运维日志排查常用shell
来源:互联网 发布:土豆网络蓝色蜘蛛网 编辑:程序博客网 时间:2024/05/14 12:43
转载至:https://github.com/yaseng/pentest/blob/master/note/audit-log.md
http://yaseng.org/audit-log.html
前言
记录一些排查常见日志的命令,方法wiki,欢迎补充(Markdown 语法)。
常用命令
- 查找关键词并统计行数
cat 2015_7_25_test_access.log | grep "sqlmap" | wc -l
- 删除含有匹配字符的行
sed -i '/Indy Library/d' 2015_7_25_test_access.log
- 查找所有日志中的关键词
find ./ -name "*.log" |xargs grep "sqlmap" |wc -l
- 获取特殊行(如id)并且排序统计
cat cszl988.log | awk '{print $1}' | awk -F : '{print $2}' | sort -u | wc -l
- 正则匹配内容(如提取ip)
grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}"
- 去重并统计数量
tail 3.log | awk '{print $7}' | sort | uniq -c
- 批量提取(全流量中)数据包并且过滤数据
#!/bin/bash for file in ` ls $1 ` do parse_pcap -vvb $file | grep -v "Host:" | grep -v "Cookie:" | grep -v "User-Agent:" | grep -v "Accept:" | grep -v "Accept:" | grep -v "Accept-Language:" | grep -v "Accept-Encoding:" | grep -v "Connection:" | grep -v "Content-Type:" | grep -v "Content-Length" | grep -v "Server" done
- url 解码
cat luban.log | grep sqlmap | awk '{print $7}' | xargs python -c 'import sys, urllib; print urllib.unquote(sys.argv[1])'
- 欢迎补充....
示范:xxxx站注入日志排查
- 查看所有sqlmap注入记录条数
[root@pentest temp]# cat luban.log | grep sqlmap | wc -l1241
- 预览几条url
cat luban.log | grep sqlmap | awk '{print $7}' | more/news.php?id=771%28.%28%22%29.%27%29%29%27&fid=168/news.php?id=771%27IddP%3C%27%22%3EvCBw&fid=168/news.php?id=771%29%20AND%201148%3D8887%20AND%20%288975%3D8975&fid=168/news.php?id=771%29%20AND%208790%3D8790%20AND%20%287928%3D7928&fid=168/news.php?id=771%20AND%204294%3D9647&fid=168/news.php?id=771%20AND%208790%3D8790&fid=168/news.php?id=771%27%29%20AND%205983%3D7073%20AND%20%28%27UwRr%27%3D%27UwRr&fid=168/news.php?id=771%27%29%20AND%208790%3D8790%20AND%20%28%27hwaT%27%3D%27hwaT&fid=168/news.php?id=771%27%20AND%206578%3D7565%20AND%20%27EoTZ%27%3D%27EoTZ&fid=168/news.php?id=771%27%20AND%208790%3D8790%20AND%20%27lBdL%27%3D%27lBdL&fid=168/news.php?id=771%25%27%20AND%205177%3D1107%20AND%20%27%25%27%3D%27&fid=168/news.php?id=771%25%27%20AND%208790%3D8790%20AND%20%27%25%27%3D%27&fid=168
- 方便查看 urldecode
cat luban.log | grep sqlmap | awk '{print $7}' | xargs python -c 'import sys, urllib; print urllib.unquote(sys.argv[1])'/news.php?id=771&fid=168/news.php?id=771&fid=168 AND ASCII(SUBSTRING((SELECT DISTINCT(COALESCE(CAST(schemaname AS CHARACTER(10000)),(CHR(32)))) FROM pg_tables OFFSET 1 LIMIT 1)::text FROM 3 FOR 1))>97/news.php?id=771&fid=168 UNION ALL SELECT NULL,(CHR(113)||CHR(122)||CHR(106)||CHR(120)||CHR(113))||(CHR(103)||CHR(75)||CHR(78)||CHR(87)||CHR(76)||CHR(74)||CHR(110)||CHR(115)||CHR(100)||CHR(85))||(CHR(113)||CHR(122)||CHR(120)||CHR(113)||CHR(113)),NULL,NULL,NULL,NULL,NULL,NULL,NULL UNION ALL SELECT NULL,(CHR(113)||CHR(122)||CHR(106)||CHR(120)||CHR(113))||(CHR(113)||CHR(71)||CHR(74)||CHR(82)||CHR(101)||CHR(120)||CHR(69)||CHR(112)||CHR(117)||CHR(79))||(CHR(113)||CHR(122)||CHR(120)||CHR(113)||CH
0 0
- 运维日志排查常用shell
- 常用分析日志shell命令
- 运维常用shell
- 服务器日志排查
- Apache日志分析常用Shell命令
- 常用的shell日志统计脚本
- 常用运维shell命令
- Linux运维排查问题
- Linux运维常用shell脚本实例
- 常用的几个shell脚本_2_查看日志
- MongoDB 常用故障排查工具
- MongoDB 常用故障排查工具
- MongoDB 常用故障排查工具
- 排查问题常用Linux命令
- spring问题排查-调低日志等级
- 排查日志的一些基础命令
- 通过jstack日志分析和问题排查
- nginx 日志分析及性能排查
- iOS开发--UIView中的坐标转换
- [Andriod Monkey测试] Monkey黑/白名单
- IntentService的原理及使用
- 经典算法之——快速排序
- java类的加载顺序
- 运维日志排查常用shell
- 【Educational Codeforces Round 6C】【DP or 贪心】Pearls in a Row n个数分最多区间使得每个区间都有重复数
- Log图文详解(Log.v,Log.d,Log.i,Log.w,Log.e)(转)
- 【POJ 3691】【hdu 2457】DNA repair 中文题意&题解&代码(C++)
- 基于用户协同过滤的推荐系统算法,python 实现
- gitosis 手记
- spring mvc 框架搭建及详解
- 【Educational Codeforces Round 6D】【暴力 SET二分】Professor GukiZ and Two Arrays
- JVM > OutOfMemoryError异常