三月 26
看cacti画出来的图真是其乐无穷啊:
咋看到这张squid的流量图的时候,我的第一反应是不会吧?我手头上的这台squid居然会自动进化?连网络视频直播流都可以自动缓存的,真是人品爆发啊。可是转念一想:不对,那天的奥运圣火点燃仪式可不是上面的图片反映的时间啊?难道是又有什么突发新闻事件了?我真的是太闭塞了,唉
输人不输阵,咱事后补上总可以吧:赶快翻出24号那天的squid访问日志,仔细瞅瞅到底是什么流行趋向
日志分析的结果真是令我震惊啊:
- Unique Clients: 869
- In Traffic: 41.611 GB
- Out Traffic: 127.777 GB
- ------------------------------------
- Saved Traffic: 86.166 GB 67.43 %
- Maximum Xfers: 26.625 GB/hour, 454.407 MB/min, 7.573 MB/sec [62042 kbps]
- Average Xfers: 5.319 GB/hour, 90.776 MB/min, 1.513 MB/sec [12394 kbps]
- Minimum Xfers: 125.241 MB/hour, 2.087 MB/min, 35.624 KB/sec [ 285 kbps]
- ------|------ R E Q U E S T S --------|----------- T R A F F I C -----------|
- Ext. | total | misses | hits |hit% | total | misses | hits |hit%|
- ------|--------|--------|--------|-----|----------|----------|----------|----|
- exe 317.333K 19.309K 298.024K 94% 56.289 GB 1.871 GB 54.418 GB 97%
- dll 297.406K 640 296.766K 100% 27.111 GB 12.137 MB 27.099 GB 100%
我的天,总不会是那天我们公司集体升级ie7吧?赶快再看一眼到底是什么东西:
说明:底下的xxx.xxx.xxx.xxx是我们公司一台内部客户机的ip地址
- coolzsb@cache1 /Data$ grep TCP_HIT access |grep dll|more
- ......
- 1206332487.807 8 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332487.903 8 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332488.001 9 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332488.098 10 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332488.196 8 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332488.293 8 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332488.395 13 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332488.487 8 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332488.584 8 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- 1206332488.682 8 xxx.xxx.xxx.xxx TCP_HIT/200 164220 GET http://www.gagagaga.c
- n/update/google.dll - NONE/- application/x-msdownload
- ......
- coolzsb@cache1 /Data$ grep TCP_HIT access |grep exe|more
- ......
- 1206330664.004 16 xxx.xxx.xxx.xxx TCP_HIT/200 165752 GET http://60.191.129.162
- /dodolook591.exe - NONE/- application/octet-stream
- 1206330664.033 10 xxx.xxx.xxx.xxx TCP_HIT/200 227712 GET http://218.75.91.254/
- ad_2517.exe - NONE/- application/octet-stream
- 1206332478.973 8 xxx.xxx.xxx.xxx TCP_HIT/200 165752 GET http://60.191.129.162
- /dodolook591.exe - NONE/- application/octet-stream
- 1206332479.003 12 xxx.xxx.xxx.xxx TCP_HIT/200 227712 GET http://218.75.91.254/
- ad_2517.exe - NONE/- application/octet-stream
- 1206332486.943 9 xxx.xxx.xxx.xxx TCP_HIT/200 165752 GET http://60.191.129.162
- /dodolook591.exe - NONE/- application/octet-stream
- 1206332486.972 10 xxx.xxx.xxx.xxx TCP_HIT/200 227712 GET http://218.75.91.254/
- ad_2517.exe - NONE/- application/octet-stream
- 1206332487.041 9 xxx.xxx.xxx.xxx TCP_HIT/200 165752 GET http://60.191.129.162
- /dodolook591.exe - NONE/- application/octet-stream
- 1206332487.070 11 xxx.xxx.xxx.xxx TCP_HIT/200 227712 GET http://218.75.91.254/
- ad_2517.exe - NONE/- application/octet-stream
- 1206332487.140 8 xxx.xxx.xxx.xxx TCP_HIT/200 165752 GET http://60.191.129.162
- /dodolook591.exe - NONE/- application/octet-stream
- 1206332487.169 10 xxx.xxx.xxx.xxx TCP_HIT/200 227712 GET http://218.75.91.254/
- ad_2517.exe - NONE/- application/octet-stream
- 1206332487.237 8 xxx.xxx.xxx.xxx TCP_HIT/200 165752 GET http://60.191.129.162
- /dodolook591.exe - NONE/- application/octet-stream
- ......
- coolzsb@cache1 /Data$ grep TCP_HIT access |grep dll|wc -l
- 148423
- coolzsb@cache1 /Data$ grep TCP_HIT access |grep dll|grep xxx.xxx.xxx.xxx|wc -l
- 148389
- coolzsb@cache1 /Data$ grep TCP_HIT access |grep exe|wc -l
- 296884
- coolzsb@cache1 /Data$ grep TCP_HIT access |grep exe|grep xxx.xxx.xxx.xxx|wc -l
- 296806
我的天,第一件事情赶快在squid上把上头的几个地址给屏蔽了,第二件事就是赶快打电话问相关的支持人员xxx.xxx.xxx.xxx这台机器的病毒处理了没
狂佩服这几台提供病毒下载的机器,这个,II6都能跑得动这么大的负载的,佩服佩服
附录:SCALAR的确是满好用的squid日志分析工具,强力推荐给有管理的兄弟---真是居家旅行、杀人灭口必备啊
三月 29th, 2008 at 4:20 pm
代理服务器有杀毒的义务 :D
三月 29th, 2008 at 8:51 pm
呵呵,说的也是,找个时间给咱的squid上再串个havp试试看。
2008年三月 29 日 4:20 pm,fcicq大声嚷嚷道:
签名
---
不知道这样做的话,俺的squid那台机器的cpu使用率会蹿高多少
四月 20th, 2008 at 12:53 am
我是顺便过来看一眼。
太对路了!!
请问这个分析图是用你说的S开关的软件监测的么?
我的QQ是3602943
目前正需要关于木马病毒的一些监测的图。我本人没有实验环境。
拜托这位GG了!!谢谢~~~