More web hits

Posted on One min read

The single line I ran earlier for testing web hits needed a little modification. As the web logs have grown, doing a simple sort against all of them has not given the results I desired, so I had to be a little more selective. Since the “probing” doesn’t always happen when I am there, but sometimes overnight, I decided to go with a 2 day window. Yesterday, and Today. That way if I have some email that at 11pm the night before, or at 2am, but I don’t get to it until the next day, this should work with only those hits in the last 24-48 hrs.

#!/bin/sh

# alias ips='cat /var/log/httpd/*access_log | cut -f 1 -d \  | sort -n | uniq -c | sort -n'

LOGS="/var/log/httpd/*access_log*"
TODAY=$(date '+%d/%b/%Y')
YESTERDAY=$(date -d "1 day ago" '+%d/%b/%Y')

grep -Eh "$YESTERDAY|$TODAY" $LOGS |  cut -f 1 -d \  | sort -n | uniq -c | sort -n

This worked for me today to find that someone in a country that shant be named sent some crazy “/dns?lookup=10.9.8.7” type hits against me last night. It wasn’t the hits themselves that caused a problem so much as the sheer volume. One iptables block of that /12 and I won’t worry about that one anymore.