Apache tomcat 日志分析(Linux环境)

1,查看apache进程:

ps aux | grep httpd | grep -v grep | wc -l
2,查看80端口的tcp连接:

netstat -tan | grep "ESTABLISHED" | grep ":80" | wc -l

3,通过日志查看当天ip连接数，过滤重复:

cat access_log | grep "24/Jul/2007" | awk '{print $2}' | sort | uniq -c | sort -nr

4,当天ip连接数最高的ip都在干些什么(原来是蜘蛛):

cat access_log | grep "24/Jul/2007:00" | grep "61.135.166.230" | awk '{print $8}' | sort | uniq -c | sort -nr | head -n 10

5,当天访问页面排前10的url:

cat access_log | grep "24/Jul/2007:00" | awk '{print $8}' | sort | uniq -c | sort -nr | head -n 10

6,用tcpdump嗅探80端口的访问看看谁最高

tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr

接着从日志里查看该ip在干嘛:

cat access_log | grep 220.181.38.183| awk '{print $1"\t"$8}' | sort | uniq -c | sort -nr | less

7,查看某一时间段的ip连接数:

grep "2006:0[7-8]" www20060723.log | awk '{print $2}' | sort | uniq -c| sort -nr | wc -l

转载地址：http://www.blogjava.net/Alpha/archive/2010/03/31/317082.html