Created
March 9, 2018 18:25
-
-
Save rjamestaylor/fc874f88351d4071e6fd35d2d6cb76c7 to your computer and use it in GitHub Desktop.
Summarize access_logs on an unfamiliar server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| TOPFILES=100;TOPIPS=100;DATE=`date +%d.%b.%Y:%H`;for i in `lsof -p $(netstat \ | |
| -ltpn|awk '$4 ~ /:80$/ {print substr($7,1,index($7,"/")-1)}')| awk '$9 ~ \ | |
| /access.log$/ {print $9| "sort -u"}'` ; do echo "-------"$i"------"$DATE; awk \ | |
| '$4 ~ /^.'$DATE'/ {day=substr($4,2,2);hour=substr($4,14,2);sixth= \ | |
| substr($4,17,1); hit[day"\t"hour"."sixth"0 - "hour"."sixth"9"]++;ip[$1]++; \ | |
| bytes[day"\t"hour"."sixth"0 - "hour"."sixth"9"]+=$10; flds=split($7, req, \ | |
| /\//);toss=split(req[flds],fn,/\?/);files[fn[1]]++ } END { for (i in hit) { \ | |
| print hit[i]"\t"i"\t"sprintf("%2.2d",bytes[i]/1024)"K"|"sort -k 3,3n"}; print \ | |
| "";for (i in ip) { if(ip[i] > '$TOPIPS') { print ip[i]"\t"i|"sort -n;echo \ | |
| \"\""}}; for (i in files) { if(files[i] > '$TOPFILES') {print files[i], i| \ | |
| "sort -k 1,1n;echo \"\""}} }' $i;done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Wrote this when I was a Linux support engineer at Rackspace Managed Hosting to help answer the urgent question: "why is my web site not responding?!" or "what is using all the bandwidth on my massive vhost server?!" and I didn't know if the customer was running apache or lighttd or what... Just copy & drop on the command line as root / via sudo.