As I use nginx more and more, one of the things I miss is being able to see who is connecting to the server and the request they are making. This is often helpful in determining attacks. So, I basically wrote this script which does it.
[codesyntax lang=”bash”]
#!/bin/bash # By Ed Wiget # This shows active GET and POSTS to port 80 # One of the things i hate about nginx is the lack of an apache style status page showing requests # hence I wront this script....which does it at a network layer, using ngrep # 20130308 - original script ## grep all HTTP GET or POST requests from network traffic on eth0 interface ## # sudo ngrep -l -q -d eth0 "^GET |^POST " tcp and port 80 if [ `which ngrep | head -1 | wc -l` == "0" ]; then echo "missing ngrep....please install" exit fi if [ $1 = "" ]; then echo "You must pass the interface as an option, i.e. eth0 or eth1, etc" read CIF else CIF=$1 fi thing=1 until [ $thing = "0" ]; do # uncomment top line if you dont need x-forward-for #sudo ngrep -l -q -d eth0 "^GET |^POST " tcp and port 80 # use the next line if you do need x-forward-for #sudo ngrep -d eth1 -q 'X-Forwarded-For' tcp and port 80 ngrep -d ${CIF} -t '^(GET|POST) ' tcp and port 80 echo sleep 1; done
[/codesyntax]
CHANGES
20130905 – added option to pass interface
Leave a Reply
You must be logged in to post a comment.