11月 022016
 

通过日志确认每小时访问量
# cat www.abc.com_access.log-20161102 |grep 02/Nov/2016:03 |wc -l
155
# cat www.abc.com_access.log-20161102 |grep 02/Nov/2016:02 |wc -l
6017
# cat www.abc.com_access.log-20161102 |grep 02/Nov/2016:01 |wc -l
11710
# cat www.abc.com_access.log-20161102 |grep 02/Nov/2016:00 |wc -l
12679
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:23 |wc -l
12970
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:22 |wc -l
12697
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:21 |wc -l
13540
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:20 |wc -l
12147
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:19 |wc -l
3358
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:18 |wc -l
3150
#
导出特定时间段日志记录
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:20 > t1.log
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:21 >> t1.log
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:22 >> t1.log
# cat www.abc.com_access.log-20161102 |grep 01/Nov/2016:23 >> t1.log
# cat www.abc.com_access.log-20161102 |grep 02/Nov/2016:00 >> t1.log
# cat www.abc.com_access.log-20161102 |grep 02/Nov/2016:01 >> t1.log
# cat www.abc.com_access.log-20161102 |grep 02/Nov/2016:02 >> t1.log
确认总请求数量
# cat t1.log |wc -l
81760
#

过滤IP并排序导出文件
# cat t1.log |awk ‘{print $1}’ | sort | uniq -c |sort -k1 -n -r > t2.txt

查看IP排序列表
# less t2.txt
67989 117.65.113.164

导出异常IP的所有请求

# cat t2.txt |grep 117.65.113.164 > t3.txt

使用iptables禁止IP访问
# iptables -I INPUT -s 117.65.113.164 -j DROP
电信入口,异常流量约7个小时(20时-2时),总请求量81760次

按IP排序,117.65.113.164(安徽省 蚌埠市 电信 )总请求量 67989次(约2.69次/秒)

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据