View apache link status and related values

Netstat-n | awk '/^ tcp/{++ S [$ NF]} END {for (a in S) print a, S [a]}'
FIN_WAIT_1 286
FIN_WAIT_2 960
SYN_SENT 3
LAST_ACK 32
CLOSING 1
CLOSED 36
SYN_RCVD 144
TIME_WAIT 2520
ESTABLISHED 352
Www.2cto.com
The return parameters are described as follows:
CLOSED: No connection is active or in progress
LISTEN: the server is waiting for incoming call
SYN_RECV: a connection request has arrived, waiting for confirmation
SYN_SENT: The application has started. Open a connection.
ESTABLISHED: normal data transmission status
FIN_WAIT1: The application says it has been completed
FIN_WAIT2: the other side has agreed to release
TIME_WAIT: wait until all groups die
CLOSING: both sides attempt to close at the same time
TIME_WAIT: the other side has initialized a release.
LAST_ACK: waiting for all groups to die TCP transition diagram: pache server's excessive fin_wait1 time_wait Problem Solving
1. Too many fin_wait1 statuses. The fin_wait1 status is the status when the server actively requests to close the tcp connection and actively sends the fin, waiting for the client to reply to ack. There are many causes for fin_wait1, which need to be analyzed based on the netstat status.
Netstat-nat | awk '{print awk $ NF}' | sort | uniq-c | the command above sort-n can help analyze which tcp status quantity is abnormal. netstat-nat | grep": 80 "| awk '{print $5}' | awk-F: '{print $1}' | sort | uniq-c | sort-n can help you sort the client ip of the Request 80 service by the number of connections. 2. Too many time_wait statuses. Generally, www.2cto.com has a high load on the apache server. The w command shows that the load average may be hundreds, but the web Service is basically normal. At the same time, ssh can be logged on, but the response is very slow. Cause: the most likely cause is that keepalive is not enabled in httpd. conf, so a new tcp connection is required for each request. After the request is completed, it will be closed, adding a lot of time_wait statuses. In addition, keepalive may increase some memory overhead, but it is not a problem. Analysis: If the fin_wait1 status is large and the client ip address distribution is normal, it may be caused by ddos attacks by bots or recent program changes. Generally, the latter is more likely. You should contact the programmer to solve the problem. However, if an ip address has a large number of connections, it is worth noting that you can use iptables to directly block it.
You can use netstat-nat | grep ": 80" | awk '{print $5}' | awk-F: '{print $1}' | sort | uniq-c | sort-n shows the number of connections to the current IP address. Too many. In addition, share a Real-Time View of the apache concurrency: watch-n 1-d "pgrep httpd | wc-l", you can adjust the statements in the colon ~