Linux Web Server site Failure Analysis common commands

Linux Web Server Web site Failure Analysis Common Command article directory [hidden] system connection Status: Web site Log Analysis 1 (Apache): Database of the system debug analysis of the System Connection status chapter:1. View TCP connection Status netstat-nat |awk'{print $6}'|sort|uniq-c|sort-Rnnetstat-N | Awk'/^tcp/{++s[$NF]}; END {for (a in S) print A, S[a]}'netstat-N | Awk'/^tcp/{++state[$NF]}; END {for (key in) print key, "T", State[key]}'netstat-N | Awk'/^tcp/{++arr[$NF]}; END {for (k in arr) print K, "T", Arr[k]}'netstat-N |awk'/^tcp/{print $NF}'|sort|uniq-c|sort-Rnnetstat-ant | Awk'{print $NF}'| Grep-v'[A-z]'| Sort | Uniq-C2. Find requests 20 IP (commonly used to find the source of attack): Netstat-anlp|grep the|grep Tcp|awk'{print $}'|awk-f:'{print $}'|sort|uniq-c|sort-nr|head-N20netstat-ant |awk'/:80/{split ($5,ip, ":"); ++a[ip[1]]}end{for (i in A) print A[i],i}'|sort-rn|head-N203. Use tcpdump to sniff the 80-port access to see who is highest tcpdump-I ETH0-TNN DST Port the-C +| Awk-f"." '{print $ "." $ "." $ "." $4}'| Sort | uniq-c | Sort-nr |head- -4. Find more time_wait connections netstat-n|grep Time_wait|awk'{print $}'|sort|uniq-c|sort-rn|head-N205. Find more SYN connections netstat-an | grep SYN | Awk'{print $}'| Awk-f:'{print $}'| Sort | uniq-c | Sort-nr | More6. Depending on the port column process netstat-NTLP | Grep the| Awk'{print $7}'| Cut-d/-F1 website Log Analysis 1 (Apache):1get access to the top 10-bit IP address of cat Access.log|awk'{print $}'|sort|uniq-c|sort-nr|head-TenCat Access.log|awk'{counts[$ (11)]+=1}; END {for (URL in counts) print Counts[url], url}'2. The most visited file or page, take the top 20cat access.log|awk'{print $11}'|sort|uniq-c|sort-nr|head- -3. Lists the maximum number of EXE files to transmit (commonly used when analyzing the download station) Cat Access.log|awk'($7~/.exe/) {print $ "" $ "" $4 "" $7}'|sort-nr|head- -4. list exe files with output greater than 200000byte (approx. 200kb) and corresponding file occurrences cat Access.log|awk'($ > 200000 && $7~/.exe/) {print $7}'|sort-n|uniq-c|sort-nr|head- -5. If the last column of the log records the paging file transfer time, there are the most time-consuming pages listed to the client cat Access.log|awk'($7~/.php/) {print $NF "" $ "" $4 "" $7}'|sort-nr|head- -6. List the most time-consuming pages (more than 60 seconds) and the number of corresponding page occurrences cat Access.log|awk'($NF > && $7~/.php/) {print $7}'|sort-n|uniq-c|sort-nr|head- -7. List transfer times over -seconds of File cat Access.log|awk'($NF >) {print $7}'|sort-n|uniq-c|sort-nr|head- -8Statistics website Traffic (G) Cat Access.log|awk'{sum+=$10} END {print sum/1024/1024/1024}'9. Statistics 404 of the connection awk'($9 ~/404/)'Access.log | Awk'{print $9,$7}'|SortTen. Statistics HTTP statuscat access.log|awk'{counts[$ (9)]+=1}; END {for (Coolcode in counts) print Coolcode, counts}'Cat Access.log|awk'{print $9}'|sort|uniq-c|sort-RNTen. Spider analysis to see which spiders are crawling content. /usr/sbin/tcpdump-i Eth0-l-S0-W-DST Port the| Strings | Grep-i User-agent | Grep-i-E'Bot|crawler|slurp|spider'website Daily Analysis 2 (Squid article) statistics by domain traffic Zcat squid_access.log.tar.gz| Awk'{print $10,$7}'|awk'begin{fs= "[/]"}{trfc[$4]+=$1}end{for (domain in TRFC) {printf "%st%dn", Domain,trfc[domain]}}'Database Chapter1. View SQL executed by the database/usr/sbin/tcpdump-i eth0-s0-l-w-DST Port3306| Strings | Egrep-i'select| update| delete| Insert| Set| Commit| rollback| create| drop| alter| Pager'System Debug Analysis Chapter1. Debug command Strace-P PID2. Tracking the pidgdb of a specified process-p PID switch from: http://www.ha97.com/4392.html

Linux Web Server site Failure Analysis common commands