FastNetMon

вторник, 13 апреля 2010 г.

Поиск аномальных записей в логах ошибок Nginx и Apache

В логах ошибок Апача и Нгинкса тонны записей, но полезных среди них очень мало и они почти теряются на фоне ошибок "No such directory" и прочих, что делает просмотр логов очень неудобным и допускающим пропуск важных записей. Чтобы просматривать логи в удобном виде, необходимо отфильтровать лишние записи каким-либо образом, например грепом. Все примеры ниже будут для Debian.

Nginx:

cat /var/log/nginx/error.log | grep -v '2: No such file or directory' | grep -v 'failed (20: Not a directory' | grep -v ' access forbidden by rule' | egrep -v 'conflicting server name.*ignored' | grep -v 'Connection refused' | grep -v 'upstream timed out' | grep -v 'Connection reset by peer' | grep -v 'upstream prematurely closed connection while reading response header'



Apache:

cat /var/log/apache2/error.log /var/log/httpd/error_log | grep -v '\[notice\] mod_fcgid: call' | grep -v 'Init: SSL server IP/port conflict' | grep -v 'RSA server certificate wildcard' | grep -v 'suEXEC mechanism enabled' | grep -v 'Init: You should not use name-based virtual hosts in conjunction with SSL' | grep -v 'mod_ssl/2.2.9 OpenSSL/0.9.8g configured -- resuming normal operations' | grep -v 'File does not exist' | grep -v 'RSA server certificate is a CA certificate' | grep -v 'RSA server certificate CommonName ' | grep -v 'Graceful restart requested, doing restart' | grep -v 'caught SIGTERM, shutting down' | grep -v 'Digest: done' | grep -v 'Digest: generating secret for digest authentication' | grep -v 'configured -- resuming normal operations' | grep -v 'Could not reliably determine the server' | egrep -v 'DocumentRoot.*does not exist' | egrep -v 'mod_fcgid: process.*terminated by calling exit\(\), return code: 0' | grep -v 'No such file or directory: Timeout connecting daemon' | grep -v 'process.*going graceful shutdown, sending SIGTERM' | grep -v 'process.*graceful shutdown timeouted, sending SIGKILL' | grep -v 'mod_fcgid: cleanup zombie process' | grep -v 'mod_fcgid: too much' | grep -v 'process.*exit(communication error)' | grep -v 'process.*exit(shutting down)' | grep -v 'Premature end of script headers: ispmgr' | egrep -v 'script.*not found or unable to stat' | grep -v 'client denied by server configuration' | grep -v 'mod_fcgid: process.*exit(lifetime expired)' | grep -v 'mod_fcgid: process.*exit(idle timeout)' | grep -v 'mod_fcgid: process.*exit(busy timeout)'


ISPManager:
cat /usr/local/ispmgr/var/ispmgr.log | grep Error -i | grep -v 'error.log' | grep -v 'location_error' | grep -v 'fdata='



Поиск аномалий по клиентским логам:
for i in `find /var/www/*/data/logs | grep 'error.log'`; do file $i | grep -q 'gzip compressed data'; if [ $? -eq 0 ]; then zcat $i ; else cat $i; fi ; done | grep -v 'File does not exist' | grep -v 'client denied by server configuration' | grep -v 'script not found or unable to stat' | grep -v 'not found or unable to stat' | grep -v 'No such file or directory: Timeout connecting daemon' | grep -v 'File name too long' | grep -v 'Directory index forbidden by Options directive' | grep -v 'attempt to invoke directory as script' | grep -v 'mod_fcgid: server is restarted' | grep -v 'Permission denied: file permissions deny server access' | egrep -v 'script.*not found or unable to stat' | grep -v "Permission denied: Can't open directory for index" | grep -v 'stderr: WordPress database error' | grep -v 'mod_fcgid: read data timeout in 40 seconds' | grep -v 'Premature end of script headers' | grep -v 'Request exceeded the limit of 10 internal redirects'

4 комментария :