Server Load Troubleshooting Commands
Use these commands to analyze traffic spikes, identify abusive IPs, and diagnose server load issues.
Username: USERNAME
Run From: /home/USERNAME
Logs: /home/USERNAME/access-logs/
Commands
Step 0 — Navigate to Home
cd /home/USERNAME
Step 1 — Earliest Log Entry
awk '{print $4}' ./access-logs/* | sed 's/\[//' | sort | head -n 1
Step 2 — Unique IP Count
awk '{print $1}' ./access-logs/* | sort -u | wc -l
Step 3 — Top 25 IPs
awk '{print $1}' ./access-logs/* | sort | uniq -c | sort -nr | head -n 25
Step 4 — Top Pages
awk '{print $7}' ./access-logs/* | sed 's/?[^ ]*//' | sort | uniq -c | sort -nr | head -n 10
Step 5 — Show Earliest Hit
EARLIEST=$(awk '{print $4}' ./access-logs/* | sed 's/\[//' | sort | head -n 1)
grep "$EARLIEST" ./access-logs/*
Step 6 — Check IP Country
geoiplookup IP_ADDRESS
Step 7 — Top User Agents
awk -F\" '{print $6}' ./access-logs/* | sort | uniq -c | sort -nr | head -n 20
Step 8 — Requests Per Hour
awk '{print $4}' ./access-logs/* | cut -d: -f1-3 | sed 's/\[//' | sort | uniq -c | sort -nr | head
Step 9 — External Referers
awk -F\" '{print $4}' ./access-logs/* | grep -v "-" | sort | uniq -c | sort -nr | head -n 20
Step 10 — Successful Requests
awk '$9 ~ /^(200|206)$/' ./access-logs/* | awk '{print $1}' | sort | uniq -c | sort -nr | head
Step 11 — CGI Usage
grep "cgi-bin" ./access-logs/* | awk '{print $1}' | sort | uniq -c | sort -nr | head
Step 12 — Large Responses
awk '{print $10}' ./access-logs/* | sort -nr | head
Common Load Causes
- Image scraping
- Hotlinking
- CGI loops
- Search engine bots
- Foreign crawler networks
- Automated vulnerability scanners