Simple script to pinpoint what site is causing high activity on Apache
Introduction
This is a script to pinpoint what site is causing high activity on a server by reading appended lines to logs the last 10 seconds and differ.
For this to work your VirtualHosts need to specify log location for every site, like the following standard:
# website.tld
<VirtualHost *:80>
...
ErrorLog /var/log/httpd/website1.tld_error_log
CustomLog /var/log/httpd/website1.tld_access_log common
...
</VirtualHost>
The script
#!/bin/bash
# Count appended lines last 10 seconds simultanously
# CentOS/RHEL
LOGPATH="/var/log/httpd/"
# Ubuntu/Debian
# LOGPATH="/var/log/apache2/"
main() {
echo ""
echo "access + error log activity last 10 seconds"
echo "- Ignoring logs with 0 activity"
echo ""
echo "Processing..."
looplogs
read
}
looplogs() {
for i in ${LOGPATH}*access_log*; do
(
before=$(wc -l < $i)
sleep 10
after=$(wc -l < $i)
let dif=after-before
if [[ $dif -ne 0 ]]; then
echo "ACCESS LOG: $i - $dif"
fi
) &
done
for i in ${LOGPATH}*error_log*; do
(
before=$(wc -l < $i)
sleep 10
after=$(wc -l < $i)
let dif=after-before
if [[ $dif -ne 0 ]]; then
echo "ERROR LOG: $i - $dif"
fi
) &
done
}
main
The script will loop through the files simultanously and display the output to you, displaying log files with activity (appended lines last 10 seconds).
Output sample
[root@hostname ~]# ./countrequests.sh
access + error log activity last 10 seconds
- Ignoring logs with 0 activity
Processing...
ACCESS LOG: /var/log/httpd/website1.tld_access_log - 1
ACCESS LOG: /var/log/httpd/website2.tld_access_log - 1
ACCESS LOG: /var/log/httpd/website3.tld_access_log - 1
ACCESS LOG: /var/log/httpd/website4.tld_access_log - 4
ACCESS LOG: /var/log/httpd/website5.tld_access_log - 4
ERROR LOG: /var/log/httpd/website2.tld_error_log - 2
ERROR LOG: /var/log/httpd/website7.tld_error_log - 13
ACCESS LOG: /var/log/httpd/access_log - 17
ERROR LOG: /var/log/httpd/error_log - 8
ACCESS LOG: /var/log/httpd/website6.tld - 40
ACCESS LOG: /var/log/httpd/website7.tld_access_log - 157