Got paged at 06:30, second disk alert on an Apache proxy in 24 hours.
$ tail -500 access_log | awk '{ print $11 }' | while read l ;
do echo "$l" | cksum; done | sort | uniq -c | sort -rnk1
254 646511054 1131
241 4112021984 1128
1 785623522 964
1 3691076460 4
1 3287357281 899
1 2484884658 1131
1 2437517015 72
Looks like 99% of requests are the same 2 things. Eyeballing demonstrates my hosts are getting polled hard by a user. They are suspended until they explain what they are doing to generate ~15 gigs of logging all by themselves every 20 hours.
Top comments (0)