0

Is there any way to see in real-time the connections to my server and through which domains ?

Without having to inspect the access.log file, I would like to run a monitor in the shell instead.

Ubuntu 10 Webserver: lighttpd

thanks

Sample line from access.log

::ffff:000.00.00.000 www.domain.com - [10/Nov/2010:12:42:49 +0100] "GET / HTTP/1.1" 200 295 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10"
aneuryzm
  • 1,614
  • 5
  • 25
  • 40

3 Answers3

2

There is a package called iptraf which will show you the connections to your Server.

You can install it by issueing sudo apt-get install iptraf

Access.log Method

You can also use the following command to extract the information from your access.log

tail -f access.log | awk '{print $1 "\t"  $2}'

In my instance this lists the remote IP and HTTP 1.1 Hostname provided by the UA.

Explanation of the command

So let's take a brief look at the command I have shown above:

Actually these are two commands named tail and awk. tail will normally output the last 10 lines of a file but with the -f parameter we ask it to keep looking at the file and print new lines as they are written to the file.

The Pipe (|) is a well known character as it uses the output of a program (i.e. tail) as another programs input (i.e. awk).

Finally the second command awk '{print $1 "\t" $2}' takes the input from tail and limits the output to the columns we need. ( In my example these were the first to columns so I used $1 and $2. If your access.log uses another column order you might want to change the numbers accordingly.

This will generate a real-time list similiar to this: 

92.17.166.190--pacey.me
92.17.166.191--pacey.me
92.17.166.192--anotherdomain.com
92.17.166.193--anotherdomain.com

Regarding your problems

I tried to reproduce the error you're getting with the following command. 

echo ::ffff:000.00.00.000 www.domain.com - [10/Nov/2010:12:42:49 +0100] "GET / HTTP/1.1" 200 295 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.10) Gecko/20100914 Firefox/3.6.10" |  awk '{print $1 "\t"  $2}'

But even than it worked for me: 

::ffff:000.00.00.000    www.domain.com
pacey
  • 3,833
  • 1
  • 15
  • 31
  • @pacey Nice thanks, however I cannot see which domain they are currently using to connect. I need to know which website on my server they are visiting. – aneuryzm Nov 09 '10 at 14:53
  • @pacey hey, sorry I don't notice your answers updates when you don't leave a comment @. What's exactly doing the line you added ? Is it related to iptraf or it is just displaying info in the terminal ? (Just to be sure before to run it) thanks – aneuryzm Nov 09 '10 at 16:05
  • @pacey Great, thanks very much for the explaination. However I cannot see anything in the terminal. I've run the (copy-pasted) command in the access.log directory (/var/log/lighttpd). It runs. Then I'vevisited the website with my browser, but nothing happens in the terminal. – aneuryzm Nov 09 '10 at 19:24
  • does `tail -f /var/log/lighttpd/access.log` output something when you visit the website (1st command, then try to connect) – pacey Nov 09 '10 at 19:26
  • @pacey Yeah, it outputs the last lines of the file thanks. Indeed it is a bit messy. If I add the pipeline and "awk" i cannot see anything instead. – aneuryzm Nov 10 '10 at 11:44
  • I've added to the question a line of my access.log so you can see the syntax – aneuryzm Nov 10 '10 at 11:45
  • @pacey I don't any error, the terminal is busy but I don't get any message) but ok.. nevermind, I can use just tail, I don't want to bother you anymore with this! thanks – aneuryzm Nov 10 '10 at 12:56
0

try topvhost

http://freshmeat.net/projects/topvhost

jamespo
  • 1,698
  • 12
  • 12
  • Uhm, it seems I can only compile it in order to install it. Is there also in aptitude (Ubuntu 10) – aneuryzm Nov 09 '10 at 15:24
  • doubt it, why not compile it? – jamespo Nov 09 '10 at 16:09
  • Because a binary package from the OS Distributor would be supported maybe. Even if it's not supported by canonical it would be more convenient and save to use the package manager of the system than compile it for by hand everytime you update. – pacey Nov 09 '10 at 16:13
0

Since the log format is pretty much the same than with Apache, apachetop might work for you.

It's available in Ubuntu package repositories, so sudo apt-get install apachetop should install it in no time.

Usage: apachetop -f /path/to/your/access.log

Janne Pikkarainen
  • 31,454
  • 4
  • 56
  • 78