Common Commands for Website Fault Analysis of Linux Web Server

Linux Web server website fault analysis, the specific content is as follows

System connection status article:

1.View TCP connection status

f -nat |awk '{print $6'|sort|uniq -c|sort -rn
f -n | awk '"/^tcp/ {++S[$NF]};END {for(a in S) print a, S[a]}' or
f -n | awk '"/^tcp/ {++state[$NF]}; END {for(key in state) print key,"\t",state[key]"
f -n | awk '"/^tcp/ {++arr[$NF]};END {for(k in arr) print k,"t",arr[k]"
f -n |awk '"/^tcp/ {print $NF}'|sort|uniq -c|sort -rn
f -ant | awk '{print $NF}' | grep -v '[a-z]' | sort | uniq -c

2.Find the number of requests20 IP (often used to find the attack source):

f -anlp|grep 80|grep tcp|awk '{print $5}"|awk -netstat1'|sort|uniq -c|sort -sum -}' | sort | uniq20
f -ant |awk '"/:80/{split($5,ip,":"];++A[ip[1]}END{for(i in A) print A[i],i}' | sort -F: '{print $ -}' | sort | uniq20

3.Use tcpdump to sniff80 port access to see who is the highest

tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4ntlp | grep -0 | awk '{print $ -nr | head -20

4an | grep SYN | awk '{print $

f -}' | awk5'|sort|uniq -c|sort -F: '{print $ -}' | sort | uniq20

5c | sort

f -nr | more5. 根据端口列进程 -netstat1ntlp | grep -0 | awk '{print $ -}' | cut

f -网站日志分析篇 8（Apache）：7. 获得访问前 -.位的ip地址/ -counts[$1];1

cat access.log|awk '{1}; END {for(url in counts) print counts[url], url}

1. 访问次数最多的文件或页面,取前10cat access.log|awk '{print $

00kb)的exe文件以及对应文件发生次数1'|sort|uniq -c|sort -sum -10
. 列出传输最大的几个exe文件（分析下载站的时候常用）11);+=1. 列出输出大于

200000byte(约20

00kb)的exe文件以及对应文件发生次数11'|sort|uniq -c|sort -sum -20

0秒的)的以及对应页面发生次数7';/" " $/cat access.log |awk '($NF >10 .php1 .php4 .php7) -sum -20

400000 && $2.exe2. 如果日志最后一列记录的是页面文件传输时间，则有列出到客户端最耗时的页面

0秒的)的以及对应页面发生次数10 cat access.log |awk '($ 2) {print $NF " " $7';/" " $/cat access.log |awk '($NF >7) -. 统计网站流量（G -c|sort -sum -100

5. 列出最最耗时的页面(超过

0秒的)的以及对应页面发生次数7';/0 秒的文件/0 && $1 .php4 .php7) -sum -100

6){print $6)

n | uniq 6. 列出传输时间超过7';/0 秒的文件/cat access.log |awk '($NF >7) -. 统计网站流量（G -c|sort -sum -100

70){print $ 3}'|sort

n | uniq 3) | head7) -. 统计网站流量（G -c|sort -sum -20

8cat access.log |awk '{

}; END {print sum+=$10/1024/1024/1024}'

9. 统计404($1

awk '{9 ';/404/}' | sort9$7. 统计http status

10counts[$1];

cat access.log |awk '{9);+=1}; END {for(code in counts) print code, counts[code]';
cat access.log |awk '{print $1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20, $21, $22, $23, $24, $25, $26, $27, $28, $29, $30, $31, $32, $33, $34, $35, $36, $37, $38, $39, $40, $41, $42, $43, $44, $45, $46, $47, $48, $49, $50, $51, $52, $53, $54, $55, $56, $57, $58, $59, $60, $61, $62, $63, $64, $65}9'|sort|uniq -c|sort -rn

11.Spider Analysis, check which spiders are scraping content.

(Squid Section) Traffic Statistics by Domain2zcat squid_access.log.tar.gz| awk '{print $

,10$7}' |awk 'BEGIN{FS="[ /]"}{trfc[$4]+=$1}END{for(domain in trfc){printf "%st%dn",domain,trfc[domain]}}'

Database Chapter

1.View the SQL executed by the database

System Debug Analysis

1.Debugging command

strace -p pid

2.Trace the specified process PID

gdb -p pid

That's all for this article. I hope it will be helpful to everyone's learning and that everyone will support the Shouting Tutorial more.

Declaration: The content of this article is from the Internet, and the copyright belongs to the original author. The content is contributed and uploaded by Internet users spontaneously. This website does not own the copyright, has not been manually edited, and does not assume any relevant legal liability. If you find any content suspected of copyright infringement, please send an email to: notice#w3Please send an email to codebox.com (replace # with @ when sending email) to report violations, and provide relevant evidence. Once verified, this site will immediately delete the infringing content.

Basic Tutorial