脚本如下
#!/bin/bash
echo `date +"%F %H:%M:%S"` "HTTP80-ALL" "`netstat -anlp|grep tcp|grep 服务器ip|grep -w 80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20`" >> /var/log/ip80_count`date +"%F"`.txt
#完整可用
echo `date +"%F %H:%M:%S"` "HTTP80-疑似攻击-ALL" "`netstat -anlp|grep tcp|grep 服务器ip|grep -w 80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20`" >> /var/log/ip80疑似攻击_count`date +"%F"`.txt
echo `date +"%F %H:%M:%S"` "HTTP80-已连接-ALL" "` netstat -anlp|grep tcp|grep 服务器ip:80|grep ESTABLISHED|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20 `" >> /var/log/ip80已连接_count`date +"%F"`.txt
#更精简的写法
netstat -anlp|grep tcp|grep 服务器ip:80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head –n20
显示结果如下
2018-04-28 17:35:01 HTTP80-疑似攻击-ALL
16 114.82.164.209
11 106.46.64.27
10 58.221.88.126
10 116.232.202.17
8 115.239.169.69
7 59.46.215.38
7 49.86.99.61
7 223.96.144.125
7 221.239.97.18
6 218.56.252.62
6 183.209.198.22
#第二个脚本用于统计当天的数量
#!/bin/bash
echo ip_count`date +"%F"` >>/var/log/ip_count_output`date +"%F"`.log
cat /var/log/ip_count`date +"%F"`.txt|awk ‘{print $2}’|grep -v :|sort|uniq -c|sort -nr|head -n10 >> /var/log/ip_count_output`date +"%F"`.log
echo ip80已连接_count`date +"%F"` >>/var/log/ip_count_output`date +"%F"`.log
cat /var/log/ip80已连接_count`date +"%F"`.txt|awk ‘{print $2}’|grep -v :|sort|uniq -c|sort -nr|head -n10 >> /var/log/ip_count_output`date +"%F"`.log
echo ip80疑似攻击_count`date +"%F"` >>/var/log/ip_count_output`date +"%F"`.log
cat /var/log/ip80疑似攻击_count`date +"%F"`.txt|awk ‘{print $2}’|grep -v :|sort|uniq -c|sort -nr|head -n10 >> /var/log/ip_count_output`date +"%F"`.log
#每天最后每分钟运行一次
#crontab -l
#59 23 * * * /opt/tcp/ip_count_output.sh