Skip to content

linux查看和改变网卡工作速率

同一机柜其它机器都在千兆模式但有几台却是百兆,调整速度后还自动降速到百兆. 最后让机房换了网线立马解决问题,数据库的进程排队也降低了

查看网卡信息,网卡支持千兆但工作在百兆. ethtool eth2

Advertised link modes: 10baseT/Half 10baseT/Full 100baseT/Half 100baseT/Full 1000baseT/Full Advertised pause frame use: No Advertised auto-negotiation: Yes Speed: 100Mb/s Duplex: Full

调整到千兆 ethtool -s eth2 speed 1000 duplex full

tail /var/log/messages

Oct 23 10:17:22 C1g kernel: e1000e: eth2 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None Oct 23 10:17:23 C1g kernel: e1000e: eth2 NIC Link is Down Oct 23 10:17:33 C1g kernel: e1000e: eth2 NIC Link is Up 100 Mbps Full Duplex, Flow Control: None Oct 23 10:17:33 C1g kernel: 0000:03:00.1: eth2: 10/100 speed: disabling TSO

又变回到百兆

ethtool备注 ethtool ethX //查询ethX网口基本设置 ethtool –h //显示ethtool的命令帮助(help) ethtool –i ethX //查询ethX网口的相关信息 ethtool –d ethX //查询ethX网口注册性信息 ethtool –r ethX //重置ethX网口到自适应模式 ethtool –S ethX //查询ethX网口收发包统计 ethtool –s ethX [speed 10|100|1000]\ //设置网口速率10/100/1000M [duplex half|full]\ //设置网口半/全双工 [autoneg on|off]\ //设置网口是否自协商

Posted in linux 维护优化.

Tagged with , , .

rev="post-1721" No comments

By C1G 2014/10/23

禁止微软搜索蜘蛛

禁止微软蜘蛛,爬的太疯狂了,还不带流量… 同时降低频率到60秒间隔. 在web根目录下编辑robots.txt

User-agent: Bingbot Disallow: / User-agent: Adidxbot Disallow: / User-agent: MSNBot Disallow: / User-agent: BingPreview Disallow: / User-agent: * Disallow: Crawl-delay: 60 Disallow: /api/ Disallow: /data/

参考: http://www.bing.com/webmaster/help/which-crawlers-does-bing-use-8c184ec0 http://tool.chinaz.com/robots/

Posted in SEO, 网站建设.

Tagged with , , .

rev="post-1717" No comments

By C1G 2014/10/23

mysql多列索引使用注意

MySQL可以为多个列创建索引。一个索引可以包括15个列。 CREATE TABLE test ( id INT NOT NULL, cola CHAR(30) NOT NULL, colb CHAR(30) NOT NULL, PRIMARY KEY (id), INDEX name (cola ,colb ) );

select from tables where colb=’2014′; select from tables where cola=’c1g’ or colb=’2014′;

SELECT * from tbltables where keycola LIKE ‘%c1g%’;

select from tables order by cola asc,colb desc; select from tables order by cola desc,colb asc; 以上是用不到索引的

select from tables where cola=’c1g’ select from tables where cola=’c1g’ and colb=’2014′; select from tables where cola=’c1g’ and colb>’2000′ and colb<'2015'; select from tables where cola=’c1g’ and (colb=’2000′ and colb=’2015′);

SELECT * from tbltables where keycola LIKE ‘c1g%’;

select from tables order by cola asc,colb asc; select from tables order by cola desc,colb desc; 以上是可以用到索引的.

用于排序的column的排序顺序必须一致。

Posted in Mysql.

Tagged with .

rev="post-1714" No comments

By C1G 2014/10/16

mysql连接本地非默认端口

今天需DUMP个本地MYSQL db时遇到的奇怪问题,用mysql_multi起的多实例,连接到localhost时-P端口无效. mysqldump和mysql一样无效

常规连接mysql数据库命令为,没问题 mysql -hlocalhost -uroot -p

连接本地其它端口老是跑到3306去,但是用其它机器加IP是可以连接. mysql -hlocalhost -P3308 -uroot -p

暂时用socket连接解决问题,只导出结构. mysqldump -s/tmp/mysql_3308.sock -uroot -p -d mydb > mydb createdb.sql

Posted in Mysql.

Tagged with .

rev="post-1712" No comments

By C1G 2014/10/15

OpenSSH SFTP远程溢出漏洞

近日曝出OpenSSH SFTP 远程溢出漏洞。OpenSSH服务器中如果OpenSSH服务器中没有配置”ChrootDirectory”,普通用户就可以访问所有文件系统的资源,包括 /proc,在>=2.6.x的Linux内核上,/proc/self/maps会显示你的内存布局,/proc/self/mem可以让你任意在当前进程上下文中读写,而综合两者特性则可以造成远程溢出。

目前受影响的版本是<=OpenSSH 6.6,安恒信息建议使用该系统的用户尽快升级到最新版本OpenSSH 6.7, OpenSSH 6.7包含了降低风险的方案:sftp-server使用prctl()来阻止直接访问/proc/self/{mem,maps}。Grsecurity/PaX直接禁止了/proc/pid/mem的可写,所以如果您的生产环境中部署了Grsecurity/PaX的话这个漏洞可以不用担心。

OpenSSH 6.7下载地址:

ftp://ftp.openbsd.com/pub/OpenBSD/OpenSSH/portable/openssh-6.7p1.tar.gz

参考信息:

http://seclists.org/fulldisclosure/2014/Oct/35

注:首先你需要有权限登录的用户才能干点事。

Posted in 安全通告.

Tagged with , , .

rev="post-1710" No comments

By C1G 2014/10/11

曝Bash安全漏洞 比心血还严重 附测试及补救

20140925曝出的来的漏洞,该漏洞对电脑用户构成的威胁可能比今年4月发现的“心脏流血”(Heartbleed)漏洞更大. 网络安全公司Rapid7工程部经理托德·贝尔德斯利(Tod Beardsley)警告称,Bash漏洞的严重级别为“10”,意味着它对用户电脑的威胁最大。Bash漏洞的利用复杂度级别为“低”,意味着黑客可以相对轻松地利用它发动攻击。

测试方法,执行下面命令

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” vulnerable this is a test

出现上面文字侧需要打补丁了.

我试了下centos5.4 5.5 6.0等都有问题 GNU bash, version 3.2.25(1)-release-(x86_64-redhat-linux-gnu) GNU bash, version 4.1.2(1)-release-(x86_64-unknown-linux-gnu)

补救

yum -y update bash

升级后再测

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test

如上显示就已修复

参考: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Posted in 安全通告.

Tagged with , .

rev="post-1707" No comments

By C1G 2014/09/25

centos固定多网卡启动顺序

系统插上PCI网卡每次重启后顺序可能都会不同,影响nagios检控准确度.

CentOS6

在CentOS6中,具体网卡的配置文件在/etc/udev/rules.d/70-persistent-net.rules cat /etc/udev/rules.d/70-persistent-net.rules

# PCI device 0x14e4:0x163b (bnx2) (custom name provided by external tool) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”78:2b:cb:xx:xx:02″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″ # PCI device 0x14e4:0x163b (bnx2) (custom name provided by external tool) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”78:2b:cb:xx:xx:03″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth2″ # USB device 0x9710:0x7830 (usb) (custom name provided by external tool) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:60:6e:xx:xx:f6″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″ # PCI device 0x14e4:0x165a (tg3) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:10:18:xx:xx:51″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth3″ # PCI device 0x8086:0x10c9 (igb) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1b:21:xx:xx:a1″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth4″ # PCI device 0x8086:0x10c9 (igb) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1b:21:xx:xx:a0″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth5″

删除(usb),(tg3)并调整bnx2及igb的名称,调整后如下

# PCI device 0x14e4:0x163b (bnx2) (custom name provided by external tool) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”78:2b:cb:xx:xx:02″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth0″ # PCI device 0x14e4:0x163b (bnx2) (custom name provided by external tool) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”78:2b:cb:xx:xx:03″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth1″ # PCI device 0x8086:0x10c9 (igb) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1b:21:xx:xx:a1″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth2″ # PCI device 0x8086:0x10c9 (igb) SUBSYSTEM==”net”, ACTION==”add”, DRIVERS==”?*”, ATTR{address}==”00:1b:21:xx:xx:a0″, ATTR{type}==”1″, KERNEL==”eth*”, NAME=”eth3″

配置网卡文件 同时修改/etc/sysconfig/network-scripts/ifcfg-eth*网卡配置文件,修改设备名和MAC地址和udev对应. 同时注意ip地址和网关.

重启服务器 reboot

centos5.8

dmesg中看到intel的pci网卡先于内置网卡

e1000e: Intel(R) PRO/1000 Network Driver – 1.4.4-k e1000e: Copyright(c) 1999 – 2011 Intel Corporation. e1000e 0000:03:00.0: Disabling ASPM L1 GSI 25 sharing vector 0x52 and IRQ 25 ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 38 (level, low) -> IRQ 82 PCI: Setting latency timer of device 0000:03:00.0 to 64 EDAC MC: Ver: 2.0.1 Feb 21 2012 e1000e 0000:03:00.0: eth0: (PCI Express:2.5GT/s:Width x4) 00:15:17:2d:52:c4 e1000e 0000:03:00.0: eth0: Intel(R) PRO/1000 Network Connection e1000e 0000:03:00.0: eth0: MAC: 0, PHY: 4, PBA No: D28207-005 e1000e 0000:03:00.1: Disabling ASPM L1 GSI 26 sharing vector 0x62 and IRQ 26 ACPI: PCI Interrupt 0000:03:00.1[B] -> GSI 45 (level, low) -> IRQ 98 PCI: Setting latency timer of device 0000:03:00.1 to 64 sd 0:0:0:0: Attached scsi generic sg0 type 0 sd 0:0:1:0: Attached scsi generic sg1 type 0 scsi 3:0:0:0: Attached scsi generic sg2 type 5 e1000e 0000:03:00.1: eth1: (PCI Express:2.5GT/s:Width x4) 00:15:17:2d:52:c5 e1000e 0000:03:00.1: eth1: Intel(R) PRO/1000 Network Connection e1000e 0000:03:00.1: eth1: MAC: 0, PHY: 4, PBA No: D28207-005 bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011) GSI 27 sharing vector 0x72 and IRQ 27 ACPI: PCI Interrupt 0000:01:00.0[A] -> GSI 36 (level, low) -> IRQ 114 PCI: Setting latency timer of device 0000:01:00.0 to 64 eth2: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem da000000, IRQ 114, node addr 0024e86cd577 GSI 28 sharing vector 0x7A and IRQ 28 ACPI: PCI Interrupt 0000:01:00.1[B] -> GSI 48 (level, low) -> IRQ 122 PCI: Setting latency timer of device 0000:01:00.1 to 64 eth3: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem dc000000, IRQ 122, node addr 0024e86cd578 sr0: scsi3-mmc drive: 24x/24x cd/rw xa/form2 cdda tray

cat /etc/udev/rules.d/60-net.rules

ACTION==”add”, SUBSYSTEM==”net”, IMPORT{program}=”/lib/udev/rename_device” SUBSYSTEM==”net”, RUN+=”/etc/sysconfig/network-scripts/net.hotplug”

查看driver和bus-info ethtool -i eth0 driver: bnx2 version: 2.1.11 firmware-version: bc 4.6.4 NCSI 1.0.6 bus-info: 0000:01:00.0 ethtool -i eth1 driver: bnx2 version: 2.1.11 firmware-version: bc 4.6.4 NCSI 1.0.6 bus-info: 0000:01:00.1 ethtool -i eth2 driver: e1000e version: 1.4.4-k firmware-version: 5.11-2 bus-info: 0000:03:00.0 ethtool -i eth3 driver: e1000e version: 1.4.4-k firmware-version: 5.11-2 bus-info: 0000:03:00.1

编辑顺序 DRIVER指driver: e1000e ID是指bus-info:PCI ID

vi /etc/udev/rules.d/60-net.rules

DRIVER==”bnx2″,ID==”0000:01:00.0″,NAME=”eth0″ DRIVER==”bnx2″,ID==”0000:01:00.1″,NAME=”eth1″ DRIVER==”e1000e”,ID==”0000:03:00.0″,NAME=”eth2″ DRIVER==”e1000e”,ID==”0000:03:00.1″,NAME=”eth3″

重启 reboot

input: PC Speaker as /class/input/input0 bnx2: Broadcom NetXtreme II Gigabit Ethernet Driver bnx2 v2.1.11 (July 20, 2011) GSI 25 sharing vector 0x52 and IRQ 25 ACPI: PCI Interrupt 0000:01:00.0[A] -> GSI 36 (level, low) -> IRQ 82 PCI: Setting latency timer of device 0000:01:00.0 to 64 eth0: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem da000000, IRQ 82, node addr 0024e86cd577 GSI 26 sharing vector 0x5A and IRQ 26 ACPI: PCI Interrupt 0000:01:00.1[B] -> GSI 48 (level, low) -> IRQ 90 PCI: Setting latency timer of device 0000:01:00.1 to 64 eth1: Broadcom NetXtreme II BCM5716 1000Base-T (C0) PCI Express found at mem dc000000, IRQ 90, node addr 0024e86cd578 EDAC MC: Ver: 2.0.1 Feb 21 2012 e1000e: Intel(R) PRO/1000 Network Driver – 1.4.4-k e1000e: Copyright(c) 1999 – 2011 Intel Corporation. e1000e 0000:03:00.0: Disabling ASPM L1 GSI 27 sharing vector 0x62 and IRQ 27 ACPI: PCI Interrupt 0000:03:00.0[A] -> GSI 38 (level, low) -> IRQ 98 PCI: Setting latency timer of device 0000:03:00.0 to 64 sd 0:0:0:0: Attached scsi generic sg0 type 0 sd 0:0:1:0: Attached scsi generic sg1 type 0 scsi 3:0:0:0: Attached scsi generic sg2 type 5 e1000e 0000:03:00.0: eth2: (PCI Express:2.5GT/s:Width x4) 00:15:17:2d:52:c4 e1000e 0000:03:00.0: eth2: Intel(R) PRO/1000 Network Connection e1000e 0000:03:00.0: eth2: MAC: 0, PHY: 4, PBA No: D28207-005 e1000e 0000:03:00.1: Disabling ASPM L1 GSI 28 sharing vector 0x72 and IRQ 28 ACPI: PCI Interrupt 0000:03:00.1[B] -> GSI 45 (level, low) -> IRQ 114 PCI: Setting latency timer of device 0000:03:00.1 to 64 e1000e 0000:03:00.1: eth3: (PCI Express:2.5GT/s:Width x4) 00:15:17:2d:52:c5 e1000e 0000:03:00.1: eth3: Intel(R) PRO/1000 Network Connection e1000e 0000:03:00.1: eth3: MAC: 0, PHY: 4, PBA No: D28207-005 sr0: scsi3-mmc drive: 24x/24x cd/rw xa/form2 cdda tray

nagios的check_traffic.sh脚本查看顺序 ./check_traffic.sh -V 2c -C privatepass -H localhost -L

List Interface for host localhost. Interface index 1 orresponding to lo Interface index 2 orresponding to eth0 Interface index 3 orresponding to eth1 Interface index 4 orresponding to eth2 Interface index 5 orresponding to eth3

Posted in linux 维护优化.

Tagged with , .

rev="post-1703" No comments

By C1G 2014/09/24

nagios 监控redis

安装redis支持 perl -MCPAN -e shell cpan>install Redis

下载check_redis.pl http://exchange.nagios.org/directory/Plugins/Databases/check_redis-2Epl/details https://github.com/willixix/WL-NagiosPlugins

测试 ./check_redis.pl -H 192.168.0.130 -p 6379 -a ‘connected_clients,blocked_clients’ -w ~,~ -c ~,~ -f

OK: REDIS 2.6.12 on 192.168.0.130:6379 has 1 databases (db0) with 49801 keys, up 3 days 14 hours – connected_clients is 1, blocked_clients is 0 | connected_clients=1 blocked_clients=0

commands.cfg添加

define command { command_name check_redis command_line $USER1$/check_redis.pl -H $HOSTADDRESS$ -p $ARG1$ -a $ARG2$ -w $ARG3$ -c $ARG4$ -f }

加入主机监控

define service{ use local-service ; Name of service template to use host_name c1gredis service_description redis check_command check_redis!6379!’connected_clients,blocked_clients’!~,~!~,~ notifications_enabled 0 }

重新载入配置。

/etc/init.d/nagios reload

参考: http://exchange.nagios.org/directory/Plugins/Databases/check_redis-2Epl/details http://www.ttlsa.com/nagios/nagios-redis-monitor/ http://bbs.linuxtone.org/thread-6241-1-1.html

Posted in Nagios.

Tagged with , .

rev="post-1700" No comments

By C1G 2014/09/22

Analog的安装与配置,分析汇总多域名web日志

Analog是一款基于C语言功能强大的开源的网站访问日志分析软件,支持多语言(含中文),可以运行在linux,windows下,支持apache、ngix、iis等主流WEB日志.速度飞快,10分钟内可以处理2千万条日志,数据统计以PV为主,相比AwstatsWebalizer 的报告页面简单了点,更漂亮的图表可用Report Magic 2.21.

目前最新版为analog-6.0,作者自19-Dec-04后就没更新过.演示地址 安装很简单,到:http://www.analog.cx/download.html 下载相应的版本,这里以源码版为例:将下载回来的源码包解压到安装目录,再进入该目录执行make命令即可.

wget http://www.analog.cx/analog-6.0.tar.gz tar zxvf analog-6.0.tar.gz cp -ar analog-6.0 /usr/local/ cd /usr/local/analog-6.0 make ln -s analog-6.0 analog mkdir /opt/htdocs/www/analog chown www:website /opt/htdocs/www/analog cp images /opt/htdocs/www/analog/ mkdir conf cp analog.cfg conf/c1g.cfg

配置

vi conf/c1g.cfg

#定义为中文 LANGUAGE SIMP-CHINESE #nginx日志格式 LOGFORMAT (%s – %j [%d/%M/%Y:%h:%n:%j %j] “%j %r %j” %c %b “%f” “%B”\n) #日志文件 LOGFILE /opt/log/Y.%M/*/*c1gstudio.com.log.gz #输出文件 OUTFILE /opt/htdocs/www/analog/c1gstudiolY.%M/index.html #主机名 HOSTNAME “c1gstudio.com” #主机URL HOSTURL http://www.c1gstudio.com/ #web图片目录 IMAGEDIR ../images/ #只列出访问最高的200个页面URL REQFLOOR 1000p #forum.php文件算一个文件 FILEALIAS /forum.php* /forum.php #统计子目录 SUBDIR */*

LOGFORMAT 说明

%S host (the client hostname, or address of the computer making the request) %s numerical IP address of client (if recorded in a separate field; used when %S is empty) %r file requested %q query string (part of filename after ?, if recorded in a separate field) %B browser %A browser with +’s instead of spaces %f referrer %u user (tip: a cookie or session id can usefully be defined as %u too) %v virtual host (the server hostname, also called the virtual domain) %d day of the month %m month in digits %M month, three letter English abbreviation %y year, last two digits %Y year, four digits %Z year, two or four digits (less efficient) %h hour of the day %n minute of the hour %a a or A for am, or p or P for pm, if %h is in the 12-hour clock. (So to match “am” you need %am and to match “AM” you need %aM) %U “Unix time” (seconds since beginning of 1970, GMT). If it includes decimals, use %U.%j %b number of bytes transferred %t processing time in seconds %T processing time in milliseconds %D processing time in microseconds %c HTTP status code %C code words used instead of HTTP status code in some servers — only used internally %j junk: ignore this field (field can be empty too) %w white space: spaces or tabs %W optional white space %% % sign \n new line \t tab stop \\ single backslash

我的nginx日志格式

‘$remote_addr – $remote_user [$time_local] “$request” ‘ ‘$status $body_bytes_sent “$http_referer” ‘ ‘”$http_user_agent” $http_x_forwarded_for’; 183.62.5.13 – – [06/Aug/2014:17:16:44 +0800] “GET /aboutc1g.html HTTP/1.1” 200 6642 “http://www.c1gstudio.com/web/hello.html” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36” 183.62.5.13

我这多了个$http_x_forwarded_for’,后面也要加个%j表示丢弃,它不会处理”-“

LOGFORMAT (%s – %j [%d/%M/%Y:%h:%n:%j %j] “%j %r %j” %c %b “%f” “%B” %j\n)

更多参考

LOGFILE 和OUTFILE说明

LOGFILE new1.log,old.log LOGFILE /opt/log/%Y.%M/%D/.c1gstudio.com.log.gz 支持通配符,日期变量及gz压缩,OUTFILE不会自动创建目录

%D date of month %m month name, in English %M month number %y two-digit year %Y four-digit year %H hour %n minute %w day of week, in English

但是日期不支持运算有点麻烦,需要外部用shell来解决了 更多参考

2014-8-26更新

The arguments to LOGFILE and CACHEFILE commands are checked for containing only certain allowed characters (specifically, letters, digits, /\.:_*? space, and – between two {letter, digit, underscore}’s). This is because they could match an UNCOMPRESS command and thus be passed to the shell when the uncompress command is popen()’ed.

可以将一个月份分成3部分来减轻压力 LOGFILE /opt/log/%Y.%M/[2-3]?/*.c1gstudio.com.log.gz Analog运行时会将日志读到内存中,想要运行快最好准备比日志大的内存,CACHEOUTFILE和CACHEFILE会占用大量空间,感觉没什么用.

配置文件内统计开关变量

MONTHLY ON # one line for each month WEEKLY ON # one line for each week DAILYREP ON # one line for each day DAILYSUM ON # one line for each day of the week HOURLYREP ON # one line for each hour of the day GENERAL ON # the General Summary at the top REQUEST ON # which files were requested FAILURE ON # which files were not found DIRECTORY ON # Directory Report HOST ON # which computers requested files ORGANISATION ON # which organisations they were from DOMAIN ON # which countries they were in REFERRER ON # where people followed links from FAILREF ON # where people followed broken links from SEARCHQUERY ON # the phrases and words they used… SEARCHWORD ON # …to find you from search engines BROWSERSUM ON # which browser types people were using OSREP ON # and which operating systems FILETYPE ON # types of file requested SIZE ON # sizes of files requested STATUS ON # number of each type of success and failure

命令行参数

x GENERAL General Summary 1 YEARLY Yearly Report Q QUARTERLY Quarterly Report m MONTHLY Monthly Report W WEEKLY Weekly Report D DAILYREP Daily Report d DAILYSUM Daily Summary H HOURLYREP Hourly Report h HOURLYSUM Hourly Summary w WEEKHOUR Hour of the Week Summary 4 QUARTERREP Quarter-Hour Report 6 QUARTERSUM Quarter-Hour Summary 5 FIVEREP Five-Minute Report 7 FIVESUM Five-Minute Summary S HOST Host Report l REDIRHOST Host Redirection Report L FAILHOST Host Failure Report Z ORGANISATION Organisation Report o DOMAIN Domain Report r REQUEST Request Report i DIRECTORY Directory Report t FILETYPE File Type Report z SIZE File Size Report P PROCTIME Processing Time Report E REDIR Redirection Report I FAILURE Failure Report f REFERRER Referrer Report s REFSITE Referring Site Report N SEARCHQUERY Search Query Report n SEARCHWORD Search Word Report Y INTSEARCHQUERY Internal Search Query Report y INTSEARCHWORD Internal Search Word Report k REDIRREF Redirected Referrer Report K FAILREF Failed Referrer Report B BROWSERREP Browser Report b BROWSERSUM Browser Summary p OSREP Operating System Report v VHOST Virtual Host Report R REDIRVHOST Virtual Host Redirection Report M FAILVHOST Virtual Host Failure Report u USER User Report j REDIRUSER User Redirection Report J FAILUSER User Failure Report c STATUS Status Code Report

#+a可以带上全部统计 更多参考

#输出当前配置 analog -settings > file

#使用命令行配置LOGFILE和OUTFILE ./analog +O/opt/htdocs/www/analog/c1gstudio2014.html /opt/log/2014.08/02/*.c1gstudio.com.log.gz 我使用时一直会报日志格式错误,无法出报告

#我使用的参数 /usr/local/analog -G +g/usr/local/analog/conf/c1g.cfg +b +s +S -n -o -Z -r +b 浏览器概要报告 -n 检索字报告 +s 来源网站报告 -o 网域报告 -Z 来源组织单位报告 +S 主机报告 -r 请求报告

-G 不读analog.cfg +g读取自定义配置文件

我这每日报告用awstats统计,每月报告用analog统计,每个域名汇总一个月报告. 日志按天存放在/opt/log/2014.08/07/目录下 www.c1gstudio.com.log.gz blog.c1gstudio.com.log.gz www.c1g.com.log.gz

每日运行完awstats后运行analog crontab

10 5 * * * /bin/sh /opt/shell/analog.sh > /dev/null 2>&1

vi /opt/shell/analog.sh

#!/bin/sh ana_dir=/usr/local/analog/ web_dir=/opt/htdocs/www/analog/ conf_dir=”${ana_dir}/conf/” today=`date +%d` yesterday=`date +%Y%m%d` lastday_month=`date +%Y.%m -d ‘1 day ago’` lastday_day=`date +%d -d ‘1 day ago’` c1g_LOGFILE=/opt/log/${lastday_month}/*/*c1gstudio.com.log.gz c1g_OUTFILE=${web_dir}c1gstudio${lastday_month}/index.html POST_LOGFILE=/opt/log/${lastday_month}/*/c1g.com.log.gz POST_OUTFILE=${web_dir}c1g${lastday_month}/index.html #if [ $today == “02” ]; then if [ ! -d $(dirname “${c1g_OUTFILE}”) ]; then mkdir -p $(dirname “${c1g_OUTFILE}”) chown www:website $(dirname “${c1g_OUTFILE}”) fi if [ ! -d $(dirname “${POST_OUTFILE}”) ]; then mkdir -p $(dirname “${POST_OUTFILE}”) chown www:website $(dirname “${POST_OUTFILE}”) fi sed -i “s;LOGFILE.*;LOGFILE ${c1g_LOGFILE};” ${conf_dir}c1gstudio.cfg sed -i “s;OUTFILE.*;OUTFILE ${c1g_OUTFILE};” ${conf_dir}c1gstudio.cfg sed -i “s;LOGFILE.*;LOGFILE ${POST_LOGFILE};” ${conf_dir}c1g.cfg sed -i “s;OUTFILE.*;OUTFILE ${POST_OUTFILE};” ${conf_dir}c1g.cfg #fi ${ana_dir}analog -G +g${conf_dir}c1gstudio.cfg +b +D -d +s +S -n -o -Z -r ${ana_dir}analog -G +g${conf_dir}c1g.cfg +b +D -d +s +S -n -o -Z +r

Posted in 日志.

Tagged with , .

rev="post-1691" No comments

By C1G 2014/08/08

升级postfix至postfix-2.10.3

已有sasl2和mysql情况下

chkconfig sendmail off /etc/rc.d/init.d/sendmail stop

关闭原有的sendmail:

mv /usr/sbin/sendmail /usr/sbin/sendmail.OFF mv /usr/bin/newaliases /usr/bin/newaliases.OFF mv /usr/bin/mailq /usr/bin/mailq.OFF chmod 755 /usr/sbin/sendmail.OFF /usr/bin/newaliases.OFF /usr/bin/mailq.OFF

文件解锁,可省略

chattr -i /etc/passwd /etc/shadow /etc/group /etc/gshadow /etc/services

添加用户和组,已有可省略

groupadd -g 2525 postfix useradd -g postfix -u 2525 -s /sbin/nologin -M postfix groupadd -g 2526 postdrop useradd -g postdrop -u 2526 -s /sbin/nologin -M postdrop

sasl升级安装

ftp://ftp.cyrusimap.org/cyrus-sasl/cyrus-sasl-2.1.26.tar.gz tar zxvf cyrus-sasl-2.1.26.tar.gz cd cyrus-sasl-2.1.26 ./configure –prefix=/usr/local/sasl2 –disable-gssapi –disable-anon –disable-sample –disable-digest –enable-plain –enable-login –enable-sql make make install 移除旧版 mv /usr/lib/libsasl2.a /usr/lib/libsasl2.a.OFF mv /usr/lib/libsasl2.la /usr/lib/libsasl2.la.OFF mv /usr/lib/libsasl2.so.2.0.19 /usr/lib/libsasl2.so.2.0.19.OFF mv /usr/lib/sasl2 /usr/lib/sasl2.OFF rm /usr/lib/libsasl2.so rm /usr/lib/libsasl2.so.2 ln -sv /usr/local/sasl2/lib/* /usr/lib postfix 2.3以后的版本会分别在/usr/local/lib和/usr/local/include中搜索sasl库文件及头文件,故还须将其链接至此目录中: ln -sv /usr/local/sasl2/lib/* /usr/local/lib ln -sv /usr/local/sasl2/include/sasl/* /usr/local/include postfix升级安装 wget ftp://ftp.reverse.net/pub/postfix/official/postfix-2.10.3.tar.gz tar xfv postfix-2.10.3.tar.gz cd postfix-2.10.3 make tidy make -f Makefile.init makefiles ‘CCARGS=-DUSE_SASL_AUTH -I/usr/local/sasl2’ ‘AUXLIBS=-L/usr/local/sasl2 -lsasl2 ‘ make && make install 安装配置 /bin/sh postfix-install Warning: if you use this script to install Postfix locally, this script will replace existing sendmail or Postfix programs. Make backups if you want to be able to recover. Before installing files, this script prompts you for some definitions. Most definitions will be remembered, so you have to specify them only once. All definitions should have a reasonable default value. Please specify the prefix for installed file names. Specify this ONLY if you are building ready-to-install packages for distribution to OTHER machines. See PACKAGE_README for instructions. install_root: [/] Please specify a directory for scratch files while installing Postfix. You must have write permission in this directory. tempdir: [/root/src/lempelf/packages/postfix-2.10.3] /tmp Please specify the final destination directory for installed Postfix configuration files. config_directory: [/etc/postfix] /etc/postfix Please specify the final destination directory for installed Postfix administrative commands. This directory should be in the command search path of adminstrative users. command_directory: [/usr/sbin] /usr/local/postfix/libexec Please specify the final destination directory for installed Postfix daemon programs. This directory should not be in the command search path of any users. daemon_directory: [/usr/libexec/postfix] /usr/local/postfix/sbin Please specify the final destination directory for Postfix-writable data files such as caches or random numbers. This directory should not be shared with non-Postfix software. data_directory: [/var/lib/postfix] Please specify the final destination directory for the Postfix HTML files. Specify “no” if you do not want to install these files. html_directory: [no] Please specify the owner of the Postfix queue. Specify an account with numerical user ID and group ID values that are not used by any other accounts on the system. mail_owner: [postfix] Please specify the final destination pathname for the installed Postfix mailq command. This is the Sendmail-compatible mail queue listing command. mailq_path: [/usr/bin/mailq] Please specify the final destination directory for the Postfix on-line manual pages. You can no longer specify “no” here. manpage_directory: [/usr/local/man] Please specify the final destination pathname for the installed Postfix newaliases command. This is the Sendmail-compatible command to build alias databases for the Postfix local delivery agent. newaliases_path: [/usr/bin/newaliases] Please specify the final destination directory for Postfix queues. queue_directory: [/var/spool/postfix] Please specify the final destination directory for the Postfix README files. Specify “no” if you do not want to install these files. readme_directory: [no] Please specify the final destination pathname for the installed Postfix sendmail command. This is the Sendmail-compatible mail posting interface. sendmail_path: [/usr/sbin/sendmail] Please specify the group for mail submission and for queue management commands. Specify a group name with a numerical group ID that is not shared with other accounts, not even with the Postfix mail_owner account. You can no longer specify “no” here. setgid_group: [postdrop] 重新关联 newaliases chown root /etc/postfix/main.cf chown -R postfix:postdrop /var/spool/postfix chown -R postfix:postdrop /var/lib/postfix/ chown root /var/spool/postfix chown -R root /var/spool/postfix/pid vi /etc/postfix/main.cf 修改以下几项为您需要的配置 myhostname = mail.c1gstudio.com myorigin = c1gstudio.com mydomain = c1gstudio.com mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain mynetworks = 192.168.1.0/24, 127.0.0.0/8 启动 sendmail -bd 测试 mail -s “test” [email protected]

Posted in Mail/Postfix.

Tagged with .

rev="post-1685" No comments

By C1G 2014/07/16