1
mahone3297 2014-05-22 09:58:10 +08:00
如何监控流入流出流量?请教。。。
|
2
hq5261984 2014-05-22 09:59:25 +08:00
是否有视频或者大型文件在服务器上。如果有可能是迅雷或者干的。
|
3
mhycy 2014-05-22 10:02:04 +08:00
查查日志?
|
4
bobopu OP @mahone3297 最简单的,阿里云云盾里可以很清楚的看到,如果你不是阿里云的主机,可以装个安全狗也能看到。
|
7
ericls 2014-05-22 10:10:24 +08:00 via Android 1
iftop
|
8
ShunYea 2014-05-22 11:19:41 +08:00
被盗链了?
|
9
bobopu OP @ShunYea 就几个静态页面,连图都没,不存在盗链。
阿里云给了个关闭UDP外发的脚本 check_os_release() { while true do os_release=$(grep "Red Hat Enterprise Linux Server release" /etc/issue 2>/dev/null) os_release_2=$(grep "Red Hat Enterprise Linux Server release" /etc/redhat-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=redhat5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=redhat6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "Aliyun Linux release" /etc/issue 2>/dev/null) os_release_2=$(grep "Aliyun Linux release" /etc/aliyun-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=aliyun5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=aliyun6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "CentOS release" /etc/issue 2>/dev/null) os_release_2=$(grep "CentOS release" /etc/*release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "release 5" >/dev/null 2>&1 then os_release=centos5 echo "$os_release" elif echo "$os_release"|grep "release 6" >/dev/null 2>&1 then os_release=centos6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "ubuntu" /etc/issue 2>/dev/null) os_release_2=$(grep -i "ubuntu" /etc/lsb-release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Ubuntu 10" >/dev/null 2>&1 then os_release=ubuntu10 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.04" >/dev/null 2>&1 then os_release=ubuntu1204 echo "$os_release" elif echo "$os_release"|grep "Ubuntu 12.10" >/dev/null 2>&1 then os_release=ubuntu1210 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep -i "debian" /etc/issue 2>/dev/null) os_release_2=$(grep -i "debian" /proc/version 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "Linux 6" >/dev/null 2>&1 then os_release=debian6 echo "$os_release" else os_release="" echo "$os_release" fi break fi os_release=$(grep "openSUSE" /etc/issue 2>/dev/null) os_release_2=$(grep "openSUSE" /etc/*release 2>/dev/null) if [ "$os_release" ] && [ "$os_release_2" ] then if echo "$os_release"|grep "13.1" >/dev/null 2>&1 then os_release=opensuse131 echo "$os_release" else os_release="" echo "$os_release" fi break fi break done } exit_script() { echo -e "\033[1;40;31mInstall $1 error,will exit.\n\033[0m" rm -f $LOCKfile exit 1 } config_iptables() { iptables -I OUTPUT 1 -p tcp -m multiport --dport 21,22,23,25,53,80,135,139,443,445 -j DROP iptables -I OUTPUT 2 -p tcp -m multiport --dport 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186 -j DROP iptables -I OUTPUT 3 -p udp -j DROP iptables -nvL } ubuntu_config_ufw() { ufw deny out proto tcp to any port 21,22,23,25,53,80,135,139,443,445 ufw deny out proto tcp to any port 1433,1314,1521,2222,3306,3433,3389,4899,8080,18186 ufw deny out proto udp to any ufw status } ####################Start################### #check lock file ,one time only let the script run one time LOCKfile=/tmp/.$(basename $0) if [ -f "$LOCKfile" ] then echo -e "\033[1;40;31mThe script is already exist,please next time to run this script.\n\033[0m" exit else echo -e "\033[40;32mStep 1.No lock file,begin to create lock file and continue.\n\033[40;37m" touch $LOCKfile fi #check user if [ $(id -u) != "0" ] then echo -e "\033[1;40;31mError: You must be root to run this script, please use root to execute this script.\n\033[0m" rm -f $LOCKfile exit 1 fi echo -e "\033[40;32mStep 2.Begen to check the OS issue.\n\033[40;37m" os_release=$(check_os_release) if [ "X$os_release" == "X" ] then echo -e "\033[1;40;31mThe OS does not identify,So this script is not executede.\n\033[0m" rm -f $LOCKfile exit 0 else echo -e "\033[40;32mThis OS is $os_release.\n\033[40;37m" fi echo -e "\033[40;32mStep 3.Begen to config firewall.\n\033[40;37m" case "$os_release" in redhat5|centos5|redhat6|centos6|aliyun5|aliyun6) service iptables start config_iptables ;; debian6) config_iptables ;; ubuntu10|ubuntu1204|ubuntu1210) ufw enable <<EOF y EOF ubuntu_config_ufw ;; opensuse131) config_iptables ;; esac echo -e "\033[40;32mConfig firewall success,this script now exit!\n\033[40;37m" rm -f $LOCKfile |
10
thinkxen 2014-05-22 12:50:40 +08:00
|
11
hydrazt 2014-05-22 13:09:08 +08:00 1
tcpdump抓包分析。
之前有遇到类似情况,当网络丢包严重时,系统会将无ack响应的数据库重发,间接导致流出数据量翻倍。 |
12
bobopu OP @hydrazt 哥们,太感谢你了,果然是这台服务器在将数据包转发到另一台服务器(死机)时得不到响应,持续发包所致,重启后解决。
|
13
wzxjohn 2014-05-22 14:14:04 +08:00
珍爱生命,远离安全狗。
|
14
bobopu OP @wzxjohn 这个东西也并非一无是处,设置起来比较简便。但坑爹的是我有台阿里云的win服务器,在装了安全狗打开ARP后,服务器就像癫痫发作一样,一阵能联网一阵又不行,把阿里云的工程师都给搞晕了,找了一圈都没发现问题所在,最后原来是ARP防御模块似乎与阿里云的网络环境不兼容所致。
|
15
lang1pal 2014-05-22 15:59:38 +08:00
@mahone3297 vnstat
|