Most of the time, server load is caused by high traffic on the server. In such cases, it is important to quickly analyze the HTTP traffic on the server. Following are four different scripts that you can use to analyze the traffic server based on the situation.

1. You identified that Apache failed in a particular instant of time, and wanted to know what was there in access logs. If there is only one domain and error logs has clues, the answer is straight forward. Otherwise, you can use the following script to check what information is available in logs.

hits.sh

#!/bin/bash

if[ $# -ne 1]
then
echo “Usage: sh hits.sh 04/Aug/2013:10:00:52”
exit
fi
for d in $(awk ‘{print $1}’ /etc/userdomains|cut -d: -f1|sed ‘/*/d’) do
if [ “$d” == “*” ]
then
continue
fi
if [ -e /usr/local/apache/domlogs/”$d” ]
then
grep “$1″ /usr/local/apache/domlogs/”$d”
if [ $? -eq 0 ]
then
echo -e “$d\n\n”
fi
fi
done

Sample usage:

root@hostn [~]# sh hits.sh 02/Jan/2015:17:50:22
x.x.x.x – [10/Jan/2015:17:50:22 +0200] “GET /wp-content/themes/eNews/images/footer-top-bg.jpg HTTP/1.1′′ 200 7503 “http://www.%5Bb%5D%5B/b%5Ddomain.com/xxxk/xxxx” “Mozilla/30.0 (Windows NT 6.1; WOW64) AppleWebKit/xxx.7 (KHTML, like Gecko) Chrome/x.x.x.x Safari/xxx.7′′

2. In some cases, you may need to assess the hits on a server on a particular minute to identify which domain was having a high traffic at that time. In that case, you may use the following script.

traffic.sh

#!/bin/bash

if[$# -ne 1]

then

echo“Usage: sh traffic.sh 04/Jan/2015:10:10′′ exit
fi

arg=$(echo “$1′′|awk ‘BEGIN{FS=”[/:]”}{print NF}’)

if[ $arg -ne 5]
then
echo “Usage: sh traffic.sh 04/Jan/2015:10:10′′ echo “Do not input seconds!”
exit
fi

for din $(awk‘{print $1}’ /etc/userdomains|cut -d: -f1) do
if [ “$d” == “*” ]
then

continue
fi
if [ -e /usr/local/apache/domlogs/”$d” ]
then
total=$(grep -c “$1′′ /usr/local/apache/domlogs/”$d”) if [ $total -ne 0 ]
then
echo “${d} – ${total}”
fi
fi
done

Sample usage:

root@hostn [~]# sh traffic.sh 03/Jan/2015:17:50 domain.com – 1
domain1.com – 71
domain2.com – 18

domain3.com – 110 root@hostn [~]#

3. Once you have identified the domain having highest hits, you may need to check the traffic of that domain for a day. You may use the following script for it.

trafficc.sh

#!/bin/bash

if[ $# -ne 2]
then
echo “Usage: shtraffcc.sh domain.com 09/Jan/2015′′ exit

fi

if[!-e/usr/local/apache/domlogs/”$1′′]then
Echo “Domain is not found in domlogs folder” exit

fi

forh in `seq-w 0 23`
do
echo -n “Date: $2, hour: $h, site requests: ”
grep “${2}:${h}:” /usr/local/apache/domlogs/”$1′′ |wc -l done

Sample usage:

root@host [~]# sh trafficc.sh g.com 10/Jan/2015 Date: 10/Jan/2015, hour: 00, site requests: 1 Date: 10/Jan/2015, hour: 01, site requests: 0 Date: 10/Jan/2015, hour: 02, site requests: 3 Date: 10/Jan/2015, hour: 03, site requests: 0 Date: 10/Jan/2015, hour: 04, site requests: 3 Date: 10/Jan/2015, hour: 05, site requests: 20 Date: 10/Jan/2015, hour: 06, site requests: 4 Date: 10/Jan/2015, hour: 07, site requests: 6 Date: 10/Jan/2015, hour: 08, site requests: 4 Date: 10/Jan/2015, hour: 09, site requests: 2 Date: 10/Jan/2015, hour: 10, site requests: 15 Date: 10/Jan/2015, hour: 11, site requests: 7 Date: 10/Jan/2015, hour: 12, site requests: 5 Date: 10/Jan/2015, hour: 13, site requests: 8 Date: 10/Jan/2015, hour: 14, site requests: 4 Date: 10/Jan/2015, hour: 15, site requests: 16 Date: 10/Jan/2015, hour: 16, site requests: 59 Date: 10/Jan/2015, hour: 17, site requests: 68 Date: 10/Jan/2015, hour: 18, site requests: 0 Date: 10/Jan/2015, hour: 19, site requests: 0 Date: 10/Jan/2015, hour: 20, site requests: 0 Date: 10/Jan/2015, hour: 21, site requests: 0 Date: 10/Jan/2015, hour: 22, site requests: 0 Date: 10/Jan/2015, hour: 23, site requests: 0 root@host [~]#

4. To find the WordPress plugins getting maximum hits, you can use the following script.

plugins.sh

#!/bin/bash

LIMIT=200

if[ $# -ne 1]
then
echo “Usage: sh plugins.sh domain.com” exit
fi

if[!-e/usr/local/apache/domlogs/”$1′′]
then
echo “The domain is not found in domlogs folder” exit
fi

grepplugin /usr/local/apache/domlogs/”$1′′|awk‘{print $7}’|cut -d ‘/’ -f4|grep -v index.php|sort|uniq-c|awk‘{if($1>’$LIMIT’)print}’

Sample usage:

root@host [~]# sh plugins.sh g.com 232 contact-form-7
root@host [~]#

You can edit the value for LIMIT to find plugins that are getting more hits than that value.