{"id":70,"date":"2014-09-19T04:10:00","date_gmt":"2014-09-19T04:10:00","guid":{"rendered":"http:\/\/onlinelab.info\/2014\/09\/19\/linux-unix-logtop-realtime-log-line-rate-analyser\/"},"modified":"2014-09-19T04:10:00","modified_gmt":"2014-09-19T04:10:00","slug":"linux-unix-logtop-realtime-log-line-rate-analyser","status":"publish","type":"post","link":"https:\/\/www.asianux.org.vn\/index.php\/2014\/09\/19\/linux-unix-logtop-realtime-log-line-rate-analyser\/","title":{"rendered":"Linux \/ Unix logtop: Realtime Log Line Rate Analyser"},"content":{"rendered":"

H<\/span>ow can I analyze line rate taking log file as input on a Linux system? How do I find the IP flooding my Apache\/Nginx\/Lighttpd web-server on a Debian or Ubuntu Linux?<\/span>
<\/span><\/p>\n

\n\n\n\n\n\n\n\n
Tutorial details<\/th>\n<\/th>\n<\/tr>\n
Difficulty<\/td>\nEasy<\/a> (rss<\/a>)<\/td>\n<\/tr>\n
Root privileges<\/td>\nYes<\/a><\/td>\n<\/tr>\n
Requirements<\/td>\nNone<\/td>\n<\/tr>\n
Estimated completion time<\/td>\nN\/A<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n

You need to use a tool called logtop. It is a system administrator tool to analyze line rate taking log file as input. It reads on stdin and print a constantly updated result displaying, in columns in the following format:<\/span><\/p>\n

<\/div>\n
Line number, count, frequency, and the actual line<\/kbd><\/div>\n

How do install logtop on a Debian or Ubuntu based system?<\/h2>\n
Simply typ
\ne the following apt-get command<\/a>:
$ sudo apt-get install logtop<\/code>
Sample outputs:<\/div>\n
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  logtop
0 upgraded, 1 newly installed, 0 to remove and 3 not upgraded.
Need to get 15.7 kB of archives.
After this operation, 81.9 kB of additional disk space will be used.
Get:1 http:\/\/mirrors.service.networklayer.com\/ubuntu\/ precise\/universe logtop amd64 0.3-1 [15.7 kB]
Fetched 15.7 kB in 0s (0 B\/s)
Selecting previously unselected package logtop.
(Reading database ... 114954 files and directories currently installed.)
Unpacking logtop (from ...\/logtop_0.3-1_amd64.deb) ...
Processing triggers for man-db ...
Setting up logtop (0.3-1) ...<\/pre>\n
Syntax<\/h2>\n
The syntax is as follows:<\/div>\n
 
logtop [<\/span>OPTIONS]<\/span> [<\/span>FILE]<\/span>
command<\/span> | logtop
command1 | filter | logtop
command1 | filter | logtop [<\/span>options]<\/span> [<\/span>file<\/span>]<\/span>
 <\/pre>\n
Examples<\/h2>\n
Here are some common examples of logtop.<\/div>\n
Show the IP address flooding your LAMP server<\/h3>\n
Type the following command:<\/div>\n
 
tail<\/span> -f www.cyberciti.biz_access.log | cut<\/span> -d' '<\/span> -f1 | logtop
 <\/pre>\n
Sample outputs:<\/div>\n
\"Fig.01:<\/a><\/p>\n
Fig.01: logtop command in action<\/div>\n<\/div>\n
<\/div>\n
See squid cache HIT and MISS log<\/h3>\n
 
tail<\/span> -f cache.log | grep<\/span> -o \"HIT|<\/span>MISS\"<\/span> | logtop
 <\/pre>\n
To see realtime hit \/ miss ratio on some caching software log file, enter:
tail -f access.log | cut -d' ' -f1 | logtop -s 20000<\/code>
The -s<\/kbd> option set logtop to work with the maximum of K lines instead of 10000.<\/div>\n","protected":false},"excerpt":{"rendered":"
How can I analyze line rate taking log file as input on a Linux system? How do I find the IP flooding my Apache\/Nginx\/Lighttpd web-server on a Debian or Ubuntu Linux? Tutorial details Difficulty Easy (rss)…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-70","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/70","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/comments?post=70"}],"version-history":[{"count":0,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/posts\/70\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/media?parent=70"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/categories?post=70"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.asianux.org.vn\/index.php\/wp-json\/wp\/v2\/tags?post=70"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}