## 一、统计端口流量情况
[root@localhost ~]# netstat -antp|awk '{print $5}'|sort|uniq -c|sort -k 1 -nr |head -n 5
4365 19233.101.247:22122
9 12.101.140.52:10001
8 120.101.140.60:10001
8 0.0.0.0:*
7 180.101.140.64:10001
## 二、分析nginx日志
root># grep checkPermitLogin.do access.log |awk '{print $1}'|sort |uniq -c |sort -k 1 -nr |head -n 20
1100 183.62.144.58
219 120.213.25.96
164 114.217.23.199
159 183.234.194.198
108 121.235.154.160
104 111.227.14.246
## 三、句柄满了
for i in /var/spool/; do echo $i; find $i |wc -l|sort -nr; done
for i in /var/spool/postfix/maildrop/; do echo $i; find $i |wc -l|sort -nr; done
/var/spool/postfix/maildrop/
1914
#处理办法
rm -rf /var/spool/postfix/maildrop
#df -i 验证
[root@localhost ~]# df -i
Filesystem Inodes IUsed IFree IUse% Mounted on
/dev/mapper/syavg-rootlv
327680 70738 256942 22% /
## 四、grep一个时间段的关键日志条数
```
root># cat new.txt | egrep '[18/Apr/2018:19:[0-5]|[18/Apr/2018:21:[0-5]'|grep "api/matchindex/zqMatchList"|sort|uniq|wc -l
418
root># cat new.txt | egrep '[18/Apr/2018:19:[0-5]|[18/Apr/2018:21:[0-5]'|grep "aaaaaaaaaaaa"|sort|uniq -c
1 116.30.28.3 - - [18/Apr/2018:18:50:56 +0800] "GET /aaaaaaaaaaaa/ook/201804187904?appVersion=1.7.0&jsver=1.7.0.0&agentId=8335026&inviterId=24026&platform=wap&version= HTTP/1.1" 200 1790 "http://m.qiuboshi.com/" "Mozilla/5.0 (iPhone; CPU iPhone OS 11_1_2 like Mac OS X) AppleWebKit/604.3.5 (KHTML, like Gecko) Mobile/15B202 MicroMessenger/6.6.6 NetType/WIFI Language/zh_CN" "172.18.8.67:11087" "200" "0.178" "0.178"
1 117.136.4.184 - - [18/Apr/2018:18:50:57 +0800] "GET /aaaaaaaaaaaa/look/201804187904?appVersion=1.7.0&jsver=1.7.0.0&agentId=8335026&inviterId=24026&platform=wap&version= HTTP/1.1" 200 1819 "http://m.qiuboshi.com/" "Mozilla/5.0 (Linux; Android 7.1.2; MI 5X Build/N2G47H; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.132 MQQBrowser/6.2 TBS/044005 Mobile Safari/537.36 MicroMessenger/6.6.6.1300(0x26060634) NetType/4G Language/zh_CN" "172.18.8.66:11087" "200" "0.176" "0.176"
1 36.149.129.190 - - [18/Apr/2018:21:11:47 +0800] "GET /aaaaaaaaaaaa/??antd/list-view/style/index.css,antd/refresh-control/style/index.css,antd/tabs/style/index.css,antd/toast/style/index.css,antd/modal/style/index.css,antd/tab-bar/style/index.css,antd/activity-indicator/style/index.css,antd/picker/style/index.css?v=20171227001 HTTP/1.1" 200 4245 "http://m.qiuboshi.com/?from=groupmessage" "Mozilla/5.0 (Linux; Android 5.1; OPPO R9m Build/LMY47I; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/57.0.2987.132 MQQBrowser/6.2 TBS/044028 Mobile Safari/537.36 MicroMessenger/6.6.6.1300(0x26060634) NetType/WIFI Language/zh_CN" "-" "-" "0.000" "-"
```
## 五、sed匹配关键字输出
```
sed -n 's/.*方法:\(.*\);请求数据.*/\1/ p' send-core.2017-10-10.log >static.txt
sort static.txt |uniq -c|sort -nr|head -50
=========================================================
325581 getContractInfo
72860 getSendPrice
49923 getBoxLimitExpressCompanyBySwitchConfig
49497 getIdCardAuthExpressCompanyBySwitchConfig
43415 doOperateApi
26068 getSendCode
==========================================================
其中 \1 代表 方法跟请求数据中间括号匹配的数据
源日志格式
2017-10-12 18:15:42.933 [DubboServerHandler-10.204.8.134:20880-thread-194] [INFO ] [com.fcbox.send.util.SendRespPackUtil:76] 服务被调用==类:com.fcbox.send.base.facade.impl.expresscompany.UserInfoPushFacadeImpl,方法:getUserInfoPushConfigByExpressCompany;请求数据=={"fromIp":null,"fromUser":null};;共耗时==1;response=={"chnDesc":"操作成功","code":"080100000","detail":"getUserInfoPushConfigByExpressCompany操作成功","engDesc":"success”}
```