irst locate the log file for your site. The generic log is generally at /var/log/httpd/access_log or/var/log/apache2/access_log (depending on your distro). For virtualhost-specific logs, check the conf files or (if you have one active site and others in the background) run ls -alt /var/log/httpd to see which file is most recently updated.
cat access.log| awk ‘{print $1}’ | sort | uniq -c |sort -n
Find out targets the last 5,000 hits:
tail -5000 access.log| awk '{print $1}' | sort | uniq -c |sort -n
Finally, if you have a ton of domains you may want to use this to aggregate them:
for k in `ls --color=none`; do echo "Top visitors by ip for: $k";awk '{print $1}' ~/logs/$k/http/access.log|sort|uniq -c|sort -n|tail;done
This command is great if you want to see what is being called the most (that can often show you that a specific script is being abused if it’s being called way more times than anything else in the site):
awk '{print $7}' access.log|cut -d? -f1|sort|uniq -c|sort -nk1|tail -n10
If you have multiple domains on and on a PS (PS only!) run this command to get all traffic for all domains on the PS:
for k in `ls -S /home/*/logs/*/http/access.log`; do wc -l $k | sort -r -n; done
Here is an alternative to the above command which does the same thing, this is for VPS only using an admin user:
sudo find /home/*/logs -type f -name "access.log" -exec wc -l "{}" \; | sort -r -n
If you’re on a shared server you can run this command which will do the same as the one above but just to the domains in your logs directory. You have to run this commands while your in your user’s logs directory:
for k in `ls -S */http/access.log`; do wc -l $k | sort -r -n; done
grep apache access.log and list IP’s by hits and date:-
grep Mar/2013 /var/log/apache2/access.log | awk '{ print $1 }' | sort -n | uniq -c | sort -rn | head
Recent Comments