如何直接监控传入的网络请求的路径?

tag-icon tag-icon networking nginx
如何直接监控传入的网络请求的路径?

我正在运行 ubuntu 服务器18.04nginxphp-fpm 7.2

我在同一台服务器上托管多个域名。

如何使用监控服务器上所有网站的传入流量终端仅有的。

我希望它实时列出这样的内容:

http://example.com/path-1/
http://example.com/path-2/
http://example.com/path-3/

我尝试过该网站上许多可用的答案,但是都没有达到目的。

请注意,我不想读取 nginx 或任何日志,我想监控实时传入流量。

谢谢。

答案1

这些要求使得这一点变得很困难。一个粗略的解决方案是使用 tcpdump(或者 wireshark,如果愿意的话)直接检查网络流量:

$ sudo tcpdump -n -tttt -i br0 port 80 -A | grep -A 1 GET

我的接口名称(桥)在哪里br0。我没有在该测试服务器上托管多个站点,但通过其名称(s15)和 IP 地址(192.168.111.112)进行了测试。实际网页只是默认的 apache 网页:

doug@s15:~$ sudo tcpdump -n -tttt -i br0 port 80 -A | grep -A 1 GET
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
2020-02-16 09:11:56.885246 IP 192.168.111.101.62720 > 192.168.111.112.80: Flags [P.], seq 1:481, ack 1, win 1026, length 480: HTTP: GET / HTTP/1.1
E...<.@...[...oe..op...P....J..)P.......GET / HTTP/1.1
Host: 192.168.111.112
--
2020-02-16 09:11:56.997078 IP 192.168.111.101.62720 > 192.168.111.112.80: Flags [P.], seq 481:920, ack 3526, win 1026, length 439: HTTP: GET /icons/ubuntu-logo.png HTTP/1.1
E...<.@...\...oe..op...P....J.$.P...._..GET /icons/ubuntu-logo.png HTTP/1.1
Host: 192.168.111.112
--
2020-02-16 09:12:25.021292 IP 192.168.111.101.62726 > 192.168.111.112.80: Flags [P.], seq 1:469, ack 1, win 8212, length 468: HTTP: GET / HTTP/1.1
E...<.@...[...oe..op...PC.1..L.CP. .H...GET / HTTP/1.1
Host: s15

您提到您不想查看日志,但那样会更容易:

doug@s15:~$ tail /var/log/apache2/access.log
192.168.111.101 - - [16/Feb/2020:09:05:05 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://s15/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:05:20 -0800] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:05:21 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 200 3623 "http://192.168.111.112/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:05:21 -0800] "GET /favicon.ico HTTP/1.1" 404 493 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:06:15 -0800] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:06:15 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://192.168.111.112/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:11:56 -0800] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:11:56 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://192.168.111.112/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:12:25 -0800] "GET / HTTP/1.1" 200 3525 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"
192.168.111.101 - - [16/Feb/2020:09:12:25 -0800] "GET /icons/ubuntu-logo.png HTTP/1.1" 304 180 "http://s15/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:72.0) Gecko/20100101 Firefox/72.0"

当然,简单的GET字符串过滤 tcpdump 输出很容易因为该字符串出现在返回内容中而导致误触发。

相关内容