get_cpu_mem_info.bat
该脚本适用于windows系统。会每10秒记录一次当前所有进程消耗的CPU和内存使用量。可以用于找出占用资源异常的进程。 该脚本会将日志记录到脚本当前目录下的get_cpu_mem_info.log里。
@rem This batch script to collect cpu and memory usage info. @rem version 1.0 time:2014-3-9 set log=get_cpu_mem_info.log set timeout=10 :check @rem "The CPUusage and Memusage" wmic path Win32_PerfFormattedData_PerfProc_Process get Name,PercentUserTime,WorkingSet >>%log% wmic os get localdatetime >>%log% ping -n %timeout% 127.0.0.1>nul goto check
get_cpu_mem_info.sh
该脚本适用于linux系统。会每10秒记录一次当前所有进程消耗的CPU和内存使用量以及。可以用于找出占用资源异常的进程。日志名称和位置:/tmp/get_cpu_mem_info.sh.log。
#!/bin/bash #When the free memory very less ,this script to collect CPU/memory usage information and dmessage information. #Version 1.0 time:2014-03-11 #Version 2.0 time:2014-12-23 #Version 3.0 time:2015-04-21 #Version 4.0 time:2015-05-07 logfile=/tmp/$0.log check_os_release() { while true do os_release=$(grep "Red Hat Enterprise Linux Server release" /etc/issue 2>/dev/null) os_release_2=$(grep "Red Hat Enterprise Linux Server release" /etc/redhat-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=redhat5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=redhat6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null) os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=aliyun5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=aliyun6 echo "$os_release" elif echo "$os_release"|grep "release 7" >/dev/null 2>&1 then os_release=aliyun7 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release_2=$(grep "CentOS" /etc/*release 2>/dev/null) if [ "$os_release_2" ] then if echo "$os_release_2"|grep "release 5" >/dev/null 2>&1 then os_release=centos5 echo "$os_release" elif echo "$os_release_2"|grep "release 6" >/dev/null 2>&1 then os_release=centos6 echo "$os_release" elif echo "$os_release_2"|grep "release 7" >/dev/null 2>&1 then os_release=centos7 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "ubuntu" /etc/issue 2>/dev/null) os_release_2=$(grep -i "ubuntu" /etc/lsb-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Ubuntu 10" >/dev/null 2>&1 then os_release=ubuntu10 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.04" >/dev/null 2>&1 then os_release=ubuntu1204 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.10" >/dev/null 2>&1 then os_release=ubuntu1210 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 14.04" >/dev/null 2>&1 then os_release=ubuntu1204 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "debian" /etc/issue 2>/dev/null) os_release_2=$(grep -i "debian" /proc/version 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Linux 6" >/dev/null 2>&1 then os_release=debian6 echo "$os_release" elif echo "$os_release"|grep "Linux 7" >/dev/null 2>&1 then os_release=debian7 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "opensuse" /etc/issue 2>/dev/null) os_release_2=$(grep -i "opensuse" /etc/*release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "openSUSE 13.1" >/dev/null 2>&1 then os_release=opensuse1301 echo "$os_release" else os_release="" echo "$os_release" fi break fi break done } rhel56_fun() { while true do vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}') cpu=$(top -bn2|grep "Cpu(s)"|awk '{print $5}'|awk -F'%' '{print $1}'|tail -n1) check_cpu=$(echo "$cpu <20" |bc) echo "======================================================" >>$logfile date >>$logfile if [[ $vm_mem -le 100 ]] then echo "======================================================" >>$logfile echo "The memory is too less." >>$logfile free -m >>$logfile echo "=======================Memory info=====================" >>$logfile (ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile date >>$logfile echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c elif [[ $check_cpu -eq 1 ]] then echo "======================================================" >>$logfile echo "The idle cpu is too less." >>$logfile echo "=======================CPU info========================" >>$logfile (ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfiles echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c fi sleep 10 done } rhel7_fun() { while true do vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}') cpu=$(top -bn2|grep "Cpu(s)"|awk -F, '{print $4}'|awk '{print $1}'|tail -n1) check_cpu=$(echo "$cpu <20" |bc) echo "======================================================" >>$logfile date >>$logfile if [[ $vm_mem -le 100 ]] then echo "======================================================" >>$logfile echo "The memory is too less." >>$logfile free -m >>$logfile echo "=======================Memory info=====================" >>$logfile (ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile date >>$logfile echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c elif [[ $check_cpu -eq 1 ]] then echo "======================================================" >>$logfile echo "The idle cpu is too less." >>$logfile echo "=======================CPU info========================" >>$logfile (ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfiles echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c fi sleep 10 done } debian_fun() { while true do vm_mem=$(free -m|grep "buffers/cache"|awk '{print $4}') cpu=$(top -bn2|grep "Cpu(s)"|awk '{print $8}'|awk -F'%' '{print $1}'|tail -n1) check_cpu=$(echo "$cpu <20" |bc) echo "======================================================" >>$logfile date >>$logfile if [[ $vm_mem -le 100 ]] then echo "======================================================" >>$logfile echo "The memory is too less." >>$logfile free -m >>$logfile echo "=======================Memory info=====================" >>$logfile (ps aux|head -1;ps aux|sort -nrk6|grep -v "RSS") >>$logfile date >>$logfile echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c elif [[ $check_cpu -eq 1 ]] then echo "======================================================" >>$logfile echo "The idle cpu is too less." >>$logfile echo "=======================CPU info========================" >>$logfile (ps aux|head -1;ps aux|sort -nrk3|grep -v "RSS") >>$logfile echo "=======================Dmesg info=====================" >>$logfile dmesg >>$logfile dmesg -c fi sleep 10 done } check_os_release case "$os_release" in aliyun5|centos5|centos6|aliyun6) yum install bc -y rhel56_fun ;; centos7) yum install bc -y rhel7_fun ;; ubuntu10|ubuntu1204|ubuntu1210|ubuntu1404|debian6|debian7) apt-get install bc -y debian_fun ;; opensuse1301) echo "Can not support openSUSE." exit 1 ;; *) echo "Unknow OS system." exit 1 ;; esac
get_network_info.bat
该脚本适用于windows系统。会每5秒钟对目标地址进行ping检测,有丢包或不通时会搜集用户本地网络配置信息、路由表、ARP表并进行traceroute。这些信息都记录到脚本当前目录下的checknet.log文件里。
@rem this batch script to collect network information for analysis. @rem version 2.0 time:2014-5-20 color 1f set log=checknet.log Set tm1=%time:~0,2% Set tm2=%time:~3,2% Set tm3=%time:~6,2% set /p destip=目标IP地址: :check_ping @rem Get the client network infomation. echo %date% %tm1%点%tm2%分%tm3%秒 >>%log% echo —————————————————ping infomation————————————————————>>%log% ping -n 10 -w 1 %destip% >>%log% if %ERRORLEVEL% NEQ 0 goto check_trace echo —————————————————interface infomation————————————————————>>%log% ipconfig /all >>%log% echo —————————————————route infomation————————————————————>>%log% netstat -rn >>%log% echo —————————————————arp infomation————————————————————>>%log% arp -a >>%log% :check_trace echo —————————————————trace route infomation————————————————————>>%log% tracert -d -w 2000 %destip% >>%log% ping -n 5 127.0.0.1>nul goto check_ping
check_destination_port.sh
该脚本适用于linux系统。该脚本每5秒检查目标地址端口可用性,当无法连接的时候搜集网络连接情况、路由探测信息和dmesg信息并保存到日志里。日志名称和位置:/tmp/check_destination_port.sh.log。
#!/bin/bash #This script collect network information and check the destination port. #Version 1.0 time:2014-3-11 logfile=/tmp/$0.log dmesg_file1=/tmp/1 dmesg_file2=/tmp/2 read -p "Input the destination IP or URL: " ip read -p "Input the destination PORT: " port get_dmesg() { echo "===================dmessages info==============================" >>$logfile dmesg >$dmesg_file2 diff $dmesg_file1 $dmesg_file2 >>$logfile cat $dmesg_file2 >$dmesg_file1 } dmesg -c dmesg >$dmesg_file1 while true do if [ "X$ip" == "X" ] || [ "X$port" == "X" ] then echo "Error:The IP or URL or PORT is not define.Will exit." exit 1 else echo "===================port info==============================" >>$logfile date >>$logfile nc -vzw 2 $ip $port >>$logfile if [ "$?" -ne 0 ] then get_dmesg echo "===================network connection info==============================" >>$logfile (netstat -antlp >>$logfile) echo "===================trace route info==============================" >>$logfile (traceroute -Tnp $port $ip >>$logfile) else sleep 5 fi fi done
windows2003_drop_port.bat
该脚本适用于windows 2003系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
@rem 配置windows2003系统的IP安全策略 @rem version 3.0 time:2014-5-12 netsh ipsec static add policy name=drop netsh ipsec static add filterlist name=drop_port netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=21 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=22 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=23 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=25 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=53 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=80 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=135 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=139 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=443 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=445 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1314 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1433 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=1521 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=2222 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3306 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3433 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=3389 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=4899 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=8080 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any dstport=18186 protocol=TCP mirrored=no netsh ipsec static add filter filterlist=drop_port srcaddr=me dstaddr=any protocol=UDP mirrored=no netsh ipsec static add filteraction name=denyact action=block netsh ipsec static add rule name=kill policy=drop filterlist=drop_port filteraction=denyact netsh ipsec static set policy name=drop assign=y
windows2008_drop_port.bat
该脚本适用于windows 2008系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
@rem 配置windows2008系统的IP安全策略 @rem version 3.0 time:2014-5-12 @rem 重置防火墙使用默认规则 netsh firewall reset netsh firewall set service remotedesktop enable all @rem 配置高级windows防火墙 netsh advfirewall firewall add rule name="drop" protocol=TCP dir=out remoteport="21,22,23,25,53,80,135,139,443,445,1433,1314,1521,2222,3306,3433,3389,4899,8080,18186" action=block netsh advfirewall firewall add rule name="dropudp" protocol=UDP dir=out remoteport=any action=block
linux_drop_port.sh
该脚本适用于linux系统,主要用于在云服务器被肉鸡后禁止对外攻击,留出时间进行分析和修复。该脚本将禁止对外发送UDP数据包和禁止对TCP的22、80、443、1314、3306、3433、3389、8080端口发送数据包。
#!/bin/bash ######################################### #Function: linux drop port #Usage: bash linux_drop_port.sh #Author: Customer Service Department #Company: Alibaba Cloud Computing #Version: 2.0 ######################################### check_os_release() { while true do os_release=$(grep "Red Hat Enterprise Linux Server release" /etc/issue 2>/dev/null) os_release_2=$(grep "Red Hat Enterprise Linux Server release" /etc/redhat-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=redhat5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=redhat6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null) os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=aliyun5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=aliyun6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "CentOS release" /etc/issue 2>/dev/null) os_release_2=$(grep "CentOS release" /etc/*release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=centos5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=centos6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "ubuntu" /etc/issue 2>/dev/null) os_release_2=$(grep -i "ubuntu" /etc/lsb-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Ubuntu 10" >/dev/null 2>&1 then os_release=ubuntu10 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.04" >/dev/null 2>&1 then os_release=ubuntu1204 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.10" >/dev/null 2>&1 then os_release=ubuntu1210 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "debian" /etc/issue 2>/dev/null) os_release_2=$(grep -i "debian" /proc/version 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Linux 6" >/dev/null 2>&1 then os_release=debian6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "openSUSE" /etc/issue 2>/dev/null) os_release_2=$(grep "openSUSE" /etc/*release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "13.1" >/dev/null 2>&1 then os_release=opensuse131 echo "$os_release" else os_release="" echo "$os_release" fi break fi break done } exit_script() { echo -e "�33[1;40;31mInstall $1 error,will exit. �33[0m" rm -f $LOCKfile exit 1 } config_iptables() { iptables -I OUTPUT 1 -p tcp -m multiport --dport 21,22,23,25,53,80,135,139,443,445 -j DROP iptables -I OUTPUT 2 -p tcp -m multiport --dport 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186 -j DROP iptables -I OUTPUT 3 -p udp -j DROP iptables -nvL } ubuntu_config_ufw() { ufw deny out proto tcp to any port 21,22,23,25,53,80,135,139,443,445 ufw deny out proto tcp to any port 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186 ufw deny out proto udp to any ufw status } ####################Start################### #check lock file ,one time only let the script run one time LOCKfile=/tmp/.$(basename $0) if [ -f "$LOCKfile" ] then echo -e "�33[1;40;31mThe script is already exist,please next time to run this script. �33[0m" exit else echo -e "�33[40;32mStep 1.No lock file,begin to create lock file and continue. �33[40;37m" touch $LOCKfile fi #check user if [ $(id -u) != "0" ] then echo -e "�33[1;40;31mError: You must be root to run this script, please use root to execute this script. �33[0m" rm -f $LOCKfile exit 1 fi echo -e "�33[40;32mStep 2.Begen to check the OS issue. �33[40;37m" os_release=$(check_os_release) if [ "X$os_release" == "X" ] then echo -e "�33[1;40;31mThe OS does not identify,So this script is not executede. �33[0m" rm -f $LOCKfile exit 0 else echo -e "�33[40;32mThis OS is $os_release. �33[40;37m" fi echo -e "�33[40;32mStep 3.Begen to config firewall. �33[40;37m" case "$os_release" in redhat5|centos5|redhat6|centos6|aliyun5|aliyun6) service iptables start config_iptables ;; debian6) config_iptables ;; ubuntu10|ubuntu1204|ubuntu1210) ufw enable <<EOF y EOF ubuntu_config_ufw ;; opensuse131) config_iptables ;; esac echo -e "�33[40;32mConfig firewall success,this script now exit! �33[40;37m" rm -f $LOCKfile
weblogcheckutf8.sh & weblogcheckgbk.sh
该脚本适用于linux系统,用于分析web日志信息,详细用法见下面链接里的说明文档《web日志分析脚本.docx》,脚本分为utf8和gbk编码。
#!/bin/bash ############################################ # web日志分析脚本 # #2013-12-30 by 金象 #version:1.0 #使用方法: #./weblogcheck.sh [-c n] [-t n] -f FILE # #选项说明: #-c(选填):设置IP、资源TOP榜显示量,默认显示前5名,参数需填写整数 #-t(选填):设置日志统计时段,默认统计最后6个时段,参数需填写整数 #-f(必填):指定日志文件,如果脚本与日志文件不在同一目录需填写绝对路径 #例: #./weblogcheck.sh -f /alidata/log/httpd/access/phpwind.log #./weblogcheck.sh -c 3 -t 3 -f /alidata/log/httpd/access/phpwind.log ############################################ ##使用帮助 usage() { echo -e " Usage: $0 [-c n] [-t n] -f FILE " echo -e "选项说明:" echo -e "-c(选填):设置IP、资源TOP榜显示量,默认显示前5名,参数需填写整数" echo -e "-t(选填):设置日志统计时段,默认统计最后6个时段,参数需填写整数" echo -e "-f(必填):指定日志文件,如果脚本与日志文件不在同一目录需填写绝对路径" echo -e " 例: $0 -f /alidata/log/httpd/access/phpwind.log" echo -e "或: $0 -c 3 -t 3 -f /alidata/log/httpd/access/phpwind.log " exit } ##华丽的分割线 split_line="--------------------------------------------------" clear ##审核选项 while getopts ":hc:t:f:" script_opt do case ${script_opt} in h) time_hz=half ;; c) if [[ ${OPTARG} =~ ^[1-9][0-9]*$ ]];then ip_row=${OPTARG} else echo -e "�33[31mErr: -c选项请填写整数TOP榜显示行�33[0m" usage fi ;; t) if [[ ${OPTARG} =~ ^[1-9][0-9]*$ ]];then log_time=${OPTARG} else echo -e "�33[31mErr: -t选项请填写整数时段�33[0m" usage fi ;; f) if [ -e "${OPTARG}" ];then log_path=${OPTARG} else echo -e "�33[31mErr: ${OPTARG}日志文件不存在,请核实!�33[0m" usage fi ;; :) echo -e "�33[31mErr: -${OPTARG}选项缺少参数,请核实!�33[0m" usage ;; ?) echo -e "�33[31mErr: 无法识别的选项,请核实!�33[0m" usage ;; esac done ##检测日志文件是否可用 if [ -z "${log_path}" ];then echo -e "�33[31mErr: 请填写日志路径�33[0m" usage fi ##检测日志文件大小 log_size=$(du -m "${log_path}"|awk '{print $1}') if [ "${log_size}" -gt 50 ];then echo -e "日志文件:${log_path} 大小:${log_size}MB 日志文件体积较大,分析时间较长,是否继续?" read -p"yes[y] or no[n]:" -n 1 check_size if [ "${check_size}" = "y" ];then echo -e " 正在分析,请稍等..." else echo -e " 终止日志分析" exit fi elif [ "${log_size}" -eq 0 ];then echo -e "日志文件:${log_path} 大小:${log_size}MB �33[31m日志文件为空,请选择其他日志�33[0m" usage fi ##设置时间分隔点 time_mark=$(awk '{print $4}' "${log_path}"|cut -c 2-16|uniq|tail -n ${log_time:-6}) ##日志分析 for mark in ${time_mark} do time_format=$(echo $mark|awk 'BEGIN {FS="[/|:]"} {print $3"/"$2"/"$1" "$4":00-"$4":59"}') net_size=$(grep $mark "${log_path}"|awk '{if($10 ~ /[0-9]/) sum += $10} END {printf("%0.2f ",sum/1024/1024)}') top_ip=$(grep $mark "${log_path}"| awk '{print $1}' |sort |uniq -c|sort -rn|head -n ${ip_row:-5}) top_page=$(grep $mark "${log_path}"|awk '{if($10>0 )print $7}'|sort|uniq -c|sort -rn|head -n ${ip_row:-5}) echo -e "${split_line} ${time_format} 本时段流量:${net_size} MB" echo -e " 次数 访问者IP" echo -e "${top_ip}" echo -e " 次数 访问资源" echo -e "${top_page}" done
#!/bin/bash ############################################ # web日志分析脚本 # #2013-12-30 by 金象 #version:1.0 #使用方法: #./weblogcheck.sh [-c n] [-t n] -f FILE # #选项说明: #-c(选填):设置IP、资源TOP榜显示量,默认显示前5名,参数需填写整数 #-t(选填):设置日志统计时段,默认统计最后6个时段,参数需填写整数 #-f(必填):指定日志文件,如果脚本与日志文件不在同一目录需填写绝对路径 #例: #./weblogcheck.sh -f /alidata/log/httpd/access/phpwind.log #./weblogcheck.sh -c 3 -t 3 -f /alidata/log/httpd/access/phpwind.log ############################################ ##使用帮助 usage() { echo -e " Usage: $0 [-c n] [-t n] -f FILE " echo -e "选项说明:" echo -e "-c(选填):设置IP、资源TOP榜显示量,默认显示前5名,参数需填写整数" echo -e "-t(选填):设置日志统计时段,默认统计最后6个时段,参数需填写整数" echo -e "-f(必填):指定日志文件,如果脚本与日志文件不在同一目录需填写绝对路径" echo -e " 例: $0 -f /alidata/log/httpd/access/phpwind.log" echo -e "或: $0 -c 3 -t 3 -f /alidata/log/httpd/access/phpwind.log " exit } ##华丽的分割线 split_line="--------------------------------------------------" clear ##审核选项 while getopts ":hc:t:f:" script_opt do case ${script_opt} in h) time_hz=half ;; c) if [[ ${OPTARG} =~ ^[1-9][0-9]*$ ]];then ip_row=${OPTARG} else echo -e "�33[31mErr: -c选项请填写整数TOP榜显示行�33[0m" usage fi ;; t) if [[ ${OPTARG} =~ ^[1-9][0-9]*$ ]];then log_time=${OPTARG} else echo -e "�33[31mErr: -t选项请填写整数时段�33[0m" usage fi ;; f) if [ -e "${OPTARG}" ];then log_path=${OPTARG} else echo -e "�33[31mErr: ${OPTARG}日志文件不存在,请核实!�33[0m" usage fi ;; :) echo -e "�33[31mErr: -${OPTARG}选项缺少参数,请核实!�33[0m" usage ;; ?) echo -e "�33[31mErr: 无法识别的选项,请核实!�33[0m" usage ;; esac done ##检测日志文件是否可用 if [ -z "${log_path}" ];then echo -e "�33[31mErr: 请填写日志路径�33[0m" usage fi ##检测日志文件大小 log_size=$(du -m "${log_path}"|awk '{print $1}') if [ "${log_size}" -gt 50 ];then echo -e "日志文件:${log_path} 大小:${log_size}MB 日志文件体积较大,分析时间较长,是否继续?" read -p"yes[y] or no[n]:" -n 1 check_size if [ "${check_size}" = "y" ];then echo -e " 正在分析,请稍等..." else echo -e " 终止日志分析" exit fi elif [ "${log_size}" -eq 0 ];then echo -e "日志文件:${log_path} 大小:${log_size}MB �33[31m日志文件为空,请选择其他日志�33[0m" usage fi ##设置时间分隔点 time_mark=$(awk '{print $4}' "${log_path}"|cut -c 2-16|uniq|tail -n ${log_time:-6}) ##日志分析 for mark in ${time_mark} do time_format=$(echo $mark|awk 'BEGIN {FS="[/|:]"} {print $3"/"$2"/"$1" "$4":00-"$4":59"}') net_size=$(grep $mark "${log_path}"|awk '{if($10 ~ /[0-9]/) sum += $10} END {printf("%0.2f ",sum/1024/1024)}') top_ip=$(grep $mark "${log_path}"| awk '{print $1}' |sort |uniq -c|sort -rn|head -n ${ip_row:-5}) top_page=$(grep $mark "${log_path}"|awk '{if($10>0 )print $7}'|sort|uniq -c|sort -rn|head -n ${ip_row:-5}) echo -e "${split_line} ${time_format} 本时段流量:${net_size} MB" echo -e " 次数 访问者IP" echo -e "${top_ip}" echo -e " 次数 访问资源" echo -e "${top_page}" done
config_ntpclient.bat
该脚本适用于windows系统,将ntp时钟服务器配置为阿里云内部时钟源并将同步频率改为300秒。
@rem This batch script to config ntpclient. @rem version 1.0 time:2014-6-5 @echo off REG ADD HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesW32TimeTimeProvidersNtpClient /v SpecialPollInterval /t REG_DWORD /d 300 /f w32tm /config /manualpeerlist:"ntp1.aliyun.com,0x1 ntp2.aliyun.com,0x1 ntp3.aliyun.com,0x1" /syncfromflags:manual /reliable:yes /update net stop w32time net start w32time
转自:http://www.hellyhua.com/xuexi/server/893.html