Find out what IP address has been hitting your webserver for traffic details. An effective guidelines for self learners.
If your server has started getting a lot more traffic and you want to find out what IP address has been hitting your webserver there is a one line command to do this.
1. Login to your server via SSH
2. Locate your access log (generally /etc/httpd/logs)
3. Enter the command:
cat /path/to/access_log |awk '{print $1}' |sort |uniq -c |sort -n |tail
So if your access logs are in the standard location /etc/httpd/logs you would enter:
cat /etc/httpd/logs/access_log |awk '{print $1}' |sort |uniq -c |sort -n |tail
You can also get the current number of connections per IP address by entering the command:
Create iptop
If you would like to create a program to view these like a top do the following:
nano /root/ipconnections
Paste this into the file:
netstat -tan| grep -v 'LISTEN'| awk '{print $5}'| grep -v 'and' |grep -v 'Address' |cut -d':' -f1 |sort -n | uniq -c | sort -rn | head -n10
echo ''
echo 'TOTAL CONNECTIONS:' `netstat -tan | grep -v 'LISTEN' | wc -l`
Ctrl O to Save
Ctrl X to Quit
chmod 755 /root/ipconnections
nano /usr/sbin/iptop
Paste this into the file:
watch -n 0.5 /root/ipconnections
Ctrl O to Save
Ctrl X to Quit
chmod 755 /usr/sbin/iptop
You can now type simply: iptop
This will show you the number of connections to your server per IP address and update twice a second.
