From 0ff2555e314b8d2714028a978c78574ae3fcdc66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= Date: Tue, 12 Jun 2018 00:31:27 +0300 Subject: [PATCH] =?UTF-8?q?Korrastatud=20Apache2=20n=C3=A4ited?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apache2.md | 106 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 106 insertions(+) create mode 100644 apache2.md diff --git a/apache2.md b/apache2.md new file mode 100644 index 0000000..354651e --- /dev/null +++ b/apache2.md @@ -0,0 +1,106 @@ +#Apache2 logide parsimine + +Laadi alla mõned näidised ja paki need lahti: + +```bash +wget https://media.k-space.ee/apache2.tar +ionice nice tar xvf apache2.tar # Lahti pakkimine madala CPU ja IO prioriteediga +cd apache2 +``` + +Leiame esimesed kümme GET päringut apache logifailist: + +```bash +cat access.log | grep GET | head -n3 +``` + +Esimene tulp kus on tavaliselt IP aadressid, kus tulbad tühikutega eraldatud: + +```bash +cat access.log | grep GET | cut -d " " -f 1 | head +cat access.log | grep GET | awk '{ print $1 }' | head +``` + +Natuke keerukam näide awk abil, kus GET sõnet otsitakse konkreetsest tulbast mis on kahekordsete ülakomadega eraldatud: + +```bash +cat access.log | awk -F\" '{ if ($2 ~ "^GET ") print $1 }' | awk '{ print $1 }' | head +``` + +Teisest tulbast kuni lõpuni välja: + +```bash +cat access.log | grep GET | cut -d " " -f 2- | head +``` + +Sorteeri IP aadressid mis esinesid logifailides: + +```bash +cat access.log | grep GET | cut -d " " -f 1 | sort +``` + +Loenda kokku ühesuguste IP-dega read: + +```bash +cat access.log | grep GET | cut -d " " -f 1 | sort | uniq -c +``` + +Top 10 IP aadressid kust HTTP päringud tulid: + +```bash +cat access.log | grep GET | cut -d " " -f 1 | sort | uniq -c | sort -n -r | head +``` + +Top 10 IP aadressid kahest kokku pakitud failist: + +```bash +zcat access.log.1.gz access.log.2.gz \ + | grep GET \ + | cut -d " " -f 1 \ + | sort \ + | uniq -c \ + | sort -n -r \ + | head +``` + +Mitmest (pakitud) logifailist lugemine, asjakohaste ridade välja filtreerimine, esimese tulba välja lõikamine, sorteerimine deduplitseerimiseks, ridade loendamine, vastete arvu järgi sorteerimine ning lõpuks top 10 kuvamine: + +```bash +(cat access.log; zcat access.log.1.gz access.log.2.gz) \ + | grep GET \ + | cut -d " " -f 1 \ + | sort \ + | uniq -c \ + | sort -n -r \ + | head +``` + +Enim külastatud URL veebiserveris: + +```bash +cat access.log \ + | awk -F \" '{ print $2}' \ + | cut -d ' ' -f 2- \ + | sort \ + | uniq -c \ + | sort -n -r \ + | head +``` + +Kõige enam sisu postitanud veebilehitsejad: + +```bash +cat access.log \ + | awk -F \" '{ if ($2 ~ "^POST ") print $6}' \ + | sort \ + | uniq -c \ + | sort -n -r \ + | head +``` + +Veateate 5xx põhjustanud päringute leidmine: + +```bash +(cat access.log; zcat access.log*.gz) \ + | awk -F \" '{ if ($3 ~ "^ 5[0-9][0-9] ") print $0}' +``` \ No newline at end of file