Hi,
How to make lsof run at terminal on every 2 second? I want to monitor traffic on port on which user. We have so many domain under /home. If want to check in access log it will take time. Please advice.
Thanks.
lsof, Loop
lsof, Loop
|
May 16 2018, 09:51 AM, updated 6y ago
Show posts by this member only | Post
#1
|
Senior Member
1,349 posts Joined: Jun 2007 From: /puchong/cyberjaya/klang |
Hi,
How to make lsof run at terminal on every 2 second? I want to monitor traffic on port on which user. We have so many domain under /home. If want to check in access log it will take time. Please advice. Thanks. |
|
|
|
May 16 2018, 09:58 AM
Show posts by this member only | Post
#2
|
Senior Member
1,206 posts Joined: Dec 2007 From: Kuala Lumpur |
Use inotify instead of lsof.
|
|
May 16 2018, 03:33 PM
Show posts by this member only | Post
#3
|
Senior Member
898 posts Joined: Dec 2009 From: The Internet |
|
|
May 16 2018, 03:35 PM
Show posts by this member only | Post
#4
|
Senior Member
1,349 posts Joined: Jun 2007 From: /puchong/cyberjaya/klang |
I want to monitor ip and port 80 real time.
|
|
May 16 2018, 03:45 PM
Show posts by this member only | Post
#5
|
Senior Member
1,206 posts Joined: Dec 2007 From: Kuala Lumpur |
|
|
May 16 2018, 03:55 PM
Show posts by this member only | Post
#6
|
Senior Member
1,349 posts Joined: Jun 2007 From: /puchong/cyberjaya/klang |
QUOTE(WongGei @ May 16 2018, 03:45 PM) Can iptraf show as below?CODE litespeed 1434232 nobody 76u IPv4 14815242 0t0 TCP mozart.domain.org:http->113.210.238.60:43286 (ESTABLISHED) litespeed 1434232 nobody 86u IPv4 14797660 0t0 TCP mozart.domain.org:http->113.210.238.60:41616 (ESTABLISHED) litespeed 1434232 nobody 113u IPv4 14811063 0t0 TCP mozart.domain.org:http->113.210.238.60:ora-lm (ESTABLISHED) litespeed 1434232 nobody 129u IPv4 14797655 0t0 TCP mozart.domain.org:http->113.210.238.60:43401 (ESTABLISHED) litespeed 1434232 nobody 131u IPv4 14797657 0t0 TCP mozart.domain.org:http->113.210.238.60:50798 (ESTABLISHED) |
|
May 16 2018, 04:01 PM
Show posts by this member only | Post
#7
|
All Stars
10,423 posts Joined: Jan 2003 |
use watch command.
eg: watch -n 2 lsof -n = interval for refresh. |
|
May 16 2018, 04:22 PM
Show posts by this member only | Post
#8
|
Senior Member
1,349 posts Joined: Jun 2007 From: /puchong/cyberjaya/klang |
|
|
|
|
May 16 2018, 04:31 PM
Show posts by this member only | Post
#9
|
Senior Member
1,349 posts Joined: Jun 2007 From: /puchong/cyberjaya/klang |
Is it possible from lsof, we can detect which domain have high traffic from public? Under /home we have so many user with multiple domain.
|
|
May 16 2018, 04:39 PM
|
Senior Member
1,206 posts Joined: Dec 2007 From: Kuala Lumpur |
QUOTE(UbuntuClient @ May 16 2018, 03:55 PM) Can iptraf show as below? http://iptraf.seul.org/shots/iptraf-iptm1.gifCODE litespeed 1434232 nobody 76u IPv4 14815242 0t0 TCP mozart.domain.org:http->113.210.238.60:43286 (ESTABLISHED) litespeed 1434232 nobody 86u IPv4 14797660 0t0 TCP mozart.domain.org:http->113.210.238.60:41616 (ESTABLISHED) litespeed 1434232 nobody 113u IPv4 14811063 0t0 TCP mozart.domain.org:http->113.210.238.60:ora-lm (ESTABLISHED) litespeed 1434232 nobody 129u IPv4 14797655 0t0 TCP mozart.domain.org:http->113.210.238.60:43401 (ESTABLISHED) litespeed 1434232 nobody 131u IPv4 14797657 0t0 TCP mozart.domain.org:http->113.210.238.60:50798 (ESTABLISHED) |
|
May 16 2018, 05:11 PM
|
Senior Member
1,349 posts Joined: Jun 2007 From: /puchong/cyberjaya/klang |
QUOTE(WongGei @ May 16 2018, 04:39 PM) How to filter port 80 using iptraf? |
|
May 16 2018, 05:43 PM
|
Senior Member
1,206 posts Joined: Dec 2007 From: Kuala Lumpur |
|
|
May 16 2018, 05:44 PM
|
Senior Member
1,206 posts Joined: Dec 2007 From: Kuala Lumpur |
QUOTE(UbuntuClient @ May 16 2018, 05:11 PM) http://iptraf.seul.org/shots/iptraf-tcpfltmenu.gifhttp://iptraf.seul.org/2.7/filters.html |
|
Jul 2 2018, 12:48 PM
|
VIP
6,008 posts Joined: Jan 2003 |
Because all the webserver traffic is going to originate from the "nobody" user, reading access logs is probably your best bet. It takes all of 10-20 minutes to write a log parser that looks up the user of the domain.
This post has been edited by wKkaY: Jul 2 2018, 12:50 PM |
Change to: | 0.0125sec
1.10
5 queries
GZIP Disabled
Time is now: 29th March 2024 - 03:14 PM |