You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Difference between revisions of "User:Jbond/debuging"

From Wikitech-static
Jump to navigation Jump to search
imported>Jbond
(Created page with "= Sampled-1000.json on centrallog1001 = === Grep-able oputput === <syntaxhighlight lang=console> $ jq -r "[.uri_path,.hostname,.user_agent,.ip] | @csv" /srv/log/webrequest/...")
 
imported>Jbond
Line 33: Line 33:
<syntaxhighlight lang=console>
<syntaxhighlight lang=console>
$ sudo tcpdump -i enp4s0f0 -pn -c 100000 | sed -r 's/.* IP6? //;s/\.[^\.]+ .*//' | sort | uniq -c | sort -nr | head -20
$ sudo tcpdump -i enp4s0f0 -pn -c 100000 | sed -r 's/.* IP6? //;s/\.[^\.]+ .*//' | sort | uniq -c | sort -nr | head -20
</syntaxhighlight>
= CP Server =
=== Check the connection tuples for the varnish ===
<syntaxhighlight lang=console>
$ sudo ss -tan 'sport = :3120' | awk '{print $(NF)" "$(NF-1)}' | sed 's/:[^ ]*//g' | sort | uniq -c
</syntaxhighlight>
The number of avaible ports which also maps to tuples is available from if the number above is equal to approaching the number of available ports from below then there could ba en issue
<syntaxhighlight lang=console>
$ cat /proc/sys/net/ipv4/ip_local_port_range
</syntaxhighlight>
</syntaxhighlight>

Revision as of 14:40, 16 February 2021

Sampled-1000.json on centrallog1001

Grep-able oputput

$ jq  -r "[.uri_path,.hostname,.user_agent,.ip] | @csv" /srv/log/webrequest/sampled-1000.json

Select all requests with a specific user_agent and .referer

$ jq -r 'if .user_agent == "-" and .referer == "-" then [.uri_path,.hostname,.user_agent,.ip] else empty end | @csv' /srv/log/webrequest/sampled-1000.json

List of the top 10 IPs by response size

$ head -n 2560000 /srv/log/webrequest/sampled-1000.json | jq -r '.ip + " " + (.response_size | tostring)' | awk '{ sum[$1] += $2 } END { for (ip in sum) print sum[ip],ip }' | sort -nr | head -10

mw server

list all ips which have made more the 100 large requests

$ awk '$2>60000 {print $11}' /var/log/apache2/other_vhosts_access.log | sort | uniq -c | awk '$1>100 {print}'

LVS Server

Sample 100k pkts and list top talkers

$ sudo tcpdump -i enp4s0f0 -pn -c 100000 | sed -r 's/.* IP6? //;s/\.[^\.]+ .*//' | sort | uniq -c | sort -nr | head -20


CP Server

Check the connection tuples for the varnish

$ sudo ss -tan 'sport = :3120' | awk '{print $(NF)" "$(NF-1)}' | sed 's/:[^ ]*//g' | sort | uniq -c

The number of avaible ports which also maps to tuples is available from if the number above is equal to approaching the number of available ports from below then there could ba en issue

$ cat /proc/sys/net/ipv4/ip_local_port_range