Shulou(Shulou.com)06/01 Report--

The main content of this article is to explain "what are the common troubleshooting commands on the server of the Linux system?" interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Next let the editor to take you to learn "what are the common troubleshooting commands on the server of the Linux system?"

System connection status section:

1. View TCP connection status

The code is as follows:

Netstat-nat | awk'{print $6}'| sort | uniq-c | sort-rn

Netstat-n | awk'/ ^ tcp/ {+ + S [$NF]}; END {for (an in S) print a, S [a]}'or

Netstat-n | awk'/ ^ tcp/ {+ + state [$NF]}; END {for (key in state) print key, "t", state [key]}'

Netstat-n | awk'/ ^ tcp/ {+ + arr [$NF]}; END {for (k in arr) print k, "t", arr [k]}'

Netstat-n | awk'/ ^ tcp/ {print $NF}'| sort | uniq-c | sort-rn

Netstat-ant | awk'{print $NF}'| grep-v'[a murz]'| sort | uniq-c

two。 Find the number of requests, please 20 IP (often used to find the source of attack):

The code is as follows:

Netstat-anlp | grep 80 | grep tcp | awk'{print $5}'| awk-F:'{print $1}'| sort | uniq-c | sort-nr | head-N20

Netstat-ant | awk'/: 80 / {split ($5 ip IP, ":"); + A [ip [1]]} END {for (i in A) print A [I], I}'| sort-rn | head-N20

3. Use tcpdump to sniff the access to port 80 to see who is the highest.

The code is as follows:

Tcpdump-I eth0-tnn dst port 80-c 1000 | awk-F "."'{print $1 "." $2 "." $3 "." $4}'| sort | uniq-c | sort-nr | head-20

4. Find more time_wait connections

The code is as follows:

Netstat-n | grep TIME_WAIT | awk'{print $5}'| sort | uniq-c | sort-rn | head-N20

5. Look for more SYN connections

The code is as follows:

Netstat-an | grep SYN | awk'{print $5}'| awk-F:'{print $1}'| sort | uniq-c | sort-nr | more

6. According to the port column process

The code is as follows:

Netstat-ntlp | grep 80 | awk'{print $7}'| cut-d /-F1

Website Log Analysis Section 1 (Apache):

1. Get the ip address that accesses the top 10 bits

The code is as follows:

Cat access.log | awk'{print $1}'| sort | uniq-c | sort-nr | head-10

Cat access.log | awk'{counts [$(11)] + = 1}; END {for (url in counts) print counts [url], url}'

two。 The most visited file or page, take the top 20

The code is as follows:

Cat access.log | awk'{print $11}'| sort | uniq-c | sort-nr | head-20

3. List the largest exe files transferred (commonly used when analyzing download stations)

The code is as follows:

Cat access.log | awk'($7~/.exe/) {print $10 "$1" $4 "$7}'| sort-nr | head-20

4. List the exe files whose output is larger than 200000byte (about 200kb) and the number of occurrences of the corresponding files

The code is as follows:

Cat access.log | awk'($10 > 200000 & & $7~/.exe/) {print $7}'| sort-n | uniq-c | sort-nr | head-100

5. If the last column of the log records the page file transfer time, there are pages listed to the client that are the most time-consuming

The code is as follows:

Cat access.log | awk'($7~/.php/) {print $NF "" $1 "" $4 "" $7}'| sort-nr | head-100

6. List the most time-consuming pages (more than 60 seconds) and the number of page occurrences

The code is as follows:

Cat access.log | awk'($NF > 60 & & $7~/.php/) {print $7}'| sort-n | uniq-c | sort-nr | head-100

7. List files that have been transferred for more than 30 seconds

The code is as follows:

Cat access.log | awk'($NF > 30) {print $7}'| sort-n | uniq-c | sort-nr | head-20

8. Statistics of website traffic (G)

The code is as follows:

Cat access.log | awk'{sum+=$10} END {print sum/1024/1024/1024}'

9. Count the connections of 404

The code is as follows:

Awk'($9 ~ / 404 /) 'access.log | awk' {print $9 charge 7}'| sort

10. Statistical http status

The code is as follows:

Cat access.log | awk'{counts [$(9)] + = 1}; END {for (code in counts) print code, counts [code]}'

Cat access.log | awk'{print $9}'| sort | uniq-c | sort-rn

10. Spider analysis to see which spiders are grabbing content.

The code is as follows:

/ usr/sbin/tcpdump-I eth0-l-s 0-w-dst port 80 | strings | grep-I user-agent | grep-I-E 'bot | crawler | slurp | spider'

Daily website analysis 2 (Squid) statistics of traffic by domain

The code is as follows:

Zcat squid_access.log.tar.gz | awk'{print $10 st%dn 7}'| awk 'BEGIN {FS= "[/]"} {trfc [$4] + = $1} END {for (domain in trfc) {printf "% st%dn", domain,trfc [domain]}}'

Database section

View the sql executed by the database

The code is as follows:

/ usr/sbin/tcpdump-I eth0-s 0-l-w-dst port 3306 | strings | egrep-I 'SELECT | UPDATE | DELETE | INSERT | SET | COMMIT | ROLLBACK | CREATE | DROP | ALTER | CALL'

System Debug analysis

1. Debug command

The code is as follows:

Strace-p pid

two。 Track the PID of the specified process

The code is as follows:

Gdb-p pid

At this point, I believe you have a deeper understanding of "what are the common commands for solving failures on the server of the Linux system?" you might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.