CCIE那點事

腳本如下

#!/bin/bash

echo `date +"%F %H:%M:%S"` "HTTP80-ALL" "`netstat -anlp|grep tcp|grep 服務器ip|grep -w 80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20`" >> /var/log/ip80_count`date +"%F"`.txt
#完整可用

echo `date +"%F %H:%M:%S"` "HTTP80-疑似攻擊-ALL" "`netstat -anlp|grep tcp|grep 服務器ip|grep -w 80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20`" >> /var/log/ip80疑似攻擊_count`date +"%F"`.txt
echo `date +"%F %H:%M:%S"` "HTTP80-已連接-ALL" "` netstat -anlp|grep tcp|grep 服務器ip:80|grep ESTABLISHED|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20 `" >> /var/log/ip80已連接_count`date +"%F"`.txt

#更精簡的寫法

netstat -anlp|grep tcp|grep 服務器ip:80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20