One-liners
De Wiki Técnico Rioja. Administra tus sistemas.
Apache
Últimas 5000 líneas por dominio de todos los dominios
tail -n 5000 /srv/log/httpd/access_log | awk '{print $1}' | sort | uniq -c |sort -n | tail
Últimas 5000 líneas por ip de todos los dominios
tail -n 5000 /srv/log/httpd/access_log | awk '{print $2}' | sort | uniq -c |sort -n | tail
tail -n 5000 /srv/log/httpd/access_log | awk '{print $1, $2}' | sort | uniq -c |sort -n | tail
Conexiones
netstat -putan | egrep ':80|:443' | sort -k5
netstat -tlna | egrep "(:80|:443)" | awk '{print $5}' | cut -d ":" -f 1 | sort | uniq -c | sort -n
watch "netstat -ntlpa | egrep ':80|:443' | awk '{print \$5}' | cut -d: -f1 | sort | uniq -c | sort -n| tail -n 20"
Pseudotop con CPU solo de los procesos php
watch "ps -eo pid,user,%cpu,%mem,command --sort=-%cpu | grep '[p]hp-fpm'"
Conexiones a puertos 80|443
netstat -tlna | egrep ":80|:443" | awk {'print $5'} | cut -d ':' -f 1 | sort | uniq -c | sort -n | tail
Ataque a xmlrpc.php
cat /srv/log/httpd/access_log | awk '{print $1" " $2 " " $8}' | grep xmlrpc.php | sort | uniq -c |sort -n | tail
Buscar errores 404|403
cat /srv/log/httpd/access_log | grep -E 'HTTP/2.0" (403|404)' | awk '{print $1, $2, $8, $10}' | sort | uniq -c | sort -n | tail -n 50
Reiniciar Apache + php-fpm + xymon
systemctl restart php* httpd xymon
Mysql
Ver procesos interactivamente.
watch -d -n0.5 'mysql -e "show processlist;" |grep -v Sleep | sort -k2'
Ver conexiones ( ips origen )
watch "netstat -ntlpa | grep ':3306' | awk '{print \$5}' | cut -d: -f1 | sort | uniq -c | sort -n| tail -n 20"
Matar procesos de mas de 100 segundos
mysql -e 'SELECT * FROM INFORMATION_SCHEMA.PROCESSLIST where time>100 ' | grep -v scheduler | awk '{print "kill "$1";"}'|grep -v ID |mysql
Matar procesos de una BBDD
mysql -e "show full processlist" | grep qaeo957 | awk '{print "mysql -e \"kill " $1 "\""}' | sh
