-
Notifications
You must be signed in to change notification settings - Fork 0
/
monit-diagnose.sh
executable file
·264 lines (228 loc) · 7.01 KB
/
monit-diagnose.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
#!/usr/bin/env bash
# name linux monit-state.sh
# Author: jackliu (Jianqiu Liu)
# Site: https://github.com/ljq
# Blog: defense.ink
# Email: [email protected]
# Date: 2022-01-29
# Version: 1.0.0
# script version
CLI_VERSION="1.0.0"
# Terminal color
CYAN_COLOR="\033[36m"
YELLOW_COLOR="\033[43;37m"
RED_COLOR="\033[31m"
CYAN_BG_COLOR="\033[47;46m"
RES="\033[0m"
# Help info
HELP_INFO=$(
cat <<EOF
[helptext]
-h|help : Show help info.
-g|-gui|gui : Default GUI(if OS is supported.) mode.
EOF
)
#---------------- cli module -------------------
# nginx log path
nginx_log_file="/var/log/nginx/access.log"
select_cmd_list=("os" "nginx")
sub_os_list=(
"对连接的IP按连接数量进行排序"
"查看TCP连接状态"
"查看80端口连接数最多的【N】个IP"
"查找较多time_wait连接"
"查找较多的SYN连接"
"查看当前并发访问数"
"查看所有连接请求"
"查看访问某一ip的所有外部连接IP(数量从多到少)"
"根据端口查找进程"
"查看443端口连接数最多的【N】个IP"
)
sub_nginx_list=(
"查看访问记录,从1000行开始到3000"
"查看访问记录,从1000行开始,显示200行"
"根据访问IP统计UV"
"统计访问URL统计PV"
"查询访问最频繁的URL"
"查询访问最频繁的IP"
"通过日志查看含有send的url,统计ip地址的总连接数"
"通过日志查看当天指定ip访问次数过的url和访问次数"
)
function mainmenu() {
PS3='请选择服务: '
options=($@)
select opt in "${options[@]}"; do
echo -e "${CYAN_BG_COLOR}\n"
submenu_${opt} ${sub_os_list[@]}
echo -e "${RES}"
break
done
}
function submenu_os() {
PS3='请选择要执行的OS任务: '
options=($@)
select opt in "${options[@]}"; do
num=${REPLY}
if [ $num -gt ${#options[@]} -o $num -lt 0 ]; then
echo -e "${YELLOW_COLOR}[Warning]非法输入${RES}"
exit 0
else
echo -e "${CYAN_COLOR}${opt}${RES}\n"
cmd_os ${num}
break
fi
done
}
function submenu_nginx() {
PS3='请选择要执行的Nginx任务: '
options=($@)
select opt in "${options[@]}"; do
num=${REPLY}
if [ $num -gt ${#options[@]} -o $num -lt 0 ]; then
echo -e "${YELLOW_COLOR}[Warning]非法输入${RES}"
exit 0
else
echo -e "${CYAN_COLOR}${opt}${RES}\n"
cmd_nginx ${num}
break
fi
done
}
#---------------- cli cmds -------------------
function cmd_os() {
num=$1
case ${num} in
1)
# 对连接的IP按连接数量进行排序:
netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
;;
2)
# 查看TCP连接状态:
netstat -nat | awk '{print $6}' | sort | uniq -c | sort -rn
;;
3)
#查看80端口连接数最多的【N】个IP
echo "请输入80端口查询的IP数量:"
read IP_NUM
if [ -z $IP_NUM ]; then
echo -e "${YELLOW_COLOR}[Warning]IP数量输入有误${RES}"
fi
netstat -anlp tcp | grep 80 | grep tcp | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | head -n ${IP_NUM}
;;
4)
#查找较多time_wait连接
netstat -n | grep TIME_WAIT | awk '{print $5}' | sort | uniq -c | sort -rn | head -n 20
;;
5)
#查找较多的SYN连接:
netstat -an | grep SYN | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | more
;;
6)
#查看当前并发访问数:
netstat -an | grep ESTABLISHED | wc -l
;;
7)
#查看所有连接请求
netstat -tn 2>/dev/null
;;
8)
#查看访问某一ip的所有外部连接IP(数量从多到少)
echo "请输入查询的IP地址:"
read IP
if [ -z $IP ]; then
echo -e "${YELLOW_COLOR}[Warning]输入有误${RES}"
fi
netstat -nt | grep ${IP} | awk '{print $5}' | awk -F: '{print ($1>$4?$1:$4)}' | sort | uniq -c | sort -nr | head
;;
9)
#根据端口查找进程:
echo "请输入查询的端口号(Port):"
read PORT
if [ -z $PROT ]; then
echo -e "${YELLOW_COLOR}[Warning]端口号输入有误${RES}"
fi
netstat -ntlp tcp | grep ${PORT} | awk '{print $7}' | cut -d/ -f1
;;
10)
#查看443端口连接数最多的【N】个IP
echo "请输入443端口查询的IP数量:"
read IP_NUM
if [ -z $IP_NUM ]; then
echo -e "${YELLOW_COLOR}[Warning]IP数量输入有误${RES}"
fi
netstat -anlp tcp | grep 443 | grep tcp | awk '{print $5}' | awk -F: '{print $1}' | sort | uniq -c | sort -nr | head -n ${IP_NUM}
;;
esac
}
function cmd_nginx() {
num=$1
if [ ! -f ${nginx_log_file} -o ! -s ${nginx_log_file} ]; then
echo "日志文件不存在或日志内容为空"
exit
fi
case $num in
1)
#查看访问记录,从1000行开始到3000:
cat ${nginx_log_file} | head -n 3000 | tail -n 1000
;;
2)
#查看访问记录,从1000行开始,显示200行:
cat ${nginx_log_file} | tail -n +1000 | head -n 200
;;
3)
#根据访问IP统计UV:
awk '{print $1}' ${nginx_log_file} | sort | uniq -c | wc -l
;;
4)
#统计访问URL统计PV:
awk '{print $7}' ${nginx_log_file} | wc -l
;;
5)
#查询访问最频繁的URL:
awk '{print $7}' ${nginx_log_file} | sort | uniq -c | sort -n -k 1 -r | more
;;
6)
#查询访问最频繁的IP:
awk '{print $1}' ${nginx_log_file} | sort | uniq -c | sort -n -k 1 -r | more
;;
7)
#通过日志查看含有send的url,统计ip地址的总连接数:
cat ${nginx_log_file} | grep "send" | awk '{print $1}' | sort | uniq -c | sort -nr
;;
8)
#通过日志查看当天指定ip访问次数过的url和访问次数:
echo "请输入当天查询的目标IP地址:"
read IP
if [ -z $IP ]; then
echo -e "${YELLOW_COLOR}[Warning]输入有误${RES}"
fi
cat ${nginx_log_file} | grep ${IP} | awk '{print $7}' | sort | uniq -c | sort -nr
;;
esac
}
# help
case $1 in
"-v" | "-V" | "--version")
echo -e "cli script version:${CLI_VERSION}."
exit
;;
"-h" | "-help" | "--help")
echo -e "${HELP_INFO}"
exit
;;
"-g" | "-gui" | "gui")
echo -e "Coming soon."
exit
;;
esac
# ---------------------- Task Process -------------------------
# command check
cmds=("netstat" "awk" "cat" "whiptail" "nginx")
for cmd in "${cmds[@]}"; do
type ${cmd} >/dev/null 2>&1 || {
echo >&2 -e "${YELLOW_COLOR}[Warning] ${cmd} is not found. Please install it and try again.${RES}\n"
exit 1
}
done
mainmenu ${select_cmd_list[@]}
# ---------------------- task exec -------------------------