How to count top ip addresses by bytes served from Apache Server

Example to list the top 10 IP addresses which use most of your Apache bandwidth:

sudo awk '{a[$1]+=$10}END{for(x in a)print x, a[x]}' /var/log/httpd/access_log |sort -r -n -k2|head -n10

/var/log/httpd/access_log is the location of your apache server log using combined log format,

awk '{print $1}' combined_log         # ip address (%h)

awk '{print $10}' combined_log        # size (%b)
Quick reference of the combined log format:%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-agent}i"
%h = IP address of the client (remote host) which made the request %l = RFC 1413 identity of the client %u = userid of the person requesting the document %t = Time that the server finished processing the request %r = Request line from the client in double quotes %>s = Status code that the server sends back to the client %b = Size of the object returned to the client
The final two items: Referer and User-agent give details on where the request originated and what type of agent made the request.


Popular posts from this blog

Check MySQL query history from command line

Fixed: ImportError: No module named