==== TRAFFIC ANALYSIS  ====

Function: Apache Status
Usage: /etc/init.d/httpd fullstatus

Function: Server Status
Usage: curl -IL localhost/server-status?auto

Function: Outside IP
Usage: curl -s checkip.dyndns.org|sed -e 's/.*Current IP Address: //' -e 's/<.*$//'

Function: Watch which files are changing'
Usage: watch -n 1 -d ls -l ./*?log

Function: Watch Connections
Usage: bash <(curl -s4 https://hoshisato.com/tools/code/watchconnections.sh)

Function: Apache Most Called Element
Usage: awk '{print $7}' *access?log | cut -d? -f1|sort|uniq -c|sort -nk1|tail -n10

Function: Top Connected IPs
Usage: netstat -antu | grep :80 | grep -v LISTEN | awk '{print $5}' | sort | uniq -c | sort -rn

Function: Top Connected IPs II
Usage: netstat -anpt|grep httpd|grep ESTABLISHED|cut -b45-60|cut -d':' -f1|sort -rn|uniq -c

Function: Total Web Connections
Usage: netstat -ntu | grep :80 | grep -v LISTEN | awk '{print $5}' | cut -d: -f1 | grep -v 127.0.0.1 | wc -l

Function: Unique IP Connection Count
Usage: netstat -ntu | grep :80 | grep -v LISTEN | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn | grep -v 127.0.0.1 | wc -l

Function: Hits per hour
Usage: grep "1/Nov" *access?log | cut -d[ -f2 | cut -d] -f1 | awk -F: '{print $2":00"}' | sort -n | uniq -c

Function: Hits per minute
Usage: grep "23/Jan/2013:06" *access?log | cut -d[ -f2 | cut -d] -f1 | awk -F: '{print $2":"$3}' | sort -nk1 -nk2 | uniq -c | awk '{ if ($1 > 10) print $0}'

Function: Hit Server X times
Usage: cat *access?log | cut -d- -f1 | sort | uniq -c | sort -nr | head 

Function: tcpdump 53
Usage: tcpdump -i any port 53

Function: Wordpress Failed Login IPs
Usage: cat *access?log | grep wp-login.php | awk '{print $1}' | sort | uniq -c | sort -rn

Function: Scan for all TCP and UDP Open Ports
Usage: sudo nmap -n -PN -sT -sU -p- 0.0.0.0

....
Unsorted

cd /tmp; wget https://hoshisato.com/tools/code/parse-tcpdump-udp-port-53.php; tcpdump -vvv -s 0 -l -n port 53 | php -f parse-tcpdump-udp-port-53.php

varnishncsa -a -w /var/log/varnish/access.log -D -P /var/run/varnishncsa.pid

cat /var/log/httpd/*access?log | awk '$10 ~ /50[0-9]/ {print $0}' | less

grep "1/Jan" *access?log | cut -d[ -f2 | cut -d] -f1 | awk -F: '{print $2,$3":00"}' | sort -n | uniq -c

for i in $(ls access_log*gz); do echo $i && zcat $i | awk '{s+=$10} END {print s}'; done