通过分析日志均匀程度，分析定位事件时间

cat /var/log/syslog|awk '{print $1,$2,$3}'|egrep -o "([[:alnum:]]{1,4} [[:digit:]]{1,2} [[:digit:]]{2})"|uniq -c

cat /var/log/syslog|grep "Dec 4（日期）"|awk '{print $3}'|egrep -o "^([[:digit:]]{2})"|uniq -c

cat /var/log/auth.log|awk '{print $1,$2,$3}'|egrep -o "([[:alnum:]]{1,4} [[:digit:]]{1,2})"|uniq -c

cat /var/log/auth.log|grep "Dec 1（日期）"|awk '{print $3}'|egrep -o "^([[:digit:]]{2})"|uniq -c


通过分析日志均匀程度，分析定位事件时间(exclude the ftp)

cat /var/log/syslog|egrep -v pure-ftpd|awk '{print $1,$2,$3}'|egrep -o "([[:alnum:]]{1,4} [[:digit:]]{1,2} [[:digit:]]{2})"|uniq -c

cat /var/log/syslog|grep "Nov 29（日期）"| egrep -v ftp | awk '{print $3}'|egrep -o "^([[:digit:]]{2})"|uniq -c

 

auth.log日志ip分析

cat /var/log/auth.log|grep "Jan 21（日期）"|egrep -o "([[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3})"|sort|uniq -c


auth.log日志ip和帐号名分析

cat /var/log/auth.log|egrep -o "([[:alnum:]]+ from [[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3})"|sort|uniq -c


查看ftp链接状态和链接数问题：

netstat -natup |grep "ftp"| awk '/^tcp/ {++S[$6]} END {for(a in S) print a, S[a]}'

netstat -natup |grep ":21 "| awk '/^tcp/ {++S[$6]} END {for(a in S) print a, S[a]}'

 

CPU:

ps -aux|awk 'BEGIN{ sum=0} {sum=sum+$3} END{print sum}'


MEM:
ps -aux|awk 'BEGIN{ sum=0} {sum=sum+$4} END{print sum}'


all:
ps -aux|awk '{if($3>0) print} '


CPU(排除migration进程）:
ps -aux|egrep -v migration|awk 'BEGIN{ sum=0} {sum=sum+$3} END{print sum}'


all(排除migration进程）:

ps -aux|egrep -v migration|awk '{if($3>0) print} '

ps -aux|egrep -v migration|awk '{if($3>0 || $4>0) print} '