Questions & Answers for Linux related surfaces

Linux Related Questions & Answer

Linux Face Test & Answer

hypothesis apache The log format is: Span style= "Font-family:tahoma" >
118.78.199.98–-[09/jan/2010:00:59:59 +0800] "get/public/css/ Index.css http/1.1″304– "http://www.a.cn/common/index.php" "mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.3) "

problem 1 : in apachelog 10 ip
awk ' {print '} ' Apache_log |sort |uniq-c| Sort-nr|head-n

awk First, the in each log ip caught, such as the log format has been customized, you can -F defines delimiters and print specified column;
sort for the first sort, so that the same records are arranged together; Span style= "Font-family:tahoma" >
upiq-c merge duplicate rows and record the number of repetitions.
head top 10 screening;
Sort-nr

The commands I refer to are:
Show Ten The most common commands for this article
Sed-e "s/| N/g "~/.bash_history | Cut-d '-F 1 | Sort | uniq-c | Sort-nr | Head

Issue 2: Find the most visited number of minutes in the Apache log.
awk ' {print $4} ' Access_log |cut-c 14-18|sort|uniq-c|sort-nr|head
awkThe fourth column , separated by a space, is[09/jan/2010:00:59:59;
Cut-cExtract -to the -of characters
the rest of the content and questions1similar.

problem 3 : in apache Log to find the most visited page:
awk ' {print $11} ' Apache_log |sed ' s/^.*cn/(. */)/"//1/g ' |sort |uniq-c|sort- Rn|head

similar question 1 2 sed The Replace function of "http://www.a.cn/common/index.php" Replace the contents in parentheses: http://www.a.cn ( /common/index.php ) --

problem 4 : in apache Log to find the most visited (heaviest load) period of time (in minutes), and then look at these times which several ip most visited?
1, View apache process :
PS aux | grep httpd | grep-v grep | wc-l

2, View the of the Port TCP Connection :
Netstat-tan | grep "established" | grep ": 80" | Wc-l

3, View the day through the log IP number of connections, filtering repetition :
Cat Access_log | grep "19/may/2011" | awk ' {print $} ' | Sort | uniq-c | Sort-nr

4, the same day ip The highest number of connections ip What are you doing? ( Cat Access_log | grep "19/may/2011:00" | grep "61.135.166.230" | awk ' {print $8} ' | sort | uniq-c | sort-nr | head -N-

5, same day access page queue 10 Span style= "font-family: Song body" > url:
Cat Access_log | grep "19/may/2010:00 " | awk ' {print $8} ' | Sort | uniq-c | Sort-nr | Head-n

6, with tcpdump sniffing the port access to see who is the tallest
Tcpdump-i ETH0-TNN DST Port 80-c 1000 | Awk-f "." ' {print $ '. $ "." $ "." $4} ' | Sort | uniq-c | Sort-nr

then check out the log IP What are you doing? :
Cat Access_log | grep 220.181.38.183| awk ' {print $ '/t ' $8} ' | Sort | uniq-c | Sort-nr | Less

7, view a time period of IP Number of connections :
grep "2006:0[7-8]" Www20110519.log | awk ' {print $} ' | Sort | uniq-c| Sort-nr | Wc-l

8, Current WEB most connections in the server - Strip IP Address :
Netstat-ntu |awk ' {print $} ' |sort | uniq-c| Sort-n-R | Head-n 20

9, View the most visited front in the log 10 ip
Cat Access_log |cut-d '-F 1 |sort |uniq-c | sort-nr | awk ' {print $} ' | he Ad-n |less

, View log appears 100 More than ip
Cat Access_log |cut-d '- F 1 |sort |uniq-c | awk ' {if ' > Print $ ' | sort -nr |less

One , View the most recently accessed files
Cat Access_log |tail-10000|awk ' {print $7} ' |sort|uniq-c|sort-nr|less

view the pages in the log that have visited more than three times
Cat Access_log | Cut-d '-F 7 | Sort |uniq-c | awk ' {if (>) print $} ' | Less

, list transfer times over - seconds of File
Cat Access_log|awk ' ($NF >) {print $7} ' |sort-n|uniq-c|sort-nr|head-20

, List the most time-consuming pages ( more than a second ) and the number of corresponding page occurrences
Cat Access_log |awk ' ($NF > && $7~//.php/) {print $7} ' |sort-n|uniq-c|sort-nr|head-100

Questions & Answers for Linux related surfaces