监听日志来排查连接风暴

标签：10 MAR 30 排查 01 2018 print 日志监听

一.监听日志：

01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(INSTANCE_NAME=crmdb21)(CID=(PROGRAM=UnifyFileDeal)(HOST=ncrminf2)(USER=intfile))) * (ADDRESS=(PROTOC
OL=tcp)(HOST=10.32.205.240)(PORT=60854)) * establish * crmdb2 * 0
01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(INSTANCE_NAME=crmdb21)(CID=(PROGRAM=UnifyFileDeal)(HOST=ncrminf1)(USER=intfile))) * (ADDRESS=(PROTOC
OL=tcp)(HOST=10.32.205.239)(PORT=55267)) * establish * crmdb2 * 0
01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(FAILOVER_MODE=(METHOD=BASIC)(TYPE=SESSION)(RETRIES=120)(DELAY=5))(CID=(PROGRAM=plugbankpaydea)(HOST=
nuiapp1)(USER=uig))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.32.205.251)(PORT=51087)) * establish * crmdb2 * 0
01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(FAILOVER_MODE=(METHOD=BASIC)(TYPE=SESSION)(RETRIES=120)(DELAY=5))(CID=(PROGRAM=plugbankpaydea)(HOST=
nuiapp1)(USER=uig))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.32.205.251)(PORT=51093)) * establish * crmdb2 * 0
01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(FAILOVER_MODE=(METHOD=BASIC)(TYPE=SESSION)(RETRIES=120)(DELAY=5))(CID=(PROGRAM=plugbankpaydea)(HOST=
nuiapp1)(USER=uig))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.32.205.251)(PORT=51097)) * establish * crmdb2 * 0
01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(FAILOVER_MODE=(METHOD=BASIC)(TYPE=SESSION)(RETRIES=120)(DELAY=5))(CID=(PROGRAM=plugbankpaydea)(HOST=
nuiapp1)(USER=uig))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.32.205.251)(PORT=51098)) * establish * crmdb2 * 0
01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(FAILOVER_MODE=(METHOD=BASIC)(TYPE=SESSION)(RETRIES=120)(DELAY=5))(CID=(PROGRAM=plugbankpaydea)(HOST=
nuiapp1)(USER=uig))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.32.205.251)(PORT=51102)) * establish * crmdb2 * 0
01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(FAILOVER_MODE=(METHOD=BASIC)(TYPE=SESSION)(RETRIES=120)(DELAY=5))(CID=(PROGRAM=plugbankpaydea)(HOST=
nuiapp1)(USER=uig))) * (ADDRESS=(PROTOCOL=tcp)(HOST=10.32.205.251)(PORT=51100)) * establish * crmdb2 * 0
01-MAR-2018 00:02:09 * (CONNECT_DATA=(SERVER=DEDICATED)(SERVICE_NAME=crmdb2)(INSTANCE_NAME=crmdb21)(CID=(PROGRAM=UnifyFileDeal)(HOST=ncrminf1)(USER=intfile))) * (ADDRESS=(PROTOC
OL=tcp)(HOST=10.32.205.239)(PORT=55302)) * establish * crmdb2 * 0

awk '{print $1 " " $2}'其中的" "表示在$1和$2中输出空格
awk -F :表示分隔符是：
sort表示按照时间排序
uniq -c表示排序后计算count
NF代表：浏览记录的域的个数, print NF表示输出域的个数、print $NF代表最后一个Field列
$NF代表：最后一个Field(列)

二.按照小时统计每小时请求数:

fgrep "13-JAN-2015 " anbob_listener.log  |fgrep "establish" |awk '{print $1 " " $2}' |awk -F: '{print $1 }' |sort |uniq -c

示例：oracle->12c@ncrmdb21:/oracle/app/12.1.0/grid/network/log$ 
fgrep "01-MAR-2018 " listener_20180301.log  |fgrep "establish" |awk '{print $1 " " $2}' |awk -F ':' '{print $1 }' |sort |uniq -c
42407 01-MAR-2018 00
50350 01-MAR-2018 01
51627 01-MAR-2018 02
57079 01-MAR-2018 03
79184 01-MAR-2018 04
49170 01-MAR-2018 05
72350 01-MAR-2018 06
56653 01-MAR-2018 07
44060 01-MAR-2018 08
43585 01-MAR-2018 09
20505 01-MAR-2018 10

三.按照分钟统计每分钟请求数

fgrep "13-JAN-2015 11:" anbob_listener.log  |fgrep "establish" |awk '{print $1 " " $2}' |awk -F: '{print $1 ":" $2 }' |sort |uniq -c

示例：oracle->12c@ncrmdb21:/oracle/app/12.1.0/grid/network/log$ 
fgrep "01-MAR-2018 10:0" listener_20180301.log  |fgrep "establish" |awk '{print $1 " " $2}' |awk -F ':' '{print $1 ":" $2 }' |sort |uniq -c
1125 01-MAR-2018 10:00
 674 01-MAR-2018 10:01
 689 01-MAR-2018 10:02
 802 01-MAR-2018 10:03
 640 01-MAR-2018 10:04
1038 01-MAR-2018 10:05
 829 01-MAR-2018 10:06
 618 01-MAR-2018 10:07
 734 01-MAR-2018 10:08
 570 01-MAR-2018 10:09

四.按照秒钟统计每秒钟请求数：

fgrep "13-JAN-2015 11:30" anbob_listener.log  |fgrep "establish" |awk '{print $1 " " $2}' |awk -F: '{print $1 ":" $2 ":" $3 }' |sort |uniq -c

示例：oracle->12c@ncrmdb21:/oracle/app/12.1.0/grid/network/log$ 
fgrep "01-MAR-2018 10:30" listener_20180301.log  |fgrep "establish" |awk '{print $1 " " $2}' |awk -F ':' '{print $1 ":" $2 ":" $3}' |sort |uniq -c
  27 01-MAR-2018 10:30:00
  35 01-MAR-2018 10:30:01
  26 01-MAR-2018 10:30:02
  25 01-MAR-2018 10:30:03
  14 01-MAR-2018 10:30:04
  12 01-MAR-2018 10:30:05
  10 01-MAR-2018 10:30:06
  14 01-MAR-2018 10:30:07
  41 01-MAR-2018 10:30:08
  26 01-MAR-2018 10:30:09
  49 01-MAR-2018 10:30:10
  51 01-MAR-2018 10:30:11
  48 01-MAR-2018 10:30:12
  53 01-MAR-2018 10:30:13
  37 01-MAR-2018 10:30:14
  47 01-MAR-2018 10:30:15
  28 01-MAR-2018 10:30:16
  25 01-MAR-2018 10:30:17
  38 01-MAR-2018 10:30:18
  19 01-MAR-2018 10:30:19
  15 01-MAR-2018 10:30:20
  18 01-MAR-2018 10:30:21
   7 01-MAR-2018 10:30:22
  12 01-MAR-2018 10:30:23
   5 01-MAR-2018 10:30:24
   8 01-MAR-2018 10:30:25
  14 01-MAR-2018 10:30:26

五.指定的一小时内每分钟连接创建失败数

fgrep "11-JAN-2015 11:" anbob_listener.log |awk  '{ if ( $NF != 0 ) print $0 }'|awk '{print $1 " " $2}' |awk -F: '{print $1 ":" $2 }' |sort |uniq -c

示例：oracle->12c@ncrmdb21:/oracle/app/12.1.0/grid/network/log$ #
fgrep "13-JAN-2015 11:30" anbob_listener.log|awk  '{ if ( $NF != 0 ) print $0 }'|awk '{print $1 " " $2}' |awk -F: '{print $1 ":" $2 }' |sort |uniq -c

六.指定的一小时内每IP请求数

fgrep "11-JAN-2015 11:" anbob_listener.log|fgrep "establish"|awk -F* '{print $3}'|awk -F= '{ print $4}'|sed -e 's/......$//g'|sort |uniq -c|sort

示例：oracle->12c@ncrmdb21:/oracle/app/12.1.0/grid/network/log$ 
fgrep "01-MAR-2018 10:" listener_20180301.log|fgrep "establish"|awk -F* '{print $3}'|awk -F= '{ print $4}'|sed -e 's/......$//g'|sort |uniq -c|sort
……
 139 10.33.215.239
 153 10.33.210.43
 280 10.33.209.247
 332 10.32.204.152
 384 10.33.209.248
 413 10.32.221.36
 565 10.33.219.132
 592 10.33.215.240
 610 10.33.219.76
 624 10.33.219.104
 624 10.33.219.128
 657 10.33.219.127
 665 10.33.219.96
 705 10.32.218.218
 709 10.32.213.172
 711 10.33.219.74
 981 10.33.210.44
1033 10.32.213.171
1815 10.32.204.151
20124 10.32.205.251
2528 10.32.113.37
2751 10.32.205.240
5147 10.32.205.239

七.指定的分钟内每IP请求数

fgrep "11-JAN-2015 11:30" anbob_listener.log|fgrep "establish"|awk -F* '{print $3}'|awk -F= '{ print $4}'|sed -e 's/......$//g'|sort |uniq -c|sort

示例：oracle->12c@ncrmdb21:/oracle/app/12.1.0/grid/network/log$ 
fgrep "01-MAR-2018 10:30" listener_20180301.log|fgrep "establish"|awk -F* '{print $3}'|awk -F= '{ print $4}'|sed -e 's/......$//g'|sort |uniq -c|sort 
……
  10 10.33.219.128
  10 10.33.219.132
  10 10.33.219.96
  11 10.32.218.218
  11 10.33.219.104
  11 10.33.219.127
  11 10.33.219.74
  11 10.33.219.76
  20 10.33.210.44
  21 10.32.213.171
  24 10.32.204.152
  28 10.32.213.172
  30 10.32.204.151
  80 10.32.113.37
 139 10.32.205.240
 163 10.32.205.239
 498 10.32.205.251

标签：10,MAR,30,排查,01,2018,print,日志,监听
From： https://blog.51cto.com/u_13482808/7391514