get_cpu_mem_info.bat
该脚本适用于windows系统。会每10秒记录一次当前所有进程消耗的CPU和内存使用量。可以用于找出占用资源异常的进程。 该脚本会将日志记录到脚本当前目录下的get_cpu_mem_info.log里。
@rem This batch script to collect cpu and memory usage info.
@rem version 1.0 time:2014-3-9
set log=get_cpu_mem_info.log
set timeout=10
:check
@rem "The CPUusage and Memusage"
wmic path Win32_PerfFormattedData_PerfProc_Process get Name,PercentUserTime,WorkingSet >>%log%
wmic os get localdatetime >>%log%
ping -n %timeout% 127.0.0.1>nul
goto check
get_cpu_mem_info.sh
该脚本适用于linux系统。会每10秒记录一次当前所有进程消耗的CPU和内存使用量以及。可以用于找出占用资源异常的进程。日志名称和位置:/tmp/get_cpu_mem_info.sh.log。
![服务器常用工具说明[转]](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9pbWdzLzQvOS8zLzUvMzgvOGY5MDBhODljNjM0N2M1NjFmZGYyMTIyZjEzYmU1NjIuanBl.jpe?w=700&webp=1 "服务器常用工具说明[转]")
![服务器常用工具说明[转]](https://image.shishitao.com:8440/aHR0cHM6Ly93d3cuaXRkYWFuLmNvbS9pbWdzLzMvMC80LzYvMTQvOTYxZGRlYmViMzIzYTEwZmUwNjIzYWY1MTQ5MjlmYzEuanBl.jpe?w=700&webp=1 "服务器常用工具说明[转]")
#!/bin/bash
#When the free memory very less ,this script to collect CPU/memory usage information and dmessage information.
#Version 1.0 time:2014-03-11
#Version 2.0 time:2014-12-23
#Version 3.0 time:2015-04-21
#Version 4.0 time:2015-05-07
logfile=/tmp/$0.log
check_os_release()
{
while true
do
os_release=$(grep "Red Hat Enterprise Linux Server release" /etc/issue 2>/dev/null)
os_release_2=$(grep "Red Hat Enterprise Linux Server release" /etc/redhat-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "release 5" >/dev/null 2>&1
then
os_release=redhat5
echo "$os_release"
elif echo "$os_release"|grep "release 6" >/dev/null 2>&1
then
os_release=redhat6
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null)
os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "release 5" >/dev/null 2>&1
then
os_release=aliyun5
echo "$os_release"
elif echo "$os_release"|grep "release 6" >/dev/null 2>&1
then
os_release=aliyun6
echo "$os_release"
elif echo "$os_release"|grep "release 7" >/dev/null 2>&1
then
os_release=aliyun7
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release_2=$(grep "CentOS" /etc/*release 2>/dev/null)
if [ "$os_release_2" ]
then
if echo "$os_release_2"|grep "release 5" >/dev/null 2>&1
then
os_release=centos5
echo "$os_release"
elif echo "$os_release_2"|grep "release 6" >/dev/null 2>&1
then
os_release=centos6
echo "$os_release"
elif echo "$os_release_2"|grep "release 7" >/dev/null 2>&1
then
os_release=centos7
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep -i "ubuntu" /etc/issue 2>/dev/null)
os_release_2=$(grep -i "ubuntu" /etc/lsb-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "Ubuntu 10" >/dev/null 2>&1
then
os_release=ubuntu10
echo "$os_release"
elif echo "$os_release"|grep "Ubuntu 12.04" >/dev/null 2>&1
then
os_release=ubuntu1204
echo "$os_release"
elif echo "$os_release"|grep "Ubuntu 12.10" >/dev/null 2>&1
then
os_release=ubuntu1210
echo "$os_release"
elif echo "$os_release"|grep "Ubuntu 14.04" >/dev/null 2>&1
then
os_release=ubuntu1204
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep -i "debian" /etc/issue 2>/dev/null)
os_release_2=$(grep -i "debian" /proc/version 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "Linux 6" >/dev/null 2>&1
then
os_release=debian6
echo "$os_release"
elif echo "$os_release"|grep "Linux 7" >/dev/null 2>&1
then
os_release=debian7
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep -i "opensuse" /etc/issue 2>/dev/null)
os_release_2=$(grep -i "opensuse" /etc/*release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "openSUSE 13.1" >/dev/null 2>&1
then
os_release=opensuse1301
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
break
done
}
rhel56_fun()
{
while true
do
vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}')
cpu=$(top -bn2|grep "Cpu(s)"|awk '{print $5}'|awk -F'%' '{print $1}'|tail -n1)
check_cpu=$(echo "$cpu <20" |bc)
echo "======================================================" >>$logfile
date >>$logfile
if [[ $vm_mem -le 100 ]]
then
echo "======================================================" >>$logfile
echo "The memory is too less." >>$logfile
free -m >>$logfile
echo "=======================Memory info=====================" >>$logfile
(ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile
date >>$logfile
echo "=======================Dmesg info=====================" >>$logfile
dmesg >>$logfile
dmesg -c
elif [[ $check_cpu -eq 1 ]]
then
echo "======================================================" >>$logfile
echo "The idle cpu is too less." >>$logfile
echo "=======================CPU info========================" >>$logfile
(ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfiles
echo "=======================Dmesg info=====================" >>$logfile
dmesg >>$logfile
dmesg -c
fi
sleep 10
done
}
rhel7_fun()
{
while true
do
vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}')
cpu=$(top -bn2|grep "Cpu(s)"|awk -F, '{print $4}'|awk '{print $1}'|tail -n1)
check_cpu=$(echo "$cpu <20" |bc)
echo "======================================================" >>$logfile
date >>$logfile
if [[ $vm_mem -le 100 ]]
then
echo "======================================================" >>$logfile
echo "The memory is too less." >>$logfile
free -m >>$logfile
echo "=======================Memory info=====================" >>$logfile
(ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile
date >>$logfile
echo "=======================Dmesg info=====================" >>$logfile
dmesg >>$logfile
dmesg -c
elif [[ $check_cpu -eq 1 ]]
then
echo "======================================================" >>$logfile
echo "The idle cpu is too less." >>$logfile
echo "=======================CPU info========================" >>$logfile
(ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfiles
echo "=======================Dmesg info=====================" >>$logfile
dmesg >>$logfile
dmesg -c
fi
sleep 10
done
}
debian_fun()
{
while true
do
vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}')
cpu=$(top -bn2|grep "Cpu(s)"|awk '{print $8}'|awk -F'%' '{print $1}'|tail -n1)
check_cpu=$(echo "$cpu <20" |bc)
echo "======================================================" >>$logfile
date >>$logfile
if [[ $vm_mem -le 100 ]]
then
echo "======================================================" >>$logfile
echo "The memory is too less." >>$logfile
free -m >>$logfile
echo "=======================Memory info=====================" >>$logfile
(ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile
date >>$logfile
echo "=======================Dmesg info=====================" >>$logfile
dmesg >>$logfile
dmesg -c
elif [[ $check_cpu -eq 1 ]]
then
echo "======================================================" >>$logfile
echo "The idle cpu is too less." >>$logfile
echo "=======================CPU info========================" >>$logfile
(ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfile
echo "=======================Dmesg info=====================" >>$logfile
dmesg >>$logfile
dmesg -c
fi
sleep 10
done
}
check_os_release
case "$os_release" in
aliyun5|centos5|centos6|aliyun6)
yum install bc -y
rhel56_fun
;;
centos7)
yum install bc -y
rhel7_fun
;;
ubuntu10|ubuntu1204|ubuntu1210|ubuntu1404|debian6|debian7)
apt-get install bc -y
debian_fun
;;
opensuse1301)
echo "Can not support openSUSE."
exit 1
;;
*)
echo "Unknow OS system."
exit 1
;;
esac
get_network_info.bat
该脚本适用于windows系统。会每5秒钟对目标地址进行ping检测,有丢包或不通时会搜集用户本地网络配置信息、路由表、ARP表并进行traceroute。这些信息都记录到脚本当前目录下的checknet.log文件里。
@rem this batch script to collect network information for analysis.
@rem version 2.0 time:2014-5-20
color 1f
set log=checknet.log
Set tm1=%time:~0,2%
Set tm2=%time:~3,2%
Set tm3=%time:~6,2%
set /p destip=目标IP地址:
:check_ping
@rem Get the client network infomation.
echo %date% %tm1%点%tm2%分%tm3%秒 >>%log%
echo —————————————————ping infomation————————————————————>>%log%
ping -n 10 -w 1 %destip% >>%log%
if %ERRORLEVEL% NEQ 0 goto check_trace
echo —————————————————interface infomation————————————————————>>%log%
ipconfig /all >>%log%
echo —————————————————route infomation————————————————————>>%log%
netstat -rn >>%log%
echo —————————————————arp infomation————————————————————>>%log%
arp -a >>%log%
:check_trace
echo —————————————————trace route infomation————————————————————>>%log%
tracert -d -w 2000 %destip% >>%log%
ping -n 5 127.0.0.1>nul
goto check_ping
check_destination_port.sh
该脚本适用于linux系统。该脚本每5秒检查目标地址端口可用性,当无法连接的时候搜集网络连接情况、路由探测信息和dmesg信息并保存到日志里。日志名称和位置:/tmp/check_destination_port.sh.log。
#!/bin/bash
#This script collect network information and check the destination port.
#Version 1.0 time:2014-3-11
logfile=/tmp/$0.log
dmesg_file1=/tmp/1
dmesg_file2=/tmp/2
read -p "Input the destination IP or URL: " ip
read -p "Input the destination PORT: " port
get_dmesg()
{
echo "===================dmessages info==============================" >>$logfile
dmesg >$dmesg_file2
diff $dmesg_file1 $dmesg_file2 >>$logfile
cat $dmesg_file2 >$dmesg_file1
}
dmesg -c
dmesg >$dmesg_file1
while true
do
if [ "X$ip" == "X" ] || [ "X$port" == "X" ]
then
echo "Error:The IP or URL or PORT is not define.Will exit."
exit 1
else
echo "===================port info==============================" >>$logfile
date >>$logfile
nc -vzw 2 $ip $port >>$logfile
if [ "$?" -ne 0 ]
then
get_dmesg
echo "===================network connection info==============================" >>$logfile
(netstat -antlp >>$logfile)
echo "===================trace route info==============================" >>$logfile
(traceroute -Tnp $port $ip >>$logfile)
else
sleep 5
fi
fi
done
windows2003_drop_port.bat
该脚本适用于windows 2003系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
@rem 配置windows2003系统的IP安全策略
@rem version 3.0 time:2014-5-12
netsh ipsec static add policy name=drop
netsh ipsec static add filterlist name=drop_port
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=21 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=22 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=23 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=25 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=53 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=80 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=135 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=139 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=443 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=445 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1314 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1433 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1521 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=2222 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3306 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3433 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3389 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=4899 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=8080 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=18186 protocol=TCP mirrored=no
netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any protocol=UDP mirrored=no
netsh ipsec static add filteraction name=denyact action=block
netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact
netsh ipsec static set policy name=drop assign=y
windows2008_drop_port.bat
该脚本适用于windows 2008系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
@rem 配置windows2008系统的IP安全策略
@rem version 3.0 time:2014-5-12
@rem 重置防火墙使用默认规则
netsh firewall reset
netsh firewall set service remotedesktop enable all
@rem 配置高级windows防火墙
netsh advfirewall firewall add rule name="drop" protocol=TCP dir=out remoteport="21,22,23,25,53,80,135,139,443,445,1433,1314,1521,2222,3306,3433,3389,4899,8080,18186" action=block
netsh advfirewall firewall add rule name="dropudp" protocol=UDP dir=out remoteport=any action=block
linux_drop_port.sh
该脚本适用于linux系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
#!/bin/bash
#########################################
#Function: linux drop port
#Usage: bash linux_drop_port.sh
#Author: Customer Service Department
#Company: Alibaba Cloud Computing
#Version: 2.0
#########################################
check_os_release()
{
while true
do
os_release=$(grep "Red Hat Enterprise Linux Server release" /etc/issue 2>/dev/null)
os_release_2=$(grep "Red Hat Enterprise Linux Server release" /etc/redhat-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "release 5" >/dev/null 2>&1
then
os_release=redhat5
echo "$os_release"
elif echo "$os_release"|grep "release 6" >/dev/null 2>&1
then
os_release=redhat6
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null)
os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "release 5" >/dev/null 2>&1
then
os_release=aliyun5
echo "$os_release"
elif echo "$os_release"|grep "release 6" >/dev/null 2>&1
then
os_release=aliyun6
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep "CentOS release" /etc/issue 2>/dev/null)
os_release_2=$(grep "CentOS release" /etc/*release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "release 5" >/dev/null 2>&1
then
os_release=centos5
echo "$os_release"
elif echo "$os_release"|grep "release 6" >/dev/null 2>&1
then
os_release=centos6
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep -i "ubuntu" /etc/issue 2>/dev/null)
os_release_2=$(grep -i "ubuntu" /etc/lsb-release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "Ubuntu 10" >/dev/null 2>&1
then
os_release=ubuntu10
echo "$os_release"
elif echo "$os_release"|grep "Ubuntu 12.04" >/dev/null 2>&1
then
os_release=ubuntu1204
echo "$os_release"
elif echo "$os_release"|grep "Ubuntu 12.10" >/dev/null 2>&1
then
os_release=ubuntu1210
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep -i "debian" /etc/issue 2>/dev/null)
os_release_2=$(grep -i "debian" /proc/version 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "Linux 6" >/dev/null 2>&1
then
os_release=debian6
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
os_release=$(grep "openSUSE" /etc/issue 2>/dev/null)
os_release_2=$(grep "openSUSE" /etc/*release 2>/dev/null)
if [ "$os_release" ] && [ "$os_release_2" ]
then
if echo "$os_release"|grep "13.1" >/dev/null 2>&1
then
os_release=opensuse131
echo "$os_release"
else
os_release=""
echo "$os_release"
fi
break
fi
break
done
}
exit_script()
{
echo -e "\033[1;40;31mInstall $1 error,will exit.\n\033[0m"
rm -f $LOCKfile
exit 1
}
config_iptables()
{
iptables -I OUTPUT 1 -p tcp -m multiport --dport 21,22,23,25,53,80,135,139,443,445 -j DROP
iptables -I OUTPUT 2 -p tcp -m multiport --dport 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186 -j DROP
iptables -I OUTPUT 3 -p udp -j DROP
iptables -nvL
}
ubuntu_config_ufw()
{
ufw deny out proto tcp to any port 21,22,23,25,53,80,135,139,443,445
ufw deny out proto tcp to any port 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186
ufw deny out proto udp to any
ufw status
}
####################Start###################
#check lock file ,one time only let the script run one time
LOCKfile=/tmp/.$(basename $0)
if [ -f "$LOCKfile" ]
then
echo -e "\033[1;40;31mThe script is already exist,please next time to run this script.\n\033[0m"
exit
else
echo -e "\033[40;32mStep 1.No lock file,begin to create lock file and continue.\n\033[40;37m"
touch $LOCKfile
fi
#check user
if [ $(id -u) != "0" ]
then
echo -e "\033[1;40;31mError: You must be root to run this script, please use root to execute this script.\n\033[0m"
rm -f $LOCKfile
exit 1
fi
echo -e "\033[40;32mStep 2.Begen to check the OS issue.\n\033[40;37m"
os_release=$(check_os_release)
if [ "X$os_release" == "X" ]
then
echo -e "\033[1;40;31mThe OS does not identify,So this script is not executede.\n\033[0m"
rm -f $LOCKfile
exit 0
else
echo -e "\033[40;32mThis OS is $os_release.\n\033[40;37m"
fi
echo -e "\033[40;32mStep 3.Begen to config firewall.\n\033[40;37m"
case "$os_release" in
redhat5|centos5|redhat6|centos6|aliyun5|aliyun6)
service iptables start
config_iptables
;;
debian6)
config_iptables
;;
ubuntu10|ubuntu1204|ubuntu1210)
ufw enable <<EOF
y
EOF
ubuntu_config_ufw
;;
opensuse131)
config_iptables
;;
esac
echo -e "\033[40;32mConfig firewall success,this script now exit!\n\033[40;37m"
rm -f $LOCKfile
weblogcheckutf8.sh & weblogcheckgbk.sh
该脚本适用于linux系统,用于分析web日志信息,详细用法见下面链接里的说明文档《web日志分析脚本.docx》,脚本分为utf8和gbk编码。
#!/bin/bash
############################################
# web日志分析脚本
#
#2013-12-30 by 金象
#version:1.0
#使用方法:
#./weblogcheck.sh [-c n] [-t n] -f FILE
#
#选项说明:
#-c(选填):设置IP、资源TOP榜显示量,默认显示前5名,参数需填写整数
#-t(选填):设置日志统计时段,默认统计最后6个时段,参数需填写整数
#-f(必填):指定日志文件,如果脚本与日志文件不在同一目录需填写绝对路径
#例:
#./weblogcheck.sh -f /alidata/log/httpd/access/phpwind.log
#./weblogcheck.sh -c 3 -t 3 -f /alidata/log/httpd/access/phpwind.log
############################################
##使用帮助
usage()
{
echo -e "\nUsage:\n$0 [-c n] [-t n] -f FILE\n"
echo -e "选项说明:"
echo -e "-c(选填):设置IP、资源TOP榜显示量,默认显示前5名,参数需填写整数"
echo -e "-t(选填):设置日志统计时段,默认统计最后6个时段,参数需填写整数"
echo -e "-f(必填):指定日志文件,如果脚本与日志文件不在同一目录需填写绝对路径"
echo -e "\n例:\n$0 -f /alidata/log/httpd/access/phpwind.log"
echo -e "或:\n$0 -c 3 -t 3 -f /alidata/log/httpd/access/phpwind.log\n"
exit
}
##华丽的分割线
split_line="--------------------------------------------------"
clear
##审核选项
while getopts ":hc:t:f:" script_opt
do
case ${script_opt} in
h)
time_hz=half
;;
c)
if [[ ${OPTARG} =~ ^[1-9][0-9]*$ ]];then
ip_row=${OPTARG}
else
echo -e "\033[31mErr: -c选项请填写整数TOP榜显示行\033[0m"
usage
fi
;;
t)
if [[ ${OPTARG} =~ ^[1-9][0-9]*$ ]];then
log_time=${OPTARG}
else
echo -e "\033[31mErr: -t选项请填写整数时段\033[0m"
usage
fi
;;
f)
if [ -e "${OPTARG}" ];then
log_path=${OPTARG}
else
echo -e "\033[31mErr: ${OPTARG}日志文件不存在,请核实!\033[0m"
usage
fi
;;
:)
echo -e "\033[31mErr: -${OPTARG}选项缺少参数,请核实!\033[0m"
usage
;;
?)
echo -e "\033[31mErr: 无法识别的选项,请核实!\033[0m"
usage
;;
esac
done
##检测日志文件是否可用
if [ -z "${log_path}" ];then
echo -e "\033[31mErr: 请填写日志路径\033[0m"
usage
fi
##检测日志文件大小
log_size=$(du -m "${log_path}"|awk '{print $1}')
if [ "${log_size}" -gt 50 ];then
echo -e "日志文件:${log_path}\t大小:${log_size}MB\n日志文件体积较大,分析时间较长,是否继续?"
read -p"yes[y] or no[n]:" -n 1 check_size
if [ "${check_size}" = "y" ];then
echo -e "\n正在分析,请稍等..."
else
echo -e "\n终止日志分析"
exit
fi
elif [ "${log_size}" -eq 0 ];then
echo -e "日志文件:${log_path}\t大小:${log_size}MB\n\033[31m日志文件为空,请选择其他日志\033[0m"
usage
fi
##设置时间分隔点
time_mark=$(awk '{print $4}' "${log_path}"|cut -c 2-16|uniq|tail -n ${log_time:-6})
##日志分析
for mark in ${time_mark}
do
time_format=$(echo $mark|awk 'BEGIN {FS="[/|:]"} {print $3"/"$2"/"$1"\t"$4":00-"$4":59"}')
net_size=$(grep $mark "${log_path}"|awk '{if($10 ~ /[0-9]/) sum += $10} END {printf("%0.2f\n",sum/1024/1024)}')
top_ip=$(grep $mark "${log_path}"| awk '{print $1}' |sort |uniq -c|sort -rn|head -n ${ip_row:-5})
top_page=$(grep $mark "${log_path}"|awk '{if($10>0 )print $7}'|sort|uniq -c|sort -rn|head -n ${ip_row:-5})
echo -e "${split_line}\n${time_format} 本时段流量:${net_size} MB"
echo -e " 次数 访问者IP"
echo -e "${top_ip}"
echo -e " 次数 访问资源"
echo -e "${top_page}"
done
#!/bin/bash
############################################
# web日志分析脚本
#
#2013-12-30 by 金象
#version:1.0
#使用方法:
#./weblogcheck.sh [-c n] [-t n] -f FILE
#
#选项说明:
#-c(选填):设置IP、资源TOP榜显示量,默认显示前5名,参数需填写整数
#-t(选填):设置日志统计时段,默认统计最后6个时段,参数需填写整数
#-f(必填):指定日志文件,如果脚本与日志文件不在同一目录需填写绝对路径
#例:
#./weblogcheck.sh -f /alidata/log/httpd/access/phpwind.log
#./weblogcheck.sh -c 3 -t 3 -f /alidata/log/httpd/access/phpwind.log
############################################
##使用帮助
usage()
{
echo -e "\nUsage:\n$0 [-c n] [-t n] -f FILE\n"
echo -e "选项说明:"
echo -e "-c(选填):设置IP、资源TOP榜显示量,默认显示前5名,参数需填写整数"
echo -e "-t(选填):设置日志统计时段,默认统计最后6个时段,参数需填写整数"
echo -e "-f(必填):指定日志文件,如果脚本与日志文件不在同一目录需填写绝对路径"
echo -e "\n例:\n$0 -f /alidata/log/httpd/access/phpwind.log"
echo -e "或:\n$0 -c 3 -t 3 -f /alidata/log/httpd/access/phpwind.log\n"
exit
}
##华丽的分割线
split_line="--------------------------------------------------"
clear
##审核选项
while getopts ":hc:t:f:" script_opt
do
case ${script_opt} in
h)
time_hz=half
;;
c)
if [[ ${OPTARG} =~ ^[1-9][0-9]*$ ]];then
ip_row=${OPTARG}
else
echo -e "\033[31mErr: -c选项请填写整数TOP榜显示行\033[0m"
usage
fi
;;
t)
if [[ ${OPTARG} =~ ^[1-9][0-9]*$ ]];then
log_time=${OPTARG}
else
echo -e "\033[31mErr: -t选项请填写整数时段\033[0m"
usage
fi
;;
f)
if [ -e "${OPTARG}" ];then
log_path=${OPTARG}
else
echo -e "\033[31mErr: ${OPTARG}日志文件不存在,请核实!\033[0m"
usage
fi
;;
:)
echo -e "\033[31mErr: -${OPTARG}选项缺少参数,请核实!\033[0m"
usage
;;
?)
echo -e "\033[31mErr: 无法识别的选项,请核实!\033[0m"
usage
;;
esac
done
##检测日志文件是否可用
if [ -z "${log_path}" ];then
echo -e "\033[31mErr: 请填写日志路径\033[0m"
usage
fi
##检测日志文件大小
log_size=$(du -m "${log_path}"|awk '{print $1}')
if [ "${log_size}" -gt 50 ];then
echo -e "日志文件:${log_path}\t大小:${log_size}MB\n日志文件体积较大,分析时间较长,是否继续?"
read -p"yes[y] or no[n]:" -n 1 check_size
if [ "${check_size}" = "y" ];then
echo -e "\n正在分析,请稍等..."
else
echo -e "\n终止日志分析"
exit
fi
elif [ "${log_size}" -eq 0 ];then
echo -e "日志文件:${log_path}\t大小:${log_size}MB\n\033[31m日志文件为空,请选择其他日志\033[0m"
usage
fi
##设置时间分隔点
time_mark=$(awk '{print $4}' "${log_path}"|cut -c 2-16|uniq|tail -n ${log_time:-6})
##日志分析
for mark in ${time_mark}
do
time_format=$(echo $mark|awk 'BEGIN {FS="[/|:]"} {print $3"/"$2"/"$1"\t"$4":00-"$4":59"}')
net_size=$(grep $mark "${log_path}"|awk '{if($10 ~ /[0-9]/) sum += $10} END {printf("%0.2f\n",sum/1024/1024)}')
top_ip=$(grep $mark "${log_path}"| awk '{print $1}' |sort |uniq -c|sort -rn|head -n ${ip_row:-5})
top_page=$(grep $mark "${log_path}"|awk '{if($10>0 )print $7}'|sort|uniq -c|sort -rn|head -n ${ip_row:-5})
echo -e "${split_line}\n${time_format} 本时段流量:${net_size} MB"
echo -e " 次数 访问者IP"
echo -e "${top_ip}"
echo -e " 次数 访问资源"
echo -e "${top_page}"
done
config_ntpclient.bat
该脚本适用于windows系统,将ntp时钟服务器配置为阿里云内部时钟源并将同步频率改为300秒。
@rem This batch script to config ntpclient.
@rem version 1.0 time:2014-6-5
@echo off
REG ADD HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpClient /v SpecialPollInterval /t REG_DWORD /d 300 /f
w32tm /config /manualpeerlist:"ntp1.aliyun.com,0x1 ntp2.aliyun.com,0x1 ntp3.aliyun.com,0x1" /syncfromflags:manual /reliable:yes /update
net stop w32time
net start w32time
转自:http://www.hellyhua.com/xuexi/server/893.html