So I get this a lot… Want to figure out of if you have a DDoS going on… the best way is the apache logs.  Use this code to count and sort by IP:

 

cut -f1 -d ” ” access_log | sort | uniq -c

 

Just replace access_log with your log name.

More complex you can also try :

 

awk ‘{!a[$1]++}END{for(i in a) if ( a[i] >10 ) print a[i],i }’

 

© 2013, Joseph Griffiths. All rights reserved.

Leave a Reply