for a time period:

Copy Code code as follows:

grep "2006:0[7-8]" Www20110519.log | awk ' {print $} ' | Sort | uniq-c| Sort-nr | Wc-l

8, the maximum number of connections in the current Web server 20 IP addresses:

Copy Code code as follows:

Netstat-ntu |awk ' {print $} ' |sort | uniq-c| Sort-n-R | Head-n 20

9, view the top 10 most visited IP in the log

Copy Code code as follows:

Cat Access_80_log |cut-d '-F 1 |sort |uniq-c | Sort-nr | awk ' {print $} ' | Head-n |less

10, view the log more than 100 times the IP

Copy Code code as follows:

Cat Access_log |cut-d '-F 1 |sort |uniq-c | awk ' {if ($ >) print $} ' |sort-nr |less

11, view the most recently accessed files

Copy Code code as follows:

Cat Access_log |tail-10000|awk ' {print $} ' |sort|uniq-c|sort-nr|less

12, view pages that are accessed more than 100 times in the log

Copy Code code as follows:

Cat Access_log | Cut-d '-F 7 | Sort |uniq-c | awk ' {if ($ >) print $} ' | Less

13, list files with a transmission time of more than 30 seconds

Copy Code code as follows:

Cat Access_log|awk ' ($NF >) {print $} ' |sort-n|uniq-c|sort-nr|head-20

14, list the most time-consuming pages (more than 60 seconds) and the number of corresponding pages

Copy Code code as follows:

Cat Access_log |awk ' ($NF > && $7~/.php/) {print $} ' |sort-n|uniq-c|sort-nr|head-100