Uncategorized | 佳音的博客

2010/02/25

网站排障分析常用的命令

Filed under: Uncategorized — 佳音 @ 4:23 下午

http://docs.linuxtone.org/webapp/webscan.txt

好久没有发贴了，
整理一些常用分析网站的小命令方便大家排障，内容均来源于网络。
如果你是初学者关于AWK应用技巧请参照论坛的脚本编程版块，
如果你是老手，什么好的命令集或者必杀技欢迎跟贴，丰富此贴！

系统连接状态篇：
1.查看TCP连接状态
netstat -nat |awk ‘{print $6}’|sort|uniq -c|sort -rn

netstat -n | awk ‘/^tcp/ {++S[$NF]};END {for(a in S) print a, S[a]}’ 或
netstat -n | awk ‘/^tcp/ {++state[$NF]}; END {for(key in state) print key,”\t”,state[key]}’
netstat -n | awk ‘/^tcp/ {++arr[$NF]};END {for(k in arr) print k,”\t”,arr[k]}’

netstat -n |awk ‘/^tcp/ {print $NF}’|sort|uniq -c|sort -rn

netstat -ant | awk ‘{print $NF}’ | grep -v ‘[a-z]‘ | sort | uniq -c

2.查找请求数请20个IP（常用于查找攻来源）：
netstat -anlp|grep 80|grep tcp|awk ‘{print $5}’|awk -F: ‘{print $1}’|sort|uniq -c|sort -nr|head -n20

netstat -ant |awk ‘/:80/{split($5,ip,”:”);++A[ip[1]]}END{for(i in A) print A[i],i}’ |sort -rn|head -n20

3.用tcpdump嗅探80端口的访问看看谁最高
tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F”.” ‘{print $1″.”$2″.”$3″.”$4}’ | sort | uniq -c | sort -nr |head -20

4.查找较多time_wait连接
netstat -n|grep TIME_WAIT|awk ‘{print $5}’|sort|uniq -c|sort -rn|head -n20

5.找查较多的SYN连接
netstat -an | grep SYN | awk ‘{print $5}’ | awk -F: ‘{print $1}’ | sort | uniq -c | sort -nr | more

6.根据端口列进程
netstat -ntlp | grep 80 | awk ‘{print $7}’ | cut -d/ -f1

网站日志分析篇1（Apache）：

1.获得访问前10位的ip地址
cat access.log|awk ‘{print $1}’|sort|uniq -c|sort -nr|head -10
cat access.log|awk ‘{counts[$(11)]+=1}; END {for(url in counts) print counts[url], url}’

2.访问次数最多的文件或页面,取前20
cat access.log|awk ‘{print $11}’|sort|uniq -c|sort -nr|head -20

3.列出传输最大的几个exe文件（分析下载站的时候常用）
cat access.log |awk ‘($7~/\.exe/){print $10 ” ” $1 ” ” $4 ” ” $7}’|sort -nr|head -20

4.列出输出大于200000byte(约200kb)的exe文件以及对应文件发生次数
cat access.log |awk ‘($10 > 200000 && $7~/\.exe/){print $7}’|sort -n|uniq -c|sort -nr|head -100

5.如果日志最后一列记录的是页面文件传输时间，则有列出到客户端最耗时的页面
cat access.log |awk ‘($7~/\.php/){print $NF ” ” $1 ” ” $4 ” ” $7}’|sort -nr|head -100

6.列出最最耗时的页面(超过60秒的)的以及对应页面发生次数
cat access.log |awk ‘($NF > 60 && $7~/\.php/){print $7}’|sort -n|uniq -c|sort -nr|head -100

7.列出传输时间超过 30 秒的文件
cat access.log |awk ‘($NF > 30){print $7}’|sort -n|uniq -c|sort -nr|head -20

8.统计网站流量（G)
cat access.log |awk ‘{sum+=$10} END {print sum/1024/1024/1024}’

9.统计404的连接
awk ‘($9 ~/404/)’ access.log | awk ‘{print $9,$7}’ | sort

10. 统计http status.
cat access.log |awk ‘{counts[$(9)]+=1}; END {for(code in counts) print code, counts[code]}'
cat access.log |awk '{print $9}'|sort|uniq -c|sort -rn

网站日分析2(Squid篇）

2.按域统计流量
zcat squid_access.log.tar.gz| awk '{print $10,$7}' |awk 'BEGIN{FS="[ /]"}{trfc[$4]+=$1}END{for(domain in trfc){printf "%s\t%d\n",domain,trfc[domain]}}'

效率更高的perl版本请到此下载:http://docs.linuxtone.org/soft/tools/tr.pl

系统Debug分析篇

1.调试命令
strace -p pid

2.跟踪指定进程的PID
gdb -p pid

更多的请参考：

http://bbs.linuxtone.org/forum-14-1.html

Comments (0)

2010/02/24

fuse-hdfs 简单测试

Filed under: Uncategorized — 佳音 @ 12:01 下午

这东西实验性还是很强在编译过程中出现很多错误，

最后一次忽略所有错误继续编译才编译过去，

读

time dd if=/mnt/hdfs/user/root/with_country.tsv/part-00071 of=/tmp/a.txt bs=8k count=30000

3603+1 records in

3603+1 records out

29519802 bytes (30 MB) copied, 2.98445 s, 9.9 MB/s

real 0m3.015s

user 0m0.008s

sys 0m0.104s

写

sudo time dd if=/dev/zero of=/mnt/hdfs/test.txt bs=8k count=3000

3000+0 records in

3000+0 records out

24576000 bytes (25 MB) copied, 2.98638 s, 8.2 MB/s

0.00user 0.08system 0:03.01elapsed 2%CPU (0avgtext+0avgdata 0maxresident)k

0inputs+0outputs (0major+261minor)pagefaults 0swaps

~$ sudo time dd if=/dev/zero of=/mnt/hdfs/test.txt bs=8k count=30000

30000+0 records in

30000+0 records out

245760000 bytes (246 MB) copied, 30.1176 s, 8.2 MB/s

0.03user 0.78system 0:30.19elapsed 2%CPU (0avgtext+0avgdata 0maxresident)k

0inputs+0outputs (0major+259minor)pagefaults 0swaps

Comments (0)

2010/01/24

Twitter 更新 for 2010-01-24

Filed under: Uncategorized — 标签：twtteen — 佳音 @ 4:20 下午

RT @fomou : RT: @dupola: 网易网友评论《CN域名数量剧减中国拟恢复个人注册》：你叫我滚，我滚了，你叫我回来，对不起，已经滚远了。牛 #
RT @xdanger : RT @DashHuang: 5毛招聘启示 http://is.gd/6zmRh 经典 #

Comments (0)

2010/01/19

herding frosh 算法

Filed under: Uncategorized — 佳音 @ 7:33 上午

package programming.challenges;
import java.util.Arrays;
/**
* Created by IntelliJ IDEA.
* User: zhangjiayin
* Date: Jan 13, 2010
* Time: 7:15:50 PM
* To change this template use File | Settings | File Templates.
*/
public class HerdingTrees {
private Tree origin = new Tree(0, 0);
/**
* get min value of a and b
* @param a
* @param b
* @return
*/
private static double min(double a, double b) {
return a > b ? b : a;
}
/**
* “vector o p1″ cross “vector o p2″
* @param o
* @param p1
* @param p2
* @return
*/
private static double cross(Tree o , Tree p1, Tree p2) {
return (p1.x – o.x) * (p2.y – o.y) – (p1.y – o.y) * (p2.x – o.x);
}
/**
* ”vector p1″ cross “vector p2″
* @param p1
* @param p2
* @return
*/
private static double cross(Tree p1, Tree p2) {
return p1.x * p2.y – p1.y * p2.x;
}
/**
* distance of two tree p2 and p1
* @param p1
* @param p2
* @return
*/
private static double getDistance(Tree p1, Tree p2) {
return Math.sqrt(Math.pow(p1.x – p2.x, 2) + Math.pow(p1.y – p2.y, 2));
}
/**
* sort by angle in polar coordinate system
* if the angle is the same, then sort by their length
* @param p1
* @param p2
* @return
*/
public static boolean sortByAngle(Tree p1, Tree p2) {
if (p1.y == 0 && p2.y == 0 && p1.x * p2.x <= 0) return p1.x > p2.x;
if (p1.y == 0 && p1.x >= 0 && p2.y != 0) return true;
if (p2.y == 0 && p2.x >= 0 && p1.y != 0) return false;
if (p1.y * p2.y < 0) return p1.y > p2.y;
double c = cross(p1, p2);
return c > 0 || c == 0 && Math.abs(p1.x) < Math.abs(p2.x);
}
/**
* determine if o -> p1 -> p2 are convex (refer to the origin)
* @param o
* @param p1
* @param p2
* @return
*/
private boolean convex(Tree o, Tree p1,Tree p2) {
double c = cross(o, p1, p2);
return c > 0 || c == 0 && ((p1.x – o.x) * (p2.x – p1.x) + (p1.y – o.y) * (p2.y – p1.y)) < 0;
}
/**
* instance of this algorithm
* @param trees
* @return
*/
public double goaround(Tree[] trees) {
int[] hulls = new int[1000];
int i, j, k;
int treesCount = trees.length;
// the special case
if (treesCount == 0) {
return 2.0;
}
// sort all trees by their angle in polar coordinate system
Arrays.sort(trees);
double ans = 1e9;
// start from each possible tree
for (i=0; i<treesCount; ++i) {
// get a proper hull by the graham’s scan
k = 0;
for (j=0; j< treesCount; ++j) {
int p = (i+j) % treesCount;
while (k >= 2 && !convex(trees[hulls[k-2]], trees[hulls[k-1]], trees[p])) k–;
hulls[k++] = p;
}
// calculate the distance of the hull
double length = getDistance(trees[i], origin) + getDistance(trees[(i-1+treesCount)%treesCount], origin);
for (j=0; j<k-1; ++j)
length += getDistance(trees[hulls[j]], trees[hulls[j+1]]);
// record the minimal distance
ans = min(ans, length);
}
// print solution, don’t forget to plus 2
return 2.0 + ans;
}
public static void main(String[] argv) {
Tree [] trees = {new Tree(1,1),new Tree(-1,1), new Tree(-1, -1), new Tree(1,-1)};
double a = new HerdingTrees().goaround(trees);
System.out.println(a);
Tree [] trees2 = {new Tree(1,1),new Tree(-1,1), new Tree(-1, -1), new Tree(1,-1), new Tree(1,-20)};
double b = new HerdingTrees().goaround(trees2);
System.out.println(b);
}
}
class Tree implements Comparable<Tree> {
public double x = 0;
public double y = 0;
public Tree(int x, int y) {
this.x = x;
this.y = y;
}
public int compareTo(Tree p) {
return HerdingTrees.sortByAngle(this, p) ? 0 : 1;
}
}
package programming.challenges;
import java.util.Arrays;
/** * Created by IntelliJ IDEA. * User: zhangjiayin * Date: Jan 13, 2010 * Time: 7:15:50 PM * To change this template use File | Settings | File Templates. */public class HerdingTrees {
private Tree origin = new Tree(0, 0); /** * get min value of a and b * @param a * @param b * @return */ private static double min(double a, double b) { return a > b ? b : a; }
/** * “vector o p1″ cross “vector o p2″ * @param o * @param p1 * @param p2 * @return */ private static double cross(Tree o , Tree p1, Tree p2) { return (p1.x – o.x) * (p2.y – o.y) – (p1.y – o.y) * (p2.x – o.x); }
/** * ”vector p1″ cross “vector p2″ * @param p1 * @param p2 * @return */ private static double cross(Tree p1, Tree p2) { return p1.x * p2.y – p1.y * p2.x; }
/** * distance of two tree p2 and p1 * @param p1 * @param p2 * @return */ private static double getDistance(Tree p1, Tree p2) { return Math.sqrt(Math.pow(p1.x – p2.x, 2) + Math.pow(p1.y – p2.y, 2)); }
/** * sort by angle in polar coordinate system * if the angle is the same, then sort by their length * @param p1 * @param p2 * @return */ public static boolean sortByAngle(Tree p1, Tree p2) {
if (p1.y == 0 && p2.y == 0 && p1.x * p2.x <= 0) return p1.x > p2.x;
if (p1.y == 0 && p1.x >= 0 && p2.y != 0) return true;
if (p2.y == 0 && p2.x >= 0 && p1.y != 0) return false;
if (p1.y * p2.y < 0) return p1.y > p2.y;
double c = cross(p1, p2);
return c > 0 || c == 0 && Math.abs(p1.x) < Math.abs(p2.x); }
/** * determine if o -> p1 -> p2 are convex (refer to the origin) * @param o * @param p1 * @param p2 * @return */ private boolean convex(Tree o, Tree p1,Tree p2) { double c = cross(o, p1, p2); return c > 0 || c == 0 && ((p1.x – o.x) * (p2.x – p1.x) + (p1.y – o.y) * (p2.y – p1.y)) < 0; }
/** * instance of this algorithm * @param trees * @return */ public double goaround(Tree[] trees) {
int[] hulls = new int[1000];
int i, j, k;
int treesCount = trees.length;
// the special case if (treesCount == 0) { return 2.0; }
// sort all trees by their angle in polar coordinate system Arrays.sort(trees);
double ans = 1e9;
// start from each possible tree for (i=0; i<treesCount; ++i) {
// get a proper hull by the graham’s scan k = 0; for (j=0; j< treesCount; ++j) { int p = (i+j) % treesCount; while (k >= 2 && !convex(trees[hulls[k-2]], trees[hulls[k-1]], trees[p])) k–; hulls[k++] = p; }
// calculate the distance of the hull double length = getDistance(trees[i], origin) + getDistance(trees[(i-1+treesCount)%treesCount], origin); for (j=0; j<k-1; ++j) length += getDistance(trees[hulls[j]], trees[hulls[j+1]]);
// record the minimal distance ans = min(ans, length);
}
// print solution, don’t forget to plus 2
return 2.0 + ans; }
public static void main(String[] argv) { Tree [] trees = {new Tree(1,1),new Tree(-1,1), new Tree(-1, -1), new Tree(1,-1)}; double a = new HerdingTrees().goaround(trees); System.out.println(a);
Tree [] trees2 = {new Tree(1,1),new Tree(-1,1), new Tree(-1, -1), new Tree(1,-1), new Tree(1,-20)}; double b = new HerdingTrees().goaround(trees2); System.out.println(b);
}}
class Tree implements Comparable<Tree> { public double x = 0;
public double y = 0;
public Tree(int x, int y) { this.x = x; this.y = y; }
public int compareTo(Tree p) { return HerdingTrees.sortByAngle(this, p) ? 0 : 1;
}
}

Comments (0)

2010/01/18

ubuntu server 安装 pptpd （vpn服务器）

Filed under: Uncategorized — 佳音 @ 3:17 下午

看了这位仁兄的配置自己也配置了一下
http://blog.cuoluo.cn/2009/12/install-pptp-vpn-in-linode-vps/

1, 安装pptpd

apt-get install pptpd

2. 编辑 /etc/pptpd.conf文件

添加（或去掉注释，原来文件内容这两行被注释掉了）
localip 192.168.0.1
remoteip 192.168.0.234-238,192.168.0.245

3修改/etc/ppp/chap-secrets 添加用户

格式这个文件里面有基本上是

用户名 pptpd 密码 ip(可用 *)

4手动配置登陆后的dns 编辑文件/etc/ppp/options 添加

ms-dns 8.8.8.8
ms-dns 8.8.4.4

5 开启ipv4 forward

修改 etc/sysctl.conf, 添加
net.ipv4.ip_forward = 1

运行下面的命令让配置生效。
sysctl -p
重启pptpd服务
/etc/init.d/pptpd restart
开启iptables转发
/sbin/iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

Comments (0)

2010/01/16

wordpress的导入功能-07-09年的blog

Filed under: Uncategorized — 标签：忆往昔 — 佳音 @ 3:21 上午

wordpress支持 rss 导入这个令人很欣慰，不过把百度blog的rss导出来之后发现都是残废的文章，囧，以前的文章就留在baidu吧
http://hi.baidu.com/_1_1_1_1/blog ，也懒得弄

Comments (0)

和毛爷爷的合影

Filed under: Uncategorized — 佳音 @ 3:08 上午

Comments (0)

linode 的主机不错

Filed under: Uncategorized — 佳音 @ 12:32 上午

linode 的主机不错

Comments (0)

2009/02/25

netstat 命令指南

Filed under: Uncategorized — 佳音 @ 4:01 下午

http://www.cyberciti.biz/tips/netstat-command-tutorial-examples.html

netstat command and shell pipe feature can be used to dig out more information about particular IP address connection. You can find out total established connections, closing connection, SYN and FIN bits and much more. You can also display summary statistics for each protocol using netstat.

This is useful to find out if your server is under attack or not. You can also list abusive IP address using this method.
# netstat -nat | awk '{print $6}' | sort | uniq -c | sort -n
Output:

1 CLOSE_WAIT      1 established)      1 Foreign      3 FIN_WAIT1      3 LAST_ACK     13 ESTABLISHED     17 LISTEN    154 FIN_WAIT2    327 TIME_WAIT

Dig out more information about a specific ip address:
# netstat -nat |grep {IP-address} | awk '{print $6}' | sort | uniq -c | sort -n

2 LAST_ACK      2 LISTEN      4 FIN_WAIT1     14 ESTABLISHED     91 TIME_WAIT    130 FIN_WAIT2

Busy server can give out more information:
# netstat -nat |grep 202.54.1.10 | awk '{print $6}' | sort | uniq -c | sort -n
Output:

15 CLOSE_WAIT  37 LAST_ACK  64 FIN_WAIT_1  65 FIN_WAIT_21251 TIME_WAIT3597 SYN_SENT5124 ESTABLISHED

Get List Of All Unique IP Address

To print list of all unique IP address connected to server, enter:
# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq
To print total of all unique IP address, enter:
# netstat -nat | awk '{ print $5}' | cut -d: -f1 | sed -e '/^$/d' | uniq | wc -l
Output:

Find Out If Box is Under DoS Attack or Not

If you think your Linux box is under attack, print out a list of open connections on your box and sorts them by according to IP address, enter:
# netstat -atun | awk '{print $5}' | cut -d: -f1 | sed -e '/^$/d' |sort | uniq -c | sort -n
Output:

1 10.0.77.52      2 10.1.11.3      4 12.109.42.21      6 12.191.136.3............    13 202.155.209.202     18 208.67.222.222     28 0.0.0.0 

    233 127.0.0.1

You can simply block all abusive IPs using iptables or just null route them.

etc.

转略..

]]>

Comments (0)