统计shell命令

收到报警时,常用命令: 先看错误日志 nginx日志

最近一个小时(事故时间内),访问量最大的10个ip(攻击从哪里来)

cat m.com-access.log |grep '2018:14' | cut -d '“' -f 8 | cut -d ”,“ -f 1 | sort|uniq -c |sort -nr |head -n 10

改一下日志文件名、”2018:14"就行了。

最近一个小时(事故时间内),访问量最大的10个页面(攻击什么)

cat m.com-access.log | grep "2018:14” | cut -d ' ' -f 7 | cut -d '?' -f 1 | sort |uniq -c | awk '{if ($1 > 100) print $0}' | sort -nr | head -n 10

改一下日志文件名、”2018:14"就行了。

http://user.jindanlicai.com/mission/getTotalCompletedCount %E6%94%B6%E5%88%B0%E6%8A%A5%E8%AD%A6%E6%97%B6%EF%BC%8C%E5%B8%B8%E7%94%A8%E5%91%BD%E4%BB%A4%EF%BC%9A%0A%23%23%20%E5%85%88%E7%9C%8B%E9%94%99%E8%AF%AF%E6%97%A5%E5%BF%97%0A%0A%23%23%20nginx%E6%97%A5%E5%BF%97%0A%20%E6%9C%80%E8%BF%91%E4%B8%80%E4%B8%AA%E5%B0%8F%E6%97%B6%EF%BC%88%E4%BA%8B%E6%95%85%E6%97%B6%E9%97%B4%E5%86%85%EF%BC%89%EF%BC%8C%E8%AE%BF%E9%97%AE%E9%87%8F%E6%9C%80%E5%A4%A7%E7%9A%8410%E4%B8%AAip%EF%BC%88%E6%94%BB%E5%87%BB%E4%BB%8E%E5%93%AA%E9%87%8C%E6%9D%A5%EF%BC%89%0A%60%60cat%20m.com-access.log%20%7Cgrep%20'2018%3A14'%20%7C%20cut%20-d%20'%22'%20-f%208%20%7C%20cut%20-d%20%22%2C%22%20-f%201%20%7C%20sort%7Cuniq%20-c%20%7Csort%20-nr%20%7Chead%20-n%2010%0A%60%60%0A%E6%94%B9%E4%B8%80%E4%B8%8B%E6%97%A5%E5%BF%97%E6%96%87%E4%BB%B6%E5%90%8D%E3%80%81%E2%80%9D2018%3A14%22%E5%B0%B1%E8%A1%8C%E4%BA%86%E3%80%82%0A%0A%0A%20%E6%9C%80%E8%BF%91%E4%B8%80%E4%B8%AA%E5%B0%8F%E6%97%B6%EF%BC%88%E4%BA%8B%E6%95%85%E6%97%B6%E9%97%B4%E5%86%85%EF%BC%89%EF%BC%8C%E8%AE%BF%E9%97%AE%E9%87%8F%E6%9C%80%E5%A4%A7%E7%9A%8410%E4%B8%AA%E9%A1%B5%E9%9D%A2%EF%BC%88%E6%94%BB%E5%87%BB%E4%BB%80%E4%B9%88%EF%BC%89%0Acat%20m.com-access.log%20%7C%20grep%20%222018%3A14%22%20%7C%20cut%20-d%20'%20'%20-f%207%20%7C%20cut%20-d%20'%3F'%20-f%201%20%7C%20sort%20%7Cuniq%20-c%20%7C%20awk%20'%7Bif%20(%241%20%3E%20100)%20print%20%240%7D'%20%7C%20sort%20-nr%20%7C%20head%20-n%2010%60%60%0A%E6%94%B9%E4%B8%80%E4%B8%8B%E6%97%A5%E5%BF%97%E6%96%87%E4%BB%B6%E5%90%8D%E3%80%81%E2%80%9D2018%3A14%22%E5%B0%B1%E8%A1%8C%E4%BA%86%E3%80%82%0A%0Ahttp%3A%2F%2Fuser.jindanlicai.com%2Fmission%2FgetTotalCompletedCount