Linux Web Server site Failure Analysis common commands

System Connection Status Chapter:

1. View TCP connection Status

Netstat-nat |awk '{print $6}'|Sort|Uniq-c|Sort-Rnnetstat-N |awk '/^tcp/{++s[$NF]}; END {for (a in S) print A, S[a]}'or netstat-N |awk '/^tcp/{++state[$NF]}; END {for (key in) print key, "\ T", State[key]}'netstat-N |awk '/^tcp/{++arr[$NF]}; END {for (k in arr) print K, "T", Arr[k]}'netstat-N |awk '/^tcp/{print $NF}'|Sort|Uniq-c|Sort-Rnnetstat-ant |awk '{print $NF}'|grep-V'[A-z]'|Sort|Uniq-C

2. Find the number of requests 20 IP (commonly used to find the source of attack):

netstat-anlp|grep  the|greptcp|awk '{print $}'|awk-F:'{print $}'|Sort|Uniq-c|Sort-nr|Head-N20netstat-ant |awk '/:80/{split ($5,ip, ":"); ++a[ip[1]]}end{for (i in A) print A[i],i}'|Sort-rn|Head-n20

3. Sniff 80-port access with tcpdump to see who is the tallest

 the  + awk -F". " ' {print $ "." $ "." $ "." $4}'sortuniqsort -nr | Head -

4. Find more time_wait connections

Netstat-n|grep Time_wait|awk ' {print $} ' |sort|uniq-c|sort-rn|head-n20

5. Check for more SYN connections

grep awk ' {print $} ' awk ' {print $} ' Sort Uniq Sort  More

6. Depending on the port column process

grep  the awk ' {print $7} ' Cut -d/-f1

Website Log Analysis 1 (Apache):

1. Get access to the top 10 IP addresses

Cat Access.log| awk ' {print $} '| Sort| Uniq -c| Sort -nr| Head -cat access.log| awk ' {counts[$ (11)]+=1}; END {for (URL in counts) print Counts[url], url}'

2. Most visited files or pages, take the top 20

Cat Access.log| awk ' {print $11} '| Sort| Uniq -c| Sort -nr| Head -

3. List the maximum number of EXE files to be transmitted (commonly used when analyzing the download station)

Cat Access.log | awk ' ($7~/.exe/) {print $ "" $ "" $4 "" $7} '| Sort -nr| Head -

4. list exe files with output greater than 200000byte (approx. 200kb) and the number of corresponding file occurrences

Cat Access.log | awk ' ($ > 200000 && $7~/.exe/) {print $7} '| Sort -n| Uniq -c| Sort -nr| Head -

5. If the last column of the log records the paging file transfer time, there are the most time-consuming pages listed to the client

Cat Access.log | awk ' ($7~/.php/) {print $NF "" $ "" $4 "" $7} '| Sort -nr| Head -

6. List the most time-consuming pages (more than 60 seconds) and the number of corresponding page occurrences

Cat Access.log | awk ' ($NF > && $7~/.php/) {print $7} '| Sort -n| Uniq -c| Sort -nr| Head -

7. List files that have been transmitted for longer than 30 seconds

Cat Access.log | awk ' ($NF >) {print $7} '| Sort -n| Uniq -c| Sort -nr| Head -

8. Statistics website Traffic (G)

Cat Access.log | awk ' {sum+=$10} END {print sum/1024/1024/1024} '

9. Statistics 404 of the Connection

awk ' ($9 ~/404/) ' awk ' {print $9,$7} ' Sort

10. Statistics HTTP Status

Cat Access.log | awk ' {counts[$ (9)]+=1}; END {for (code in counts) print code, Counts[code]}'cat Access.log | awk ' {print $9} '| Sort| Uniq -c| Sort -rn

10. Spider analysis to see which spiders are crawling content.

0 -w-grepgrep'bot|crawler|slurp|spider' 

Website Daily Analysis 2 (Squid articles) statistics by domain traffic

zcat Squid_access.log. Tar awk ' {print $10,$7} ' | awk ' begin{fs= "[/]"}{trfc[$4]+=$1}end{for (domain in TRFC) {printf "%st%dn", Domain,trfc[domain]}} '

Database Chapter
1. View SQL executed by the database

0 -L-w3306egrep'select| update| delete| Insert| Set| Commit| rollback| create| drop| alter| Call'

System Debug Analysis Chapter
1. Debug commands

Strace-p PID

2. Tracking the PID of the specified process

Gdb-p PID

Linux Web Server site Failure Analysis common commands