Difference between revisions of "Details of webserver log analysis"
From MyWiki
(Created page with "The script to create this web page is run from roots cron on backup.gold.ac.uk using the following crontab entry<br> 0,20,40 * * * * /usr/local/bin/security.sh > /var/tmp/cro...") |
|||
| Line 1: | Line 1: | ||
The script to create this web page is run from roots cron on backup.gold.ac.uk using the following crontab entry<br> | The script to create this web page is run from roots cron on backup.gold.ac.uk using the following crontab entry<br> | ||
| − | 0,20,40 * * * * /usr/local/bin/security.sh > /var/tmp/cron_log 2>&1 | + | 0,20,40 * * * * /usr/local/bin/security.sh > /var/tmp/cron_log 2>&1<br> |
| + | The contents of the script are shown below:<br> | ||
| + | |||
| + | |||
| + | <HTML> | ||
| + | <BODY bgcolor="#E6E6FA" > | ||
| + | |||
| + | <h1 style="text-align:center;margin-left:auto;margin-right:auto;"><span | ||
| + | style="color:#ff0000"><span style="background-color:#00ff00"><span | ||
| + | style="color:#000000;background-color:#808000"><span | ||
| + | style="background-color:#dfdf00">Gold Webservers log file analysis. Updated | ||
| + | every 20 minutes</span></span></span></span></h1> | ||
| + | |||
| + | |||
| + | <TABLE> | ||
| + | <TR><TH COLSPAN="2" BGCOLOR="#AAAAAA" > The top users of www.gold.ac.uk as taken from the last 2000 enries of the access_log files on both webservers | ||
| + | </TH></TR> | ||
| + | <TR><TD> | ||
| + | |||
| + | <table border="2" cellpadding="2" BGCOLOR="#BBBBBB" > | ||
| + | <TR> | ||
| + | <TD colspan="3"> Jupiter between `head -1 /var/tmp/jupiter_tail.log | gawk '{ print $4}'|sed -e 's/^\[//' ` and `tail -1 /var/tmp/jupiter_tail.log | gawk '{ print $4}' |sed -e 's/^\[//' ` </TD> | ||
| + | </TR> | ||
| + | <TR> | ||
| + | <TH>Recent hits</TH><TH> IP Address</TH><TH> DNS Entry if available</TH> | ||
| + | </TR> | ||
| + | END | ||
| + | while read INP | ||
| + | do | ||
| + | echo $INP | gawk '{ print "<TR><TD>",$1,"</TD><TD>",$2,"</TD><TD>",$3,"</TD></TR>" }' >> /var/tmp/secure.html | ||
| + | |||
| + | done < /var/tmp/jupiter_all | ||
| + | echo "</TABLE>" >> /var/tmp/secure.html | ||
| + | |||
| + | |||
| + | cat <<END >>/var/tmp/secure.html | ||
| + | |||
| + | </TD><TD> | ||
| + | |||
| + | <table border="2" cellpadding="2" BGCOLOR="#BBBBBB" > | ||
| + | <TR> | ||
| + | <TD colspan="3"> Uranus between `head -1 /var/tmp/uranus_tail.log | gawk '{ print $4}'|sed -e 's/^\[//' ` and `tail -1 /var/tmp/uranus_tail.log | gawk '{ print $4}' |sed -e 's/^\[//' ` </TD> | ||
| + | </TR> | ||
| + | <TR> | ||
| + | <TH>Recent hits</TH><TH> IP Address</TH><TH> DNS Entry if available</TH> | ||
| + | </TR> | ||
| + | END | ||
| + | while read INP | ||
| + | do | ||
| + | echo $INP | gawk '{ print "<TR><TD>",$1,"</TD><TD>",$2,"</TD><TD>",$3,"</TD></TR>" }' >> /var/tmp/secure.html | ||
| + | |||
| + | done < /var/tmp/uranus_all | ||
| + | echo "</TABLE>" >> /var/tmp/secure.html | ||
| + | |||
| + | echo "</TD></TR>" >> /var/tmp/secure.html | ||
| + | |||
| + | |||
| + | echo "</BODY>" >> /var/tmp/secure.html | ||
| + | echo "</HTML>" >> /var/tmp/secure.html | ||
| + | |||
| + | mv /var/tmp/secure.html /var/www/html/webteam | ||
| + | echo `date` | ||
Revision as of 09:33, 21 May 2014
The script to create this web page is run from roots cron on backup.gold.ac.uk using the following crontab entry
0,20,40 * * * * /usr/local/bin/security.sh > /var/tmp/cron_log 2>&1
The contents of the script are shown below:
<HTML> <BODY bgcolor="#E6E6FA" >
Gold Webservers log file analysis. Updated every 20 minutes
| The top users of www.gold.ac.uk as taken from the last 2000 enries of the access_log files on both webservers | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
cat <<END >>/var/tmp/secure.html |
| ||||||||||||||||||
