Skip to content

Analog的安装与配置,分析汇总多域名web日志

Analog是一款基于C语言功能强大的开源的网站访问日志分析软件,支持多语言(含中文),可以运行在linux,windows下,支持apache、ngix、iis等主流WEB日志.速度飞快,10分钟内可以处理2千万条日志,数据统计以PV为主,相比AwstatsWebalizer 的报告页面简单了点,更漂亮的图表可用Report Magic 2.21.

目前最新版为analog-6.0,作者自19-Dec-04后就没更新过.演示地址
安装很简单,到:http://www.analog.cx/download.html 下载相应的版本,这里以源码版为例:将下载回来的源码包解压到安装目录,再进入该目录执行make命令即可.


wget http://www.analog.cx/analog-6.0.tar.gz
tar zxvf analog-6.0.tar.gz
cp -ar analog-6.0 /usr/local/
cd /usr/local/analog-6.0
make
ln -s analog-6.0 analog
mkdir /opt/htdocs/www/analog
chown www:website /opt/htdocs/www/analog
cp images /opt/htdocs/www/analog/
mkdir conf
cp analog.cfg conf/c1g.cfg

配置

vi conf/c1g.cfg

#定义为中文
LANGUAGE SIMP-CHINESE
#nginx日志格式
LOGFORMAT (%s – %j [%d/%M/%Y:%h:%n:%j %j] “%j %r %j” %c %b “%f” “%B”\n)
#日志文件
LOGFILE /opt/log/Y.%M/*/*c1gstudio.com.log.gz
#输出文件
OUTFILE /opt/htdocs/www/analog/c1gstudiolY.%M/index.html
#主机名
HOSTNAME “c1gstudio.com”
#主机URL
HOSTURL http://www.c1gstudio.com/
#web图片目录
IMAGEDIR ../images/
#只列出访问最高的200个页面URL
REQFLOOR 1000p
#forum.php文件算一个文件
FILEALIAS /forum.php* /forum.php
#统计子目录
SUBDIR */*

LOGFORMAT 说明


%S
host (the client hostname, or address of the computer making the request)
%s
numerical IP address of client (if recorded in a separate field; used when %S is empty)
%r
file requested
%q
query string (part of filename after ?, if recorded in a separate field)
%B
browser
%A
browser with +’s instead of spaces
%f
referrer
%u
user (tip: a cookie or session id can usefully be defined as %u too)
%v
virtual host (the server hostname, also called the virtual domain)
%d
day of the month
%m
month in digits
%M
month, three letter English abbreviation
%y
year, last two digits
%Y
year, four digits
%Z
year, two or four digits (less efficient)
%h
hour of the day
%n
minute of the hour
%a
a or A for am, or p or P for pm, if %h is in the 12-hour clock. (So to match “am” you need %am and to match “AM” you need %aM)
%U
“Unix time” (seconds since beginning of 1970, GMT). If it includes decimals, use %U.%j
%b
number of bytes transferred
%t
processing time in seconds
%T
processing time in milliseconds
%D
processing time in microseconds
%c
HTTP status code
%C
code words used instead of HTTP status code in some servers — only used internally
%j
junk: ignore this field (field can be empty too)
%w
white space: spaces or tabs
%W
optional white space
%%
% sign
\n
new line
\t
tab stop
\\
single backslash

我的nginx日志格式

‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” $http_x_forwarded_for’;


183.62.5.13 – – [06/Aug/2014:17:16:44 +0800] “GET /aboutc1g.html HTTP/1.1” 200 6642 “http://www.c1gstudio.com/web/hello.html” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36” 183.62.5.13

我这多了个$http_x_forwarded_for’,后面也要加个%j表示丢弃,它不会处理”-”

LOGFORMAT (%s – %j [%d/%M/%Y:%h:%n:%j %j] “%j %r %j” %c %b “%f” “%B” %j\n)

更多参考

LOGFILE 和OUTFILE说明

LOGFILE new1.log,old*.log
LOGFILE /opt/log/%Y.%M/%D/*.c1gstudio.com.log.gz
支持通配符,日期变量及gz压缩,OUTFILE不会自动创建目录

%D date of month
%m month name, in English
%M month number
%y two-digit year
%Y four-digit year
%H hour
%n minute
%w day of week, in English

但是日期不支持运算有点麻烦,需要外部用shell来解决了
更多参考
==================================
2014-8-26更新

The arguments to LOGFILE and CACHEFILE commands are checked for containing only certain allowed characters (specifically, letters, digits, /\.:_*? space, and – between two {letter, digit, underscore}’s). This is because they could match an UNCOMPRESS command and thus be passed to the shell when the uncompress command is popen()’ed.

可以将一个月份分成3部分来减轻压力
LOGFILE /opt/log/%Y.%M/[2-3]?/*.c1gstudio.com.log.gz
Analog运行时会将日志读到内存中,想要运行快最好准备比日志大的内存,CACHEOUTFILE和CACHEFILE会占用大量空间,感觉没什么用.
==================================

配置文件内统计开关变量


MONTHLY ON # one line for each month
WEEKLY ON # one line for each week
DAILYREP ON # one line for each day
DAILYSUM ON # one line for each day of the week
HOURLYREP ON # one line for each hour of the day
GENERAL ON # the General Summary at the top
REQUEST ON # which files were requested
FAILURE ON # which files were not found
DIRECTORY ON # Directory Report
HOST ON # which computers requested files
ORGANISATION ON # which organisations they were from
DOMAIN ON # which countries they were in
REFERRER ON # where people followed links from
FAILREF ON # where people followed broken links from
SEARCHQUERY ON # the phrases and words they used…
SEARCHWORD ON # …to find you from search engines
BROWSERSUM ON # which browser types people were using
OSREP ON # and which operating systems
FILETYPE ON # types of file requested
SIZE ON # sizes of files requested
STATUS ON # number of each type of success and failure

命令行参数


x GENERAL General Summary
1 YEARLY Yearly Report
Q QUARTERLY Quarterly Report
m MONTHLY Monthly Report
W WEEKLY Weekly Report
D DAILYREP Daily Report
d DAILYSUM Daily Summary
H HOURLYREP Hourly Report
h HOURLYSUM Hourly Summary
w WEEKHOUR Hour of the Week Summary
4 QUARTERREP Quarter-Hour Report
6 QUARTERSUM Quarter-Hour Summary
5 FIVEREP Five-Minute Report
7 FIVESUM Five-Minute Summary
S HOST Host Report
l REDIRHOST Host Redirection Report
L FAILHOST Host Failure Report
Z ORGANISATION Organisation Report
o DOMAIN Domain Report
r REQUEST Request Report
i DIRECTORY Directory Report
t FILETYPE File Type Report
z SIZE File Size Report
P PROCTIME Processing Time Report
E REDIR Redirection Report
I FAILURE Failure Report
f REFERRER Referrer Report
s REFSITE Referring Site Report
N SEARCHQUERY Search Query Report
n SEARCHWORD Search Word Report
Y INTSEARCHQUERY Internal Search Query Report
y INTSEARCHWORD Internal Search Word Report
k REDIRREF Redirected Referrer Report
K FAILREF Failed Referrer Report
B BROWSERREP Browser Report
b BROWSERSUM Browser Summary
p OSREP Operating System Report
v VHOST Virtual Host Report
R REDIRVHOST Virtual Host Redirection Report
M FAILVHOST Virtual Host Failure Report
u USER User Report
j REDIRUSER User Redirection Report
J FAILUSER User Failure Report
c STATUS Status Code Report

#+a可以带上全部统计
更多参考

#输出当前配置
analog -settings > file

#使用命令行配置LOGFILE和OUTFILE
./analog +O/opt/htdocs/www/analog/c1gstudio2014.html /opt/log/2014.08/02/*.c1gstudio.com.log.gz
我使用时一直会报日志格式错误,无法出报告

#我使用的参数
/usr/local/analog -G +g/usr/local/analog/conf/c1g.cfg +b +s +S -n -o -Z -r
+b 浏览器概要报告
-n 检索字报告
+s 来源网站报告
-o 网域报告
-Z 来源组织单位报告
+S 主机报告
-r 请求报告

-G 不读analog.cfg
+g读取自定义配置文件

我这每日报告用awstats统计,每月报告用analog统计,每个域名汇总一个月报告.
日志按天存放在/opt/log/2014.08/07/目录下
www.c1gstudio.com.log.gz
blog.c1gstudio.com.log.gz
www.c1g.com.log.gz

每日运行完awstats后运行analog
crontab

10 5 * * * /bin/sh /opt/shell/analog.sh > /dev/null 2>&1

vi /opt/shell/analog.sh

#!/bin/sh
ana_dir=/usr/local/analog/
web_dir=/opt/htdocs/www/analog/
conf_dir=”${ana_dir}/conf/”

today=`date +%d`
yesterday=`date +%Y%m%d`
lastday_month=`date +%Y.%m -d ‘1 day ago’`
lastday_day=`date +%d -d ‘1 day ago’`

c1g_LOGFILE=/opt/log/${lastday_month}/*/*c1gstudio.com.log.gz
c1g_OUTFILE=${web_dir}c1gstudio${lastday_month}/index.html

POST_LOGFILE=/opt/log/${lastday_month}/*/c1g.com.log.gz
POST_OUTFILE=${web_dir}c1g${lastday_month}/index.html

#if [ $today == “02” ]; then
if [ ! -d $(dirname “${c1g_OUTFILE}”) ]; then
mkdir -p $(dirname “${c1g_OUTFILE}”)
chown www:website $(dirname “${c1g_OUTFILE}”)
fi
if [ ! -d $(dirname “${POST_OUTFILE}”) ]; then
mkdir -p $(dirname “${POST_OUTFILE}”)
chown www:website $(dirname “${POST_OUTFILE}”)
fi
sed -i “s;LOGFILE.*;LOGFILE ${c1g_LOGFILE};” ${conf_dir}c1gstudio.cfg
sed -i “s;OUTFILE.*;OUTFILE ${c1g_OUTFILE};” ${conf_dir}c1gstudio.cfg
sed -i “s;LOGFILE.*;LOGFILE ${POST_LOGFILE};” ${conf_dir}c1g.cfg
sed -i “s;OUTFILE.*;OUTFILE ${POST_OUTFILE};” ${conf_dir}c1g.cfg
#fi

${ana_dir}analog -G +g${conf_dir}c1gstudio.cfg +b +D -d +s +S -n -o -Z -r
${ana_dir}analog -G +g${conf_dir}c1g.cfg +b +D -d +s +S -n -o -Z +r

Posted in 日志.

Tagged with , .

rev="post-1691" No comments

By C1G 2014/08/08

升级postfix至postfix-2.10.3

已有sasl2和mysql情况下


chkconfig sendmail off
/etc/rc.d/init.d/sendmail stop

关闭原有的sendmail:

mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF
mv /usr/bin/newaliases /usr/bin/newaliases.OFF
mv /usr/bin/mailq /usr/bin/mailq.OFF
chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF /usr/bin/mailq.OFF

文件解锁,可省略

chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/services

添加用户和组,已有可省略

groupadd -g 2525 postfix
useradd -g postfix -u 2525 -s /sbin/nologin -M postfix
groupadd -g 2526 postdrop
useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop

sasl升级安装

ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.26.tar.gz
tar zxvf cyrus-sasl-2.1.26.tar.gz
cd cyrus-sasl-2.1.26
./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql
make
make install

移除旧版

mv /usr/lib/libsasl2.a /usr/lib/libsasl2.a.OFF
mv /usr/lib/libsasl2.la /usr/lib/libsasl2.la.OFF
mv /usr/lib/libsasl2.so.2.0.19 /usr/lib/libsasl2.so.2.0.19.OFF
mv /usr/lib/sasl2 /usr/lib/sasl2.OFF
rm /usr/lib/libsasl2.so
rm /usr/lib/libsasl2.so.2

ln -sv /usr/local/sasl2/lib/* /usr/lib
postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中:
ln -sv /usr/local/sasl2/lib/* /usr/local/lib
ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include

postfix升级安装

wget ftp://ftp.reverse.net/pub/postfix/official/postfix-2.10.3.tar.gz
tar xfv postfix-2.10.3.tar.gz
cd postfix-2.10.3
make tidy
make -f Makefile.init makefiles ‘CCARGS=-DUSE_SASL_AUTH -I/usr/local/sasl2’ ‘AUXLIBS=-L/usr/local/sasl2 -lsasl2 ‘
make && make install

安装配置

/bin/sh postfix-install

Warning: if you use this script to install Postfix locally,
this script will replace existing sendmail or Postfix programs.
Make backups if you want to be able to recover.

Before installing files, this script prompts you for some definitions.
Most definitions will be remembered, so you have to specify them
only once. All definitions should have a reasonable default value.

Please specify the prefix for installed file names. Specify this ONLY
if you are building ready-to-install packages for distribution to OTHER
machines. See PACKAGE_README for instructions.
install_root: [/]

Please specify a directory for scratch files while installing Postfix. You
must have write permission in this directory.
tempdir: [/root/src/lempelf/packages/postfix-2.10.3] /tmp

Please specify the final destination directory for installed Postfix
configuration files.
config_directory: [/etc/postfix] /etc/postfix

Please specify the final destination directory for installed Postfix
administrative commands. This directory should be in the command search
path of adminstrative users.
command_directory: [/usr/sbin] /usr/local/postfix/libexec

Please specify the final destination directory for installed Postfix
daemon programs. This directory should not be in the command search path
of any users.
daemon_directory: [/usr/libexec/postfix] /usr/local/postfix/sbin

Please specify the final destination directory for Postfix-writable
data files such as caches or random numbers. This directory should not
be shared with non-Postfix software.
data_directory: [/var/lib/postfix]

Please specify the final destination directory for the Postfix HTML
files. Specify “no” if you do not want to install these files.
html_directory: [no]

Please specify the owner of the Postfix queue. Specify an account with
numerical user ID and group ID values that are not used by any other
accounts on the system.
mail_owner: [postfix]

Please specify the final destination pathname for the installed Postfix
mailq command. This is the Sendmail-compatible mail queue listing command.
mailq_path: [/usr/bin/mailq]

Please specify the final destination directory for the Postfix on-line
manual pages. You can no longer specify “no” here.
manpage_directory: [/usr/local/man]

Please specify the final destination pathname for the installed Postfix
newaliases command. This is the Sendmail-compatible command to build
alias databases for the Postfix local delivery agent.
newaliases_path: [/usr/bin/newaliases]

Please specify the final destination directory for Postfix queues.
queue_directory: [/var/spool/postfix]

Please specify the final destination directory for the Postfix README
files. Specify “no” if you do not want to install these files.
readme_directory: [no]

Please specify the final destination pathname for the installed Postfix
sendmail command. This is the Sendmail-compatible mail posting interface.
sendmail_path: [/usr/sbin/sendmail]

Please specify the group for mail submission and for queue management
commands. Specify a group name with a numerical group ID that is
not shared with other accounts, not even with the Postfix mail_owner
account. You can no longer specify “no” here.
setgid_group: [postdrop]

重新关联

newaliases


chown root /etc/postfix/main.cf
chown -R postfix:postdrop /var/spool/postfix
chown -R postfix:postdrop /var/lib/postfix/
chown root /var/spool/postfix
chown -R root /var/spool/postfix/pid

vi /etc/postfix/main.cf
修改以下几项为您需要的配置

myhostname = mail.c1gstudio.com
myorigin = c1gstudio.com
mydomain = c1gstudio.com
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
mynetworks = 192.168.1.0/24, 127.0.0.0/8

启动
sendmail -bd

测试
mail -s “test” [email protected]

Posted in Mail/Postfix.

rev="post-1685" No comments

By C1G 2014/07/16

微信公众平台开发

最近在做微信公众平台开发,推荐这个 微信公众平台开发入门教程.做的不错一遍看下来就明白了.

官方文档:http://mp.weixin.qq.com/wiki/index.php

Posted in 文档理论.

rev="post-1683" No comments

By C1G 2014/07/15

部署snort+base入侵检测系统

【简 介】
  Snort是一个轻便的网络入侵检测系统,可以完成实时流量分析和对网络上的IP包登录进行测试等功能,能完成协议分析,内容查找/匹配,能用来探测多种攻击和嗅探(如缓冲区溢出、秘密断口扫描、CGI攻击、SMB嗅探、拇纹采集尝试等)。

snort 需安装libpcap和dap
As of Snort 2.9.0, and DAQ, Snort now requires the use of a libpcap version greater than 1.0. Unfortunately for people using RHEL 5 (and below), CentOS 5.5 (and below), and Fedora Core 11 (and below), there is not an official RPM for libpcap 1.0.

Sourcefire will not repackage libpcap and distribute libpcap with Snort as part of an RPM, as it may cause other problems and will not be officially supported by Redhat.

yum 安装

yum install libpcap libpcap-devel


wget http://www.tcpdump.org/release/libpcap-1.4.0.tar.gz
tar zxvf libpcap-1.4.0.tar.gz
cd libpcap-1.4.0
./configure
make
make install


cd ..
http://code.google.com/p/libdnet/
wget https://libdnet.googlecode.com/files/libdnet-1.12.tgz
tar zxvf libdnet-1.12.tgz
cd libdnet-1.12
./configure
make && make install


cd ..
wget http://www.snort.org/downloads/2778
tar zxvf dap-2.0.2.tar.gz
cd daq-2.0.2
./configure –with-libpcap-libraries=/usr/local/lib
make
make install

添加用户

groupadd snort
useradd -g snort snort -s/sbin/nologin

安装snort

cd ..
wget http://www.snort.org/downloads/2787
tar zxvf snort-2.9.6.0.tar.gz
cd snort-2.9.6.0
./configure –prefix=/usr/local/snort-2.9.6.0 –with-dnet-libraries=/usr/local/lib/
make
make install
cd /usr/local
ln -s snort-2.9.6.0 snort
cd bin
./snort -v

错误

usr/local/snort/bin/snort: error while loading shared libraries: libdnet.1: cannot open shared object file: No such file or directory

解决

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib
cp libdnet libdnet.so
cp libdnet.1 libdnet.1.so
ldconfig

错误

configure: WARNING: unrecognized options: –with-mysql

snort-Snort 2.9.3开始不支持mysql,改用barnyard插件

snort规则下载地址:
1.在http://www.snort.org/ 可以免费下载到社区版 snortrules-snapshot,下载官方rules是需要订阅付费
2.在 http://www.bleedingthreats.net/cgi-bin/viewcvs.cgi/rules/ 可以下载到一个第三方的 rules 文件 rules.tar.gz,这个系列更新也比较频繁,我的snortrules-snapshot-2.8.tar.gz 是在51cto上下载的。
3.BASE 可以从http://sourceforge.net/projects/secureideas/ 获取版本或者用软件SnortCenter是一个基于Web的snort探针和规则管理系统,用于远程修改snort探针的配置,起动、停止探针,编辑、分发snort特征码规则。http://users.telenet.be/larc/download/
4.Adodb 可以从 http://sourceforge.net/projects/adodb/ 下载.ADODB 是 Active Data Objects Data Base 的简称,它是一种 PHP 存取数据库的中间函式组件


mkdir /usr/local/snort/etc
cd /usr/local/snort/etc/
tar zxvf snortrules-snapshot-2956.tar.gz
mv etc/* .
rm snortrules-snapshot-2956.tar.gz

chown -R root:root .
vi /usr/local/snort/etc/snort.conf

修改

var RULE_PATH /usr/local/snort/etc/rules
var SO_RULE_PATH /usr/local/snort/etc/so_rules
var PREPROC_RULE_PATH /usr/local/snort/etc/preproc_rules

var WHITE_LIST_PATH /usr/local/snort/etc/rules
var BLACK_LIST_PATH /usr/local/snort/etc/rules

dynamicpreprocessor directory /usr/local/snort/lib/snort_dynamicpreprocessor/
dynamicengine /usr/local/snort/lib/snort_dynamicengine/libsf_engine.so
dynamicdetection directory /usr/local/snort/lib/snort_dynamicrules

output unified2: filename /var/log/snort/snort.u2, limit 128


mkdir /usr/local/snort/lib/snort_dynamicrules
mkdir /var/log/snort
chown snort:snort /var/log/snort

touch /usr/local/snort/etc/rules/white_list.rules
touch /usr/local/snort/etc/rules/black_list.rules

启动snort

/usr/local/snort/bin/snort -d -u snort -g snort -l /var/log/snort -c /usr/local/snort/etc/snort.conf


–== Initialization Complete ==–

,,_ -*> Snort! <*- o" )~ Version 2.9.6.0 GRE (Build 47) '''' By Martin Roesch & The Snort Team: http://www.snort.org/snort/snort-team Copyright (C) 2014 Cisco and/or its affiliates. All rights reserved. Copyright (C) 1998-2013 Sourcefire, Inc., et al. Using libpcap version 1.4.0 Using PCRE version: 8.30 2012-02-04 Using ZLIB version: 1.2.3

The database output plugins are considered deprecated as
!! of Snort 2.9.2 and will be removed in Snort 2.9.3.

barnyard知名的开源IDS的日志工具,具有快速的响应速度,优异的数据库写入功能,是做自定义的入侵检测系统不可缺少的插件
http://www.securixlive.com/barnyard2/download.php

安装barnyard2,前提需要你已安装mysql,这里装在/opt/mysql

wget http://www.securixlive.com/download/barnyard2/barnyard2-1.9.tar.gz
tar zxvf barnyard2-1.9.tar.gz
cd barnyard2-1.9
./configure –with-mysql=/opt/mysql
make
make install

cp etc/barnyard2.conf /usr/local/snort/etc/
mkdir /var/log/barnyard2
touch /var/log/snort/barnyard2.waldo

vi /usr/local/snort/etc/barnyard2.conf


config reference_file: /usr/local/snort/etc/reference.config
config classification_file: /usr/local/snort/etc/classification.config
config gen_file: /usr/local/snort/etc/gen-msg.map
config sid_file: /usr/local/snort/etc/sid-msg.map

config hostname: localhost
config interface: eth0
outdatabase:
output database: log, mysql, user=snort password=snort dbname=snort host=localhost

output database配好自已的db地址和密码

在编译目录schemas/create_mysql下有数据库语句,用mysql导入

CREATE USER ‘snort’@’localhost’ IDENTIFIED BY ‘***’;

GRANT USAGE ON * . * TO ‘snort’@’localhost’ IDENTIFIED BY ‘***’ WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0 ;
GRANT SELECT , INSERT , UPDATE , DELETE , CREATE , DROP , INDEX , ALTER ON `snortdb` . * TO ‘snort’@’localhost’;

安装base和adodb

wget http://jaist.dl.sourceforge.net/project/secureideas/BASE/base-1.4.5/base-1.4.5.tar.gz
tar zxvf base-1.4.5.tar.gz
chown -R www:website base-1.4.5
mv base-1.4.5 /opt/htdocs/www/
ln -s base-1.4.5 base

http://jaist.dl.sourceforge.net/project/adodb/adodb-php5-only/adodb-518-for-php5/adodb518a.zip
unzip adodb518a.zip
chown -R www:website adodb5
mv adodb5 /opt/htdocs/www/base/adodb5

更新php的pear组件

cd /opt/php/bin
./pear install Image_Graph-alpha Image_Canvas-alpha Image_Color Numbers_Roman Mail_Mime Mail

访问地址并在线安装,就是配制一下
http://localhost:80/base/setup/index.php

测试snort

/usr/local/snort/bin/snort vd -i eth1

Snort还有一个测试功能选项(“-T”),它可以轻松地检测到用户批准的配置变更。你可以输入命令“snort -c /etc/snort/snort.conf -T”,然后查看输出来判断变化的配置是否工作正常。

运行snort,监控eth1入侵并记录日志到mysql中

/usr/local/snort/bin/snort -D -c /usr/local/snort/etc/snort.conf -i eth1

barnyard2 -c /usr/local/snort/etc/barnyard2.conf -d /var/log/snort -f snort.u2 -D -w /var/log/snort/barnyard2.waldo

查看流量
iftop -i eth1

如果有入侵,在base就可以看到记录.

如果需要监控整个交换机的流量,可以在交换机上做端口镜像将流量导入到snort机网卡对应的端口上.
我这里snort机上有4个网卡,监控电信、网通还有内网的流量,剩下一个做管理和转输数据。

vi /usr/local/snort/etc/barnyard2.conf
去掉绝对路径和时间戳

output unified2: filename snort.log, limit 128


mkdir /var/log/snort0 /var/log/snort1 /var/log/snort2
chown snort:snort /var/log/snort0 /var/log/snort1 /var/log/snort2
touch /var/log/snort0/barnyard.waldo
touch /var/log/snort1/barnyard.waldo
touch /var/log/snort2/barnyard.waldo

运行

/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1 -l /var/log/snort1
barnyard2 -c /usr/local/snort/etc/barnyard2.conf -i eth1 -d /var/log/snort1 -f snort.log -D -w /var/log/snort1/barnyard.waldo

/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0 -l /var/log/snort0
barnyard2 -c /usr/local/snort/etc/barnyard2.conf -i eth0 -d /var/log/snort0 -f snort.log -D -w /var/log/snort0/barnyard.waldo

/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth2 -l /var/log/snort2
barnyard2 -c /usr/local/snort/etc/barnyard2.conf -i eth2 -d /var/log/snort2 -f snort.log -D -w /var/log/snort2/barnyard.waldo

这时用tcpdump或iftop可以看到同交换机上其它机器的流量.

防止攻击snort,去掉网卡ip, 隐密snort方式
依次去掉eth0、eth1、eth2留下内网eth3
ifdown eth1
vi /etc/sysconfig/network-scripts/ifcfg-eth1

#NETMASK=255.255.255.192
#IPADDR=66.84.77.8

ifup eth1

自动启动
vi /etc/rc.local

/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1 -l /var/log/snort1
barnyard2 -c /usr/local/snort/etc/barnyard2.conf -i eth1 -d /var/log/snort1 -f snort.log -D -w /var/log/snort1/barnyard.waldo

/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth0 -l /var/log/snort0
barnyard2 -c /usr/local/snort/etc/barnyard2.conf -i eth0 -d /var/log/snort0 -f snort.log -D -w /var/log/snort0/barnyard.waldo

/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth2 -l /var/log/snort2
barnyard2 -c /usr/local/snort/etc/barnyard2.conf -i eth2 -d /var/log/snort2 -f snort.log -D -w /var/log/snort2/barnyard.waldo

错误示例:
====================

ERROR! dnet header not found, go get it from
http://code.google.com/p/libdnet/ or use the –with-dnet-*

解决
安装dbus
http://www.freedesktop.org/wiki/Software/dbus/

http://downloads.sourceforge.net/project/libdnet/libdnet/libdnet-1.11/libdnet-1.11.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Flibdnet%2Ffiles%2Flibdnet%2Flibdnet-1.11%2F&ts=1392967212&use_mirror=jaist
tar zxvf libdnet.1.11.tar.gz
cd libdnet.1.11
./configure
make && make install

====================

/usr/local/lib/libz.a: could not read symbols: Bad value
collect2: ld returned 1 exit status

解决
安装zlib

wget http://nchc.dl.sourceforge.net/project/libpng/zlib/1.2.3/zlib-1.2.3.tar.gz
tar zxvf zlib-1.2.3.tar.gz
cd zlib-1.2.3
./configure
vi MakeFile ,找到 CFLAGS=xxxxx ,在最后面加上 -fPIC #编译时加这个没用CFLAGS=”-O3 -fPIC”
make
make install

=======================

May 15 15:22:37 c1gstudio snort[29521]: S5: Pruned 35 sessions from cache for memcap. 5881 ssns remain. memcap: 8362032/8388608
May 15 15:22:38 c1gstudio snort[29521]: S5: Pruned 10 sessions from cache for memcap. 6038 ssns remain. memcap: 8388229/8388608
May 15 15:22:38 c1gstudio snort[29521]: S5: Pruned 5 sessions from cache for memcap. 6033 ssns remain. memcap: 8377128/8388608
May 15 15:22:38 c1gstudio snort[29521]: S5: Pruned 5 sessions from cache for memcap. 6029 ssns remain. memcap: 8362875/8388608
May 15 15:22:38 c1gstudio snort[29521]: S5: Pruned 10 sessions from cache for memcap. 6022 ssns remain. memcap: 8388607/8388608
May 15 15:22:38 c1gstudio snort[29521]: S5: Pruned 20 sessions from cache for memcap. 6002 ssns remain. memcap: 8379709/8388608

vi /usr/local/snort/etc/snort.conf

增加memcap 134217728 (128m)

# Target-Based stateful inspection/stream reassembly. For more inforation, see README.stream5
preprocessor stream5_global: track_tcp yes, \
track_udp yes, \
track_icmp no, \
memcap 134217728, \
max_tcp 262144, \
max_udp 131072, \
max_active_responses 2, \
min_response_seconds 5

=====================

WARNING: /usr/local/snort/etc/snort.conf(512) => Keyword priority for whitelist is not applied when white action is unblack.
May 15 17:01:08 c1gstudio snort[12460]: Processing whitelist file /usr/local/snort/etc/rules/white_list.rules
May 15 17:01:08 c1gstudio snort[12460]: Reputation entries loaded: 1, invalid: 0, re-defined: 0 (from file /usr/local/snort/etc/rules/white_list.rules)
May 15 17:01:08 c1gstudio snort[12460]: Processing blacklist file /usr/local/snort/etc/rules/black_list.rules
May 15 17:01:08 c1gstudio snort[12460]: Reputation entries loaded: 0, invalid: 0, re-defined: 0 (from file /usr/local/snort/etc/rules/black_list.rules)
May 15 17:01:08 c1gstudio snort[12460]: Reputation total memory usage: 529052 bytes

WHITE_LIST_PATH 绝对路径
vi /usr/local/snort/etc/snort.conf

var WHITE_LIST_PATH /usr/local/snort/etc/rules
var BLACK_LIST_PATH /usr/local/snort/etc/rules

黑白名单示例,但我尝试无效.

preprocessor reputation: \
nested_ip both, \
blacklist /etc/snort/default.blacklist, \
whitelist /etc/snort/default.whitelist
white trust

In file “default.blacklist”
# These two entries will match all ipv4 addresses
1.0.0.0/1
128.0.0.0/1

In file “default.whitelist”
68.177.102.22 # sourcefire.com
74.125.93.104 # google.com

================

May 15 23:29:32 c1gstudio snort[20203]: S5: Session exceeded configured max bytes to queue 1048576 using 1049895 bytes (server queue). 36.250.86.52 5917 –> 61.147.125.16 80 (0) : LWstate 0x1 LWFlags 0x2001
May 15 23:32:42 c1gstudio snort[20203]: S5: Pruned session from cache that was using 1108276 bytes (stale/timeout). 36.250.86.52 5917 –> 61.147.125.16 80 (0) : LWstate 0x1 LWFlags 0x212001
May 16 05:01:49 c1gstudio snort[20203]: S5: Session exceeded configured max bytes to queue 1048576 using 1049688 bytes (client queue). 69.196.253.30 3734 –> 61.147.125.16 80 (0) : LWstate 0x1 LWFlags 0x402003

max_queued_bytes
Default is “1048576” (1MB).
改成10MB


preprocessor stream5_tcp: policy windows, detect_anomalies, require_3whs 180, \
max_queued_bytes 10485760, \

参考:
http://www.ibm.com/developerworks/cn/web/wa-snort1/
http://www.ibm.com/developerworks/cn/web/wa-snort2/

http://www.snort.org/snort-downloads?
http://man.chinaunix.net/network/snort/Snortman.htm
http://blog.chinaunix.net/uid-286494-id-2134474.html
http://blog.chinaunix.net/uid-522598-id-1764389.html
http://sourceforge.net/p/snort/mailman/snort-users/thread/433A1D25-D6EE-4257-8CE6-3743395D05D0%40auckland.ac.nz/#msg26465706
http://manual.snort.org/

Posted in 安全, 技术.

Tagged with , .

rev="post-1677" No comments

By C1G 2014/05/29

使用Nginx添加header防止网页被frame

可以使用php或nginx等添加X-Frame-Options header来控制frame权限
X-Frame-Options有三个可选的值:

DENY:浏览器拒绝当前页面加载任何Frame页面

SAMEORIGIN:frame页面的地址只能为同源域名下的页面

ALLOW-FROM:允许frame加载的页面地址

PHP代码:

header(‘X-Frame-Options:Deny’);

Nginx配置:

add_header X-Frame-Options SAMEORIGIN

可以加在locaion中
location /
{
add_header X-Frame-Options SAMEORIGIN
}

Apache配置:

Header always append X-Frame-Options SAMEORIGIN

使用后不充许frame的页面会显示一个白板。

参考:
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header

Posted in Nginx.

rev="post-1671" No comments

By C1G 2014/04/23

OpenSSL“心脏出血”漏洞

OpenSSL“心脏出血”漏洞是一个非常严重的问题。这个漏洞使攻击者能够从内存中读取多达64 KB的数据。一些安全研究员表示:
OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable 并且开了https服务的需尽快升级.
目前官网已出OpenSSL 1.0.1g http://www.openssl.org/

OpenSSL 1.0.0 ,OpenSSL 0.9.8不受影响

参考:
http://drops.wooyun.org/papers/1381

Posted in 安全通告.

Tagged with , .

OpenSSL“心脏出血”漏洞已关闭评论

By C1G 2014/04/10

将php出错日志同步输出到splunk

vi /opt/php/etc/php.ini
打开syslog

; Log errors to specified file.
error_log = /opt/php/logs/php_error.log

; Log errors to syslog (Event Log on NT, not valid in Windows 95).
error_log = syslog

centos6为rsyslog,以下为syslog
vi /etc/rsyslog.conf
vi /etc/syslog.conf

#php log
user.* /opt/php/logs/php_error.log
#splunk
*.* @192.168.0.39

192.168.0.39为splunk所在ip,安装spunk可看这篇blog
重新reload syslog和php
将php出错日志同步输出到splunk并在本机保留一份日志
这里没有做日志切割,需要的自已加

在splunk可看到如下日志

01:37:13.000

<13>Jan 14 01:37:13 192.168.0.24 php-cgi: PHP Warning: mkdir() [function.mkdir]: File exists in /opt/htdocs/c1gblog/globals/class_cache.php on line 1013

host=192.168.0.24 选项|
sourcetype=syslog 选项|
source=tcp:1999 选项|
process=php-cgi 选项

Posted in 日志.

将php出错日志同步输出到splunk已关闭评论

By C1G 2014/01/14

安装淘宝开源web服务器tengine替换nginx并使用proxy_cache做前端代理

简介
Tengine是由淘宝网发起的Web服务器项目。它在Nginx的基础上,针对大访问量网站的需求,添加了很多高级功能和特性。Tengine的性能和稳定性已经在大型的网站如淘宝网,天猫商城等得到了很好的检验。它的最终目标是打造一个高效、稳定、安全、易用的Web平台。

目前稳定版[2013-11-22] Tengine-1.5.2
特性
继承Nginx-1.2.9的所有特性,100%兼容Nginx的配置;
动态模块加载(DSO)支持。加入一个模块不再需要重新编译整个Tengine;
流式上传到HTTP后端服务器或FastCGI服务器,大量减少机器的I/O压力;
更加强大的负载均衡能力,包括一致性hash模块、会话保持模块,还可以对后端的服务器进行主动健康检查,根据服务器状态自动上线下线;
输入过滤器机制支持。通过使用这种机制Web应用防火墙的编写更为方便;
动态脚本语言Lua支持。扩展功能非常高效简单;
支持管道(pipe)和syslog(本地和远端)形式的日志以及日志抽样;
组合多个CSS、JavaScript文件的访问请求变成一个请求;
自动去除空白字符和注释从而减小页面的体积
自动根据CPU数目设置进程个数和绑定CPU亲缘性;
监控系统的负载和资源占用从而对系统进行保护;
显示对运维人员更友好的出错信息,便于定位出错机器;
更强大的防攻击(访问速度限制)模块;
更方便的命令行参数,如列出编译的模块列表、支持的指令等;
可以根据访问文件类型设置过期时间;

安装jemalloc可以增加性能

cd /root/src/toolkits/
wget http://www.canonware.com/download/jemalloc/jemalloc-3.4.1.tar.bz2
tar jxvf jemalloc-3.4.1.tar.bz2
cd jemalloc-3.4.1
./configure –prefix=/usr/local/jemalloc-3.4.1
make && make install
ldconfig

GeoIP白名单

wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
tar -zxvf GeoIP.tar.gz
cd GeoIP-1.4.6
./configure
make; make install
ldconfig

使用proxy_cache时增加purge模块

wget http://labs.frickle.com/files/ngx_cache_purge-2.1.tar.gz
tar zxvf ngx_cache_purge-2.1.tar.gz
–add-module=../ngx_cache_purge-2.1

后端nginx编译时需加上–with-http_realip_module以获取真实ip,并指定来源

set_real_ip_from 61.199.67.2; #前端ip
set_real_ip_from 192.168.0.111;#前端ip
real_ip_header X-Real-IP;

编译安装tengine
jemalloc为编译路径

wget http://tengine.taobao.org/download/tengine-1.5.1.tar.gz
tar zxvf tengine-1.5.1.tar.gz
cd tengine-1.5.1
./configure –user=www –group=website –prefix=/opt/tengine-1.5.1 –add-module=../ngx_cache_purge-2.1 –with-http_stub_status_module –with-http_ssl_module –with-http_realip_module \
–with-http_concat_module=shared \
–with-http_sysguard_module=shared \
–with-http_limit_conn_module=shared \
–with-http_limit_req_module=shared \
–with-http_footer_filter_module=shared \
–with-http_upstream_ip_hash_module=shared \
–with-http_upstream_least_conn_module=shared \
–with-http_upstream_session_sticky_module=shared \
–with-jemalloc=/root/src/lempelf/packages/jemalloc-3.4.1
make
make install

GeoIp数据

cd /opt/tengine-1.5.1/conf
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz

chgrp -R website /opt/tengine-1.5.1/conf
chmod -R 764 /opt/tengine-1.5.1/conf
chmod 774 /opt/tengine-1.5.1/conf

复制原nginx的配制文件于tengine

cd /opt/nginx/conf
cp awstats.conf fcgi.conf htpasswd block.conf nginx.conf /opt/tengine-1.5.1/conf/

检测配置文件

/opt/tengine-1.5.1/sbin/nginx -t -c /opt/tengine-1.5.1/conf/nginx.conf
nginx: [emerg] unknown directive “limit_zone” in /opt/tengine-1.5.1/conf/nginx.conf:71
nginx: [emerg] unknown directive “limit_conn” in /opt/tengine-1.5.1/conf/nginx.conf:136
如果有以上错误,需去掉limit_conn配置,ngx_http_limit_conn_module 模块在新版已使用新指令

增加新的功能
vi /opt/tengine-1.5.1/conf/nginx.conf
根据cpu数量自动设定Tengine的worker进程数量,并进行cpu绑定。

worker_processes auto;
worker_cpu_affinity auto;

关闭系统信息

server_info off;
server_tag off;

ngx_http_sysguard_module
系统过载保护

sysguard on;

sysguard_load load=10.5 action=/loadlimit;
sysguard_mem swapratio=20% action=/swaplimit;
sysguard_mem free=100M action=/freelimit;

location /loadlimit {
return 503;
}

location /swaplimit {
return 503;
}

location /freelimit {
return 503;
}

ngx_http_limit_req_module
并发限制模块

limit_req_zone $binary_remote_addr zone=one:3m rate=1r/s;
limit_req_zone $binary_remote_addr $uri zone=two:3m rate=1r/s;
limit_req_zone $binary_remote_addr $request_uri zone=three:3m rate=1r/s;

location / {
limit_req zone=one burst=5;
limit_req zone=two forbid_action=@test1;
limit_req zone=three burst=3 forbid_action=@test2;
}

location /off {
limit_req off;
}

location @test1 {
rewrite ^ /test1.html;
}

location @test2 {
rewrite ^ /test2.html;
}

删除旧的nginx软链接,给tengine增加软链接
rm /opt/nginx
ln -s /opt/tengine-1.5.1 /opt/nginx

一个完整的nginx.conf

user www website;

worker_processes auto;
worker_cpu_affinity auto;

error_log /var/log/nginx/nginx_error.log error;

pid /dev/shm/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process.
worker_rlimit_nofile 51200;

dso {
load ngx_http_footer_filter_module.so;
load ngx_http_limit_conn_module.so;
load ngx_http_limit_req_module.so;
load ngx_http_sysguard_module.so;
load ngx_http_upstream_ip_hash_module.so;
load ngx_http_upstream_least_conn_module.so;
load ngx_http_upstream_session_sticky_module.so;
}

events
{
use epoll;

worker_connections 51200;
}

http
{
include mime.types;
default_type application/octet-stream;

log_format access ‘$remote_addr – $remote_user [$time_local] “$request” ‘
‘$status $body_bytes_sent “$http_referer” ‘
‘”$http_user_agent” $http_x_forwarded_for’;

open_log_file_cache max=1000 inactive=20s min_uses=2 valid=1m;

server_names_hash_bucket_size 128;

#linux 2.4+
sendfile on;
tcp_nopush on;
tcp_nodelay on;

#tengine
server_info off;
server_tag off;
#server_tag Apache;
server_tokens off;

server_name_in_redirect off;

keepalive_timeout 60;

client_header_buffer_size 16k;
client_body_timeout 60;
client_max_body_size 8m;
large_client_header_buffers 4 32k;

fastcgi_intercept_errors on;
fastcgi_hide_header X-Powered-By;
fastcgi_connect_timeout 180;
fastcgi_send_timeout 180;
fastcgi_read_timeout 180;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128K;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_temp_path /dev/shm;

#open_file_cache max=51200 inactive=20s;
#open_file_cache_valid 30s;
#open_file_cache_min_uses 2;
#open_file_cache_errors off;

gzip on;
gzip_min_length 1k;
gzip_comp_level 5;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_proxied any;

limit_req_log_level error;
limit_req_zone $binary_remote_addr $uri zone=two:30m rate=10r/s;

#访问限制白名单
geo $white_ip {
#ranges;
default 0;
127.0.0.1/32 1;
182.55.21.28/32 1;
192.168.0.0/16 1;
61.199.67.0/24 1;
}

client_body_buffer_size 512k;
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

#注:proxy_temp_path和proxy_cache_path指定的路径必须在同一分区
proxy_temp_path /opt/nginx/proxy_temp_dir;
#设置Web缓存区名称为cache_www,内存缓存空间大小为3000MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为30GB。
proxy_cache_path /opt/nginx/proxy_cache_www levels=1:2 keys_zone=cache_www:3000m inactive=1d max_size=20g;

upstream www_server {
server 192.168.0.131:80;
}
server
{
listen 80 default;
server_name _;
return 444;
access_log off;
}

server
{
listen 80;
server_name www.c1gstudio.com;
index index.html index.htm index.php;
root /opt/htdocs/www;
access_log /var/log/nginx/proxy.www.c1gstudio.com.log access buffer=24k;

if (-d $request_filename){
rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
}

limit_req_whitelist geo_var_name=white_ip geo_var_value=1;
limit_req zone=two burst=50 forbid_action=/visitfrequently.html;

location @visitfrequently {
rewrite ^ /visitfrequently.html;
}

location ~/\.ht {
deny all;
}

#用于清除缓存,假设一个URL为http://192.168.8.42/test.txt,通过访问http://192.168.8.42/purge/test.txt就可以清除该URL的缓存。
location ~ /purge(/.*)
{
#设置只允许指定的IP或IP段才可以清除URL缓存。
allow 127.0.0.1;
allow 192.168.0.0/16;
deny all;
proxy_cache_purge cache_www $host$1$is_args$args;
error_page 405 =200 /purge$1; #处理squidclient purge的时候出现的405错误
}
if ( $request_method = “PURGE” ) {
rewrite ^(.*)$ /purge$1 last;
}

location /
{
error_page 502 504 /502.html;
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www_server;
add_header X-Cache Cache-Skip;
}
location ~ 404\.html$
{
proxy_set_header Host $host;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www_server;
add_header X-Cache Cache-Skip;
}

location ~ .*\.(htm|html|)?$
{
#如果后端的服务器返回502、504、执行超时等错误,自动将请求转发到upstream负载均衡池中的另一台服务器,实现故障转移。
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_cache cache_www;
#对不同的HTTP状态码设置不同的缓存时间
proxy_cache_valid 200 304 5m;
#以域名、URI、参数组合成Web缓存的Key值,Nginx根据Key值哈希,存储缓存内容到二级缓存目录内
proxy_cache_key $host$uri$is_args$args;
proxy_set_header Host $host;
proxy_http_version 1.1;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www_server;
#支持后台expires
proxy_ignore_headers “Cache-Control” “Expires”;
add_header X-Cache Cache;
}

location ~* ^.+\.(jpg|jpeg|gif|png|rar|zip|css|js)$ {
valid_referers none blocked *.c1gstudio.com;
if ($invalid_referer) {
rewrite ^/ http://leech.c1gstudio.com/leech.gif;
return 412;
break;
}
access_log off;
#如果后端的服务器返回502、504、执行超时等错误,自动将请求转发到upstream负载均衡池中的另一台服务器,实现故障转移。
proxy_next_upstream http_502 http_504 error timeout invalid_header;
proxy_cache cache_www;
#对不同的HTTP状态码设置不同的缓存时间
proxy_cache_valid 200 304 5m;
#以域名、URI、参数组合成Web缓存的Key值,Nginx根据Key值哈希,存储缓存内容到二级缓存目录内
proxy_cache_key $host$uri$is_args$args;
proxy_set_header Host $host;
proxy_http_version 1.1;
#proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://www_server;
#支持后台expires
proxy_ignore_headers “Cache-Control” “Expires”;
add_header X-Cache Cache;
}

}

}

启动tengine
/opt/nginx/sbin/nginx

观察了下top降低了许多

===========2014/1/3更新=============
如果负载时大时小可能有io瓶颈,可以将proxy_cache放到/dev/shm 中来解决.(/dev/shm默认为内存一半大小)
创建目录并加入开机执行

mkdir /dev/shm/nginx

vi /etc/rc.local
在nginx启动前加入
mkdir /dev/shm/nginx

修改nginx.conf

proxy_temp_path /dev/shm/nginx/proxy_temp_dir;
#设置Web缓存区名称为cache_www,内存缓存空间大小为3000MB,1天没有被访问的内容自动清除,硬盘缓存空间大小为30GB。
proxy_cache_path /dev/shm/nginx/proxy_cache_www levels=1:2 keys_zone=cache_www:3000m inactive=1d max_size=20g;

Posted in Nginx.

Tagged with , .

安装淘宝开源web服务器tengine替换nginx并使用proxy_cache做前端代理已关闭评论

By C1G 2013/12/18

给邮件服务器postfix增加spf和dkim

Google宣布发送给Gmail的91.4%邮件都采用DKIM或SPF反伪造标准

spf
在域名的dns管理中增加txt记录
以邮件服务器mta.c1gstudio.com ip:208.133.199.7 为例
1.SPF 记录指向A主机记录
@ IN TXT “v=spf1 include:mta.c1gstudio.com -all”

2.这个mta记录下增加spf IP地址(ip地址为邮件服务器对外ip)
mta IN TXT “v=spf1 ip4: 208.133.199.7 -all”
如果需要ip段
mta IN TXT “v=spf1 ip4: 208.133.199.0/24 -all”

使用nslookup命令进行查询验证 windows下cmd->nslookup
查询的类型(type)为txt (SPF记录都是txt类型文件)set type=txt
输入要查询SPF记录的域名。这里要查询的域名是”163.com”。如果邮件地址是 [email protected] ,那么需要查询的域名就是 yy.com
查询的结果,从结果里的”include”这个关键字可以知道,163.com的SPF记录包含在”spf.163.com”的”txt”类型中
所以,再一次查询”spf.163.com”的”txt”类型
最终结果出来了
检查输出的IP,确认是否已经包含了所有发信IP

Received-SPF: neutral (google.com: 60.195.249.163 is neither permitted nor denied by domain of [email protected])
发送邮件到gmail后,查看邮件头,包含SPF: pass为通过
Received-SPF: pass (google.com: domain of #####@yeah.net designates 60.12.227.137 as permitted sender

以上spf算是完成了.
dkim
安装opendkim可以使用epel库方便快捷
rhel5/centos5用这个
rpm -Uvh http://dl.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rhel6/centos6用这个
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

安装opendkim会增加opendkim用户和组
如果密码文件/etc/passwd已加锁,记得解锁

yum clean all
yum install opendkim

Installing:
opendkim x86_64 2.8.4-1.el5 epel 262 k
Installing for dependencies:
ldns x86_64 1.6.16-1.el5 epel 507 k
libopendkim x86_64 2.8.4-1.el5 epel 75 k
unbound-libs x86_64 1.4.20-2.el5 epel 258 k

安装完成后,输入如下命令,会在当前目录下生成公钥和私钥两个文件:default.private 和 default.txt

1.
cd /etc/opendkim/keys
opendkim-genkey -r -d mta.c1gstudio.com
default.txt 里面的内容类似如下:

default._domainkey IN TXT ( “v=DKIM1; k=rsa; s=email; ”
“p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTEMk2ow/WZuQheCMxZrowErith/LVsaWLVhkkrONT2S4LZcuuVbgCkr2EGaoJUNjc/Ztu0Z47RPbLDkGGjtCwy6VnUeKWh7ijwu2+AHyq6mJIn33z7TGz90Io0o30PjQLSeO1E/ozRpBSljvJMikYUDYfZpWZSxcIhtOetOp8mwIDAQAB” ) ; —– DKIM key default for mta.c1gstudio.com

2.修改文件属性
chown opendkim default.private

3.编缉配置文件
vi /etc/opendkim.conf

Mode sv
UserID opendkim:opendkim
Socket inet:8891@localhost
Canonicalization relaxed/simple
Domain mta.c1gstudio.com
KeyFile /etc/opendkim/keys/default.private
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
InternalHosts refile:/etc/opendkim/TrustedHosts
SyslogSuccess No
LogWhy No

4.信任的发信ip地址
vi /etc/opendkim/TrustedHosts

127.0.0.1
#hostname1.example1.com
192.168.1.0/24

5.private key
vi /etc/opendkim/KeyTable

default._domainkey.mta.c1gstudio.com mta.c1gstudio.com:default:/etc/opendkim/keys/default.private

6.多个域名可以指定使用哪个public key
vi /etc/opendkim/SigningTable

*@mta.c1gstudio.com [email protected]
*@c1gstudio.com [email protected]

7.启动opendkim
/etc/init.d/opendkim start
Starting OpenDKIM Milter: [ OK ]

开机启动
chkconfig opendkim on

8.编辑postfix,在末尾加入
vi /etc/postfix/main.cf

#################dkim###################
smtpd_milters= inet:localhost:8891
milter_default_action = accept
milter_protocol = 2
non_smtpd_milters = inet:localhost:8891

如果Postfix 版本小于2.6需加上
milter_protocol = 2

9.重启postfix
/usr/local/postfix/sbin/postfix reload

10.设置域名dns
将public key加入到mta.c1gstudio.com的txt记录中

default._domainkey IN TXT ( “v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDTEMk2ow/WZuQheCMxZrowErith/LVsaWLVhkkrONT2S4LZcuuVbgCkr2EGaoJUNjc/Ztu0Z47RPbLDkGGjtCwy6VnUeKWh7ijwu2+AHyq6mJIn33z7TGz90Io0o30PjQLSeO1E/ozRpBSljvJMikYUDYfZpWZSxcIhtOetOp8mwIDAQAB” )

这里吐槽下商务中国的域名面板无法加含”_”下划线的主机名,转战dnspod.

11.验证域名
http://dkimcore.org/tools/
Check a published DKIM Core Key:
Selector:default
Domain name:mail.c1gstudio.com

12.邮件测试
tail -f /var/log/maillog
Dec 12 17:36:48 c1g opendkim[30546]: 9F36E1A181C8: DKIM-Signature field added (s=default, d=mta.c1gstudio.com)

接着再发邮件到gmail和hotmail中查看dkim是否有签名。
给gmail发邮件,然后查看邮件头,看到spf=pass和dkim=pass

Received-SPF: pass (google.com: domain of [email protected] designates 208.133.199.7 as permitted sender) client-ip=208.133.199.7;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of [email protected] designates 208.133.199.7 as permitted sender) [email protected];
dkim=pass [email protected]
Received: from c1g (c1g [208.133.199.7])
by mta.c1gstudio.com (Postfix) with ESMTP id C3BB21A1825C
for ; Fri, 13 Dec 2013 10:47:02 +0800 (CST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mta.c1gstudio.com;
s=default; t=1386902822;
bh=spJ3t+Wlf7qUYsyf9zBZsdaztFW9Vj9zn2URNGhfZ3o=;
h=Date:From:To:Subject;
b=R7gyGPsyKqNq3ceDTQYq958qRkdJE04xKCCKOseCb/Gi5v9rLr6jyZyUWsP5PstqX
WhfTjErGippcxJEe84B4yTOE0gYDRJB//I8pEF+jux/qF7JhmIc3+Cs/yqI
powsNbGdwkJaB3WlCPwroBk88/wP8W64tWda4oyGTVYZzNU=

trouble shooting:
1.
tail -f /var/log/maillog
opendkim no signature data
没有签名,需改成将opendkim.conf中的模式改成sv
Mode sv

2.
Dec 13 16:15:03 localhost opendkim[3248]: can’t load key from /etc/opendkim/keys/default.private: Permission denied
cd /etc/opendkim/keys/
chown opendkim default.private

参考:
http://mail.163.com/hd/all/chengxin/3.htm
http://stevejenkins.com/blog/2011/08/installing-opendkim-rpm-via-yum-with-postfix-or-sendmail-for-rhel-centos-fedora/
http://www.banping.com/2011/07/19/postfix-dkim/
http://www.info110.com/mailserver/in27377-1.htm

Posted in Mail/Postfix.

Tagged with , , , .

给邮件服务器postfix增加spf和dkim已关闭评论

By C1G 2013/12/13

UnixBench测试服务器性能

UnixBench是一款不错的Linux下的性能测试软件.

测试机配置

dell R410
5620(4核2.4G) *2 8G*2 SAS 15K 300G*2 noraid 7.2K SAS 2T*1
centos 5.8 64bit
Linux LocalIm 2.6.18-308.el5 #1 SMP Tue Feb 21 20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux


wget http://byte-unixbench.googlecode.com/files/unixbench-5.1.2.tar.gz
tar zxvf unixbench-5.1.2.tar.gz
cd unixbench-5.1.2
make
./Run

Unixbench会开始性能测试,根据cpu核心数量的不同,测试时间长短不一,这次测试时间大概一小时左右


make all
make[1]: Entering directory `/root/src/toolkits/unixbench-5.1.2′
Checking distribution of files
./pgms exists
./src exists
./testdir exists
./tmp exists
./results exists
make[1]: Leaving directory `/root/src/toolkits/unixbench-5.1.2′
sh: 3dinfo: command not found

# # # # # # # ##### ###### # # #### # #
# # ## # # # # # # # ## # # # # #
# # # # # # ## ##### ##### # # # # ######
# # # # # # ## # # # # # # # # #
# # # ## # # # # # # # ## # # # #
#### # # # # # ##### ###### # # #### # #

Version 5.1.2 Based on the Byte Magazine Unix Benchmark

Multi-CPU version Version 5 revisions by Ian Smith,
Sunnyvale, CA, USA
December 22, 2007 johantheghost at yahoo period com

1 x Dhrystone 2 using register variables 1 2 3 4 5 6 7 8 9 10

1 x Double-Precision Whetstone 1 2 3 4 5 6 7 8 9 10

1 x Execl Throughput 1 2 3

1 x File Copy 1024 bufsize 2000 maxblocks 1 2 3

1 x File Copy 256 bufsize 500 maxblocks 1 2 3

1 x File Copy 4096 bufsize 8000 maxblocks 1 2 3

1 x Pipe Throughput 1 2 3 4 5 6 7 8 9 10

1 x Pipe-based Context Switching 1 2 3 4 5 6 7 8 9 10

1 x Process Creation 1 2 3

1 x System Call Overhead 1 2 3 4 5 6 7 8 9 10

1 x Shell Scripts (1 concurrent) 1 2 3

1 x Shell Scripts (8 concurrent) 1 2 3

16 x Dhrystone 2 using register variables 1 2 3 4 5 6 7 8 9 10

16 x Double-Precision Whetstone 1 2 3 4 5 6 7 8 9 10

16 x Execl Throughput 1 2 3

16 x File Copy 1024 bufsize 2000 maxblocks 1 2 3

16 x File Copy 256 bufsize 500 maxblocks 1 2 3

16 x File Copy 4096 bufsize 8000 maxblocks 1 2 3

16 x Pipe Throughput 1 2 3 4 5 6 7 8 9 10

16 x Pipe-based Context Switching 1 2 3 4 5 6 7 8 9 10

16 x Process Creation 1 2 3

16 x System Call Overhead 1 2 3 4 5 6 7 8 9 10

16 x Shell Scripts (1 concurrent) 1 2 3

16 x Shell Scripts (8 concurrent) 1 2 3

========================================================================
BYTE UNIX Benchmarks (Version 5.1.2)

System: Impala: GNU/Linux
OS: GNU/Linux — 2.6.18-308.el5 — #1 SMP Tue Feb 21 20:06:06 EST 2012
Machine: x86_64 (x86_64)
Language: en_US.utf8 (charmap=”UTF-8″, collate=”UTF-8″)
CPU 0: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 1: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4787.9 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 2: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 3: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 4: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 5: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 6: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 7: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4787.9 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 8: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 9: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 10: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 11: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 12: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 13: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 14: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 15: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (4788.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
14:24:24 up 324 days, 22:35, 1 user, load average: 0.07, 0.02, 0.06; runlevel 3

————————————————————————
Benchmark Run: Fri Nov 08 2013 14:24:24 – 14:52:38
16 CPUs in system; running 1 parallel copy of tests

Dhrystone 2 using register variables 14762933.9 lps (10.0 s, 7 samples)
Double-Precision Whetstone 1509.6 MWIPS (8.7 s, 7 samples)
Execl Throughput 2427.3 lps (29.7 s, 2 samples)
File Copy 1024 bufsize 2000 maxblocks 597721.9 KBps (30.0 s, 2 samples)
File Copy 256 bufsize 500 maxblocks 168768.0 KBps (30.0 s, 2 samples)
File Copy 4096 bufsize 8000 maxblocks 1430654.0 KBps (30.0 s, 2 samples)
Pipe Throughput 1166940.5 lps (10.0 s, 7 samples)
Pipe-based Context Switching 105565.7 lps (10.0 s, 7 samples)
Process Creation 8799.5 lps (30.0 s, 2 samples)
Shell Scripts (1 concurrent) 5298.7 lpm (60.0 s, 2 samples)
Shell Scripts (8 concurrent) 2831.9 lpm (60.0 s, 2 samples)
System Call Overhead 943466.8 lps (10.0 s, 7 samples)

System Benchmarks Index Values BASELINE RESULT INDEX
Dhrystone 2 using register variables 116700.0 14762933.9 1265.0
Double-Precision Whetstone 55.0 1509.6 274.5
Execl Throughput 43.0 2427.3 564.5
File Copy 1024 bufsize 2000 maxblocks 3960.0 597721.9 1509.4
File Copy 256 bufsize 500 maxblocks 1655.0 168768.0 1019.7
File Copy 4096 bufsize 8000 maxblocks 5800.0 1430654.0 2466.6
Pipe Throughput 12440.0 1166940.5 938.1
Pipe-based Context Switching 4000.0 105565.7 263.9
Process Creation 126.0 8799.5 698.4
Shell Scripts (1 concurrent) 42.4 5298.7 1249.7
Shell Scripts (8 concurrent) 6.0 2831.9 4719.8
System Call Overhead 15000.0 943466.8 629.0
========
System Benchmarks Index Score 940.2

————————————————————————
Benchmark Run: Fri Nov 08 2013 14:52:38 – 15:21:02
16 CPUs in system; running 16 parallel copies of tests

Dhrystone 2 using register variables 109893471.8 lps (10.0 s, 7 samples)
Double-Precision Whetstone 19203.2 MWIPS (9.2 s, 7 samples)
Execl Throughput 40389.3 lps (29.7 s, 2 samples)
File Copy 1024 bufsize 2000 maxblocks 232275.2 KBps (30.0 s, 2 samples)
File Copy 256 bufsize 500 maxblocks 66058.1 KBps (30.0 s, 2 samples)
File Copy 4096 bufsize 8000 maxblocks 701683.9 KBps (30.0 s, 2 samples)
Pipe Throughput 11422586.8 lps (10.0 s, 7 samples)
Pipe-based Context Switching 2899346.4 lps (10.0 s, 7 samples)
Process Creation 115952.7 lps (30.0 s, 2 samples)
Shell Scripts (1 concurrent) 42915.9 lpm (60.0 s, 2 samples)
Shell Scripts (8 concurrent) 8344.0 lpm (60.0 s, 2 samples)
System Call Overhead 5982682.0 lps (10.0 s, 7 samples)

System Benchmarks Index Values BASELINE RESULT INDEX
Dhrystone 2 using register variables 116700.0 109893471.8 9416.7
Double-Precision Whetstone 55.0 19203.2 3491.5
Execl Throughput 43.0 40389.3 9392.9
File Copy 1024 bufsize 2000 maxblocks 3960.0 232275.2 586.6
File Copy 256 bufsize 500 maxblocks 1655.0 66058.1 399.1
File Copy 4096 bufsize 8000 maxblocks 5800.0 701683.9 1209.8
Pipe Throughput 12440.0 11422586.8 9182.1
Pipe-based Context Switching 4000.0 2899346.4 7248.4
Process Creation 126.0 115952.7 9202.6
Shell Scripts (1 concurrent) 42.4 42915.9 10121.7
Shell Scripts (8 concurrent) 6.0 8344.0 13906.7
System Call Overhead 15000.0 5982682.0 3988.5
========
System Benchmarks Index Score 4199.4


dell R420
2420(6核1.9G) *2 8G*2 SAS 15K 300G*2 noraid
centos 5.8 64bit
Linux loclaP 2.6.18-308.el5 #1 SMP Tue Feb 21 20:06:06 EST 2012 x86_64 x86_64 x86_64 GNU/Linux


BYTE UNIX Benchmarks (Version 5.1.2)

System: ParkAvenue: GNU/Linux
OS: GNU/Linux — 2.6.18-308.el5 — #1 SMP Tue Feb 21 20:06:06 EST 2012
Machine: x86_64 (x86_64)
Language: en_US.utf8 (charmap=”UTF-8″, collate=”UTF-8″)
CPU 0: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 1: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 2: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 3: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 4: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.2 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 5: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 6: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 7: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 8: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 9: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 10: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 11: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 12: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 13: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 14: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 15: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 16: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 17: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 18: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 19: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 20: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 21: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.0 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 22: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
CPU 23: Intel(R) Xeon(R) CPU E5-2420 0 @ 1.90GHz (3800.1 bogomips)
Hyper-Threading, x86-64, MMX, Physical Address Ext, SYSENTER/SYSEXIT, SYSCALL/SYSRET, Intel virtualization
12:01:45 up 21:39, 1 user, load average: 0.07, 0.05, 0.01; runlevel 3

————————————————————————
Benchmark Run: Fri Dec 06 2013 12:01:45 – 12:29:21
24 CPUs in system; running 1 parallel copy of tests

Dhrystone 2 using register variables 13721062.3 lps (10.0 s, 7 samples)
Double-Precision Whetstone 2121.9 MWIPS (7.2 s, 7 samples)
Execl Throughput 2052.4 lps (29.8 s, 2 samples)
File Copy 1024 bufsize 2000 maxblocks 567410.8 KBps (30.0 s, 2 samples)
File Copy 256 bufsize 500 maxblocks 157374.9 KBps (30.0 s, 2 samples)
File Copy 4096 bufsize 8000 maxblocks 1499112.8 KBps (30.0 s, 2 samples)
Pipe Throughput 966163.2 lps (10.0 s, 7 samples)
Pipe-based Context Switching 64456.9 lps (10.0 s, 7 samples)
Process Creation 6327.8 lps (30.0 s, 2 samples)
Shell Scripts (1 concurrent) 4121.4 lpm (60.0 s, 2 samples)
Shell Scripts (8 concurrent) 2182.9 lpm (60.0 s, 2 samples)
System Call Overhead 801849.7 lps (10.0 s, 7 samples)

System Benchmarks Index Values BASELINE RESULT INDEX
Dhrystone 2 using register variables 116700.0 13721062.3 1175.8
Double-Precision Whetstone 55.0 2121.9 385.8
Execl Throughput 43.0 2052.4 477.3
File Copy 1024 bufsize 2000 maxblocks 3960.0 567410.8 1432.9
File Copy 256 bufsize 500 maxblocks 1655.0 157374.9 950.9
File Copy 4096 bufsize 8000 maxblocks 5800.0 1499112.8 2584.7
Pipe Throughput 12440.0 966163.2 776.7
Pipe-based Context Switching 4000.0 64456.9 161.1
Process Creation 126.0 6327.8 502.2
Shell Scripts (1 concurrent) 42.4 4121.4 972.0
Shell Scripts (8 concurrent) 6.0 2182.9 3638.1
System Call Overhead 15000.0 801849.7 534.6
========
System Benchmarks Index Score 818.6

Posted in 测试.

Tagged with .

rev="post-1641" No comments

By C1G 2013/11/08