ubuntu下日志分析
ubuntu下日志分析
通过分析日志均匀程度,分析定位事件时间
cat syslog|grep "Dec 4"|awk '{print $3}'|egrep -o "^([[:digit:]]{2})"|uniq -c
cat auth.log|grep "Dec 1"|awk '{print $3}'|egrep -o "^([[:digit:]]{2})"|uniq -c
通过分析日志均匀程度,分析定位事件时间(exclude the ftp)
cat syslog|grep "Nov 29"| egrep -v ftp | awk '{print $3}'|egrep -o "^([[:digit:]]{2})"|uniq -c
auth.log日志ip分析
cat auth.log|grep "Dec 4"|egrep -o "([[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3})"|sort|uniq -c
查看ftp链接状态和链接数问题:
netstat -n |grep ":21 "| awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'
netstat -natup |grep "ftp"| awk '/^tcp/ {++S[$6]} END {for(a in S) print a, S[a]}'
netstat -natup |grep ":21 "| awk '/^tcp/ {++S[$6]} END {for(a in S) print a, S[a]}'
评论暂时关闭