批处理之家's Archiver

523066680 发表于 2019-1-31 16:06

阿里云虚拟主机CPU占用100%,后台log提取与分析

[i=s] 本帖最后由 523066680 于 2019-1-31 16:17 编辑 [/i]

对网络还是太多的不了解,今天登陆后台发现CPU被刷爆了。但是我的网站又没什么人,哪个蛋疼的会去搞事?
通过后台了解到可以在wwwlogs目录获取日志,自己分析。

所以我写了一份Perl脚本分析 Log 日志(从zip中提取)[code]=info
    提取阿里云虚拟机日志信息,数据排序
    按主地址(前三段)的请求次数排序,并列出最后一节地址列表/Agent信息
    523066680/vicyang
    2019-01
=cut
use Modern::Perl;
use Archive::Zip qw( :ERROR_CODES :CONSTANTS );
use File::Slurp;
use Encode;
STDOUT->autoflush(1);

my $zip = Archive::Zip->new();
$zip->read( 'log20190131.zip' );

my @fdata;
for my $m ( $zip->members ) {
    say $m->fileName;
    push @fdata, [split /\r?\n/, $m->contents];
}

my %hash;
for my $s ( @{$fdata[0]}, @{$fdata[1]} )
{
    #next unless $s=~/31\/Jan\/2019/;
    die unless $s=~/([\d\.]+)\.(\d+)[ -]+.*"(.*)" xyu3241/;
    if (exists $hash{$1}) {
        $hash{$1}{ip}{$2} = 1;
        $hash{$1}{times}++;
    } else {
        $hash{$1}{times} = 1;
        $hash{$1}{agent} = $3;
        $hash{$1}{ip} = {$2, 1};
    }
}

my @sortkeys = sort { $hash{$a}{times} <=> $hash{$b}{times} } keys %hash;
for my $e (@sortkeys)
{
    printf "IP: %12s, times:%3d - %s\n",
            $e,
            #$hash{$e}{times}, $hash{$e}{agent};
            $hash{$e}{times}, join(",", sort { $a <=> $b } keys %{$hash{$e}{ip}});
}
__END__
```
220.181.108.119 - - [31/Jan/2019:03:28:49 +0800] \
"GET /ucp.php?mode=register HTTP/1.1" 200 4795 "-" \
"Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)" \
xyu3241540001.my3w.com text/html "/usr/home/xyu3241540001/htdocs/ucp.php" 502988
```
[/code]得到发起请求最多的几个地址段(最右的数字是ip最后一节地址列表,说明改IP段有多个子IP在发请求):[code]IP:  220.181.108, times:440 - 75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,99,100,101,102,103,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,144,145,146,147,149,155,156,157,158,159,160,161,162,163,165,166,167,168,169,174,175,176,177,178,179,180,181,182,183,184,185,186,187
IP:   123.125.71, times:477 - 12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,36,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,60,74,75,76,77,78,79,85,86,87,88,89,90,91,92,94,95,96,97,98,99,100,105,106,107,108,109,110,111,112,113,114,115,116,117
IP:   216.244.66, times:506 - 250
IP:    42.236.10, times:1763 - 70,71,72,73,74,75,76,77,78,79,81,82,83,84,88,89,90,91,98,100,103,104,105,107,108,109,110,112,113,116,120,121,122,123[/code]列出 agent 信息[code]IP:  220.181.108, times:440 - Mozilla/5.0 (compatible; Baiduspider/2.0; +http://www.baidu.com/search/spider.html)
IP:   123.125.71, times:477 - Mozilla/5.0 (iPhone; CPU iPhone OS 8_0 like Mac OS X) AppleWebKit/600.1.3 (KHTML, like Gecko) Version/8.0 Mobile/12A4345d Safari/600.1.4
IP:   216.244.66, times:506 - Mozilla/5.0 (compatible; DotBot/1.1; http://www.opensiteexplorer.org/dotbot, help@moz.com)
IP:    42.236.10, times:1763 - Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36; 360Spider[/code]看来应该就是蛋疼的 360Spider ……

页: [1]

Powered by Discuz! Archiver 7.2  © 2001-2009 Comsenz Inc.