四五年前,我在一家外包公司做web后端接口开发。当时的团队分布情况是这样的:内部开发在一起,分前后端。我属于内部开发。外部开发在世界各地,他们会调用我们后端提供的接口,进行接口的调用。
当时项目中有个后端接口,是进行健康监测的。这个健康监测接口,提供一系列check操作,但并不进行写库操作,这样会占用很大量的cpu时间,但并不会占用太多内存。
突然有一天,我们后端服务器发现,cpu使用率居高不下。经查看,Tomcat java程序在占用。经询问,内部所有人的接口调用都已断开。
简单猜测是遭到了攻击。但防火墙,都正常。而且cpu使用倒挺稳定,没有达到崩溃的边缘。如果是恶意攻击,既然不进行写库操作,那么应该会使cpu爆表。既然cpu并没有爆表,而且很稳定,暂且排除攻击,思考其他方面的问题。
由于有外部团队在协同开发。首先询问外部团队负责人。负责人一口断定,自己所有的人,并没有对接口进行访问。然后确定一下,接口确实是它们使用的接口。只是他们说现在他们没有调用。
为了找到问题所在,查看Tomcat访问记录日志,发现,有一个ip地址在不停调用接口。
本着查清问题的原则,把ip地址抛给了外部团队。问这是谁的ip地址。并抛给了他们查看ip地址的命令和 方法。
然后就接到外部团队的回馈:是他们有开发同事,设置了定时任务,忘记关掉了。导致在频繁调用。
然后再和外部团队沟通问题,就顺畅了许多!
记录ip访问地址,一个是可以分析用户访问习惯。也可以处理一些特殊情况。所以,记录访问ip地址,是很有必要的。
ps: tomcat 记录来访日志的方法:
首先了解,Tomcat的日志。
参考:http://blog.csdn.net/J080624/article/details/77823522
注:以下 $CATALINA_BASE 为Tomcat路径
Tomcat日志配置文件所在路径:$CATALINA_BASE/conf/logging.properties
默认内容如下:
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
handlers = 1catalina.org.apache.juli.FileHandler, 2localhost.org.apache.juli.FileHandler, 3manager.org.apache.juli.FileHandler, 4host-manager.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
2localhost.org.apache.juli.FileHandler.level = FINE
2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.FileHandler.prefix = localhost.
3manager.org.apache.juli.FileHandler.level = FINE
3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
3manager.org.apache.juli.FileHandler.prefix = manager.
4host-manager.org.apache.juli.FileHandler.level = FINE
4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
4host-manager.org.apache.juli.FileHandler.prefix = host-manager.
java.util.logging.ConsoleHandler.level = FINE
java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter
############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers = 2localhost.org.apache.juli.FileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/manager].handlers = 3manager.org.apache.juli.FileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-manager].handlers = 4host-manager.org.apache.juli.FileHandler
# For example, set the org.apache.catalina.util.LifecycleBase logger to log
# each component that extends LifecycleBase changing state:
#org.apache.catalina.util.LifecycleBase.level = FINE
# To see debug messages in TldLocationsCache, uncomment the following line:
#org.apache.jasper.compiler.TldLocationsCache.level = FINE
可以看到日志都打印到;${catalina.base}/logs 路径下了。
日志分为几类:
A.Catalina引擎的日志文件,文件名catalina.日期.log
B.Tomcat下内部代码抛出的日志,文件名localhost.日期.log
C.Tomcat下默认manager应用日志,文件名manager.日期.log
D.Access日志
其中:Access日志是通过修改servier.xml配置文件实现的
${catalina}/conf/server.xml
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
我们看到这个,就是记录访问ip地址的。
访问历史,就记录在 对应的是localhost_access_log.2018-02-05.txt这个文件中,具体内容如下:
127.0.0.1 - - [05/Feb/2018:11:31:50 +0800] "GET /redis.cloud/redisController/redisCloudTest/set HTTP/1.1" 404 949
127.0.0.1 - - [05/Feb/2018:11:33:02 +0800] "GET /redis.cloud/redisController/redisCloudTest/set HTTP/1.1" 404 949
这里面记录了访问者的ip,时间,请求方式,请求路径,协议 ,状态,用时ms
!-- Access log processes all example. Documentation at: /docs/config/valve.html Note: The pattern used is equivalent to using pattern="common" --> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="%h %l %u %t "%r" %s %b" prefix="localhost_access_log." suffix=".txt"/>