Welcome Guest ( Log In | Register )

Bump TopicReply to this topicRSS feed Start new topic Start Poll

Outline · [ Standard ] · Linear+

> lsof, Loop

UbuntuClient
post May 16 2018, 09:51 AM, updated 7 months ago

Regular
******
Group: Senior Member
Posts: 1,214

Joined: Jun 2007
From: /kajang/putrajaya/cyberjaya/puchong



Hi,

How to make lsof run at terminal on every 2 second? I want to monitor traffic on port on which user. We have so many domain under /home. If want to check in access log it will take time. Please advice.

Thanks.
WongGei
post May 16 2018, 09:58 AM

Enthusiast
*****
Group: Senior Member
Posts: 825

Joined: Dec 2007
From: Kuala Lumpur
Use inotify instead of lsof.
petirbuas
post May 16 2018, 03:33 PM

( 。◕ ‿‿ ◕。)
*****
Group: Senior Member
Posts: 839

Joined: Dec 2009
From: The Internet



QUOTE(WongGei @ May 16 2018, 09:58 AM)
Use inotify instead of lsof.
*
inotify only for file and directory, no?
UbuntuClient
post May 16 2018, 03:35 PM

Regular
******
Group: Senior Member
Posts: 1,214

Joined: Jun 2007
From: /kajang/putrajaya/cyberjaya/puchong



I want to monitor ip and port 80 real time.
WongGei
post May 16 2018, 03:45 PM

Enthusiast
*****
Group: Senior Member
Posts: 825

Joined: Dec 2007
From: Kuala Lumpur
QUOTE(UbuntuClient @ May 16 2018, 03:35 PM)
I want to monitor ip and port 80 real time.
*
iptraf?
UbuntuClient
post May 16 2018, 03:55 PM

Regular
******
Group: Senior Member
Posts: 1,214

Joined: Jun 2007
From: /kajang/putrajaya/cyberjaya/puchong



QUOTE(WongGei @ May 16 2018, 03:45 PM)
iptraf?
*
Can iptraf show as below?
CODE
litespeed 1434232 nobody   76u  IPv4 14815242      0t0  TCP mozart.domain.org:http->113.210.238.60:43286 (ESTABLISHED)
litespeed 1434232 nobody   86u  IPv4 14797660      0t0  TCP mozart.domain.org:http->113.210.238.60:41616 (ESTABLISHED)
litespeed 1434232 nobody  113u  IPv4 14811063      0t0  TCP mozart.domain.org:http->113.210.238.60:ora-lm (ESTABLISHED)
litespeed 1434232 nobody  129u  IPv4 14797655      0t0  TCP mozart.domain.org:http->113.210.238.60:43401 (ESTABLISHED)
litespeed 1434232 nobody  131u  IPv4 14797657      0t0  TCP mozart.domain.org:http->113.210.238.60:50798 (ESTABLISHED)

abubin
post May 16 2018, 04:01 PM

Look at all my stars!!
*******
Group: Senior Member
Posts: 8,333

Joined: Jan 2003



use watch command.

eg: watch -n 2 lsof

-n = interval for refresh.
UbuntuClient
post May 16 2018, 04:22 PM

Regular
******
Group: Senior Member
Posts: 1,214

Joined: Jun 2007
From: /kajang/putrajaya/cyberjaya/puchong



QUOTE(abubin @ May 16 2018, 04:01 PM)
use watch command.

eg: watch -n 2 lsof

-n = interval for refresh.
*
Thanks, this really helpful.
UbuntuClient
post May 16 2018, 04:31 PM

Regular
******
Group: Senior Member
Posts: 1,214

Joined: Jun 2007
From: /kajang/putrajaya/cyberjaya/puchong



Is it possible from lsof, we can detect which domain have high traffic from public? Under /home we have so many user with multiple domain.
WongGei
post May 16 2018, 04:39 PM

Enthusiast
*****
Group: Senior Member
Posts: 825

Joined: Dec 2007
From: Kuala Lumpur
QUOTE(UbuntuClient @ May 16 2018, 03:55 PM)
Can iptraf show as below?
CODE
litespeed 1434232 nobody   76u  IPv4 14815242      0t0  TCP mozart.domain.org:http->113.210.238.60:43286 (ESTABLISHED)
litespeed 1434232 nobody   86u  IPv4 14797660      0t0  TCP mozart.domain.org:http->113.210.238.60:41616 (ESTABLISHED)
litespeed 1434232 nobody  113u  IPv4 14811063      0t0  TCP mozart.domain.org:http->113.210.238.60:ora-lm (ESTABLISHED)
litespeed 1434232 nobody  129u  IPv4 14797655      0t0  TCP mozart.domain.org:http->113.210.238.60:43401 (ESTABLISHED)
litespeed 1434232 nobody  131u  IPv4 14797657      0t0  TCP mozart.domain.org:http->113.210.238.60:50798 (ESTABLISHED)

*
http://iptraf.seul.org/shots/iptraf-iptm1.gif
UbuntuClient
post May 16 2018, 05:11 PM

Regular
******
Group: Senior Member
Posts: 1,214

Joined: Jun 2007
From: /kajang/putrajaya/cyberjaya/puchong



QUOTE(WongGei @ May 16 2018, 04:39 PM)
How to filter port 80 using iptraf?
WongGei
post May 16 2018, 05:43 PM

Enthusiast
*****
Group: Senior Member
Posts: 825

Joined: Dec 2007
From: Kuala Lumpur
QUOTE(UbuntuClient @ May 16 2018, 05:11 PM)
How to filter port 80 using iptraf?
*
http://iptraf.seul.org/shots/iptraf-tcpfltmenu.gif
WongGei
post May 16 2018, 05:44 PM

Enthusiast
*****
Group: Senior Member
Posts: 825

Joined: Dec 2007
From: Kuala Lumpur
QUOTE(UbuntuClient @ May 16 2018, 05:11 PM)
How to filter port 80 using iptraf?
*
http://iptraf.seul.org/shots/iptraf-tcpfltmenu.gif

http://iptraf.seul.org/2.7/filters.html
wKkaY
post Jul 2 2018, 12:48 PM

misutā supākoru
Group Icon
Group: VIP
Posts: 5,891

Joined: Jan 2003
Because all the webserver traffic is going to originate from the "nobody" user, reading access logs is probably your best bet. It takes all of 10-20 minutes to write a log parser that looks up the user of the domain.

This post has been edited by wKkaY: Jul 2 2018, 12:50 PM

Bump TopicReply to this topicTopic OptionsStart new topic
 

Switch to:
| Lo-Fi Version
0.0348sec    2.68    5 queries    GZIP Disabled
Time is now: 18th November 2018 - 01:34 PM