mirror of
https://github.com/cunnie/sslip.io.git
synced 2025-10-16 12:40:37 +08:00
34318bbb43
The torrent of traffic I'm receiving has caused my AWS bill to spike from $9 to $148, all of the increase due to bandwidth charges. I'm still maintaining ns-aws; the VM still continue to run, and continue to serve web traffic, and maintain its hostname and IP addresses; however, it will no longer be in the list of NS records for sslip.io. There are much less expensive hosting providers. OVH is my current favorite.
1.3 KiB
1.3 KiB
Tools for Exploring Log Files
To generate log files on, say, ns-ovh:
sudo journalctl -u sslip.io-dns -S yesterday > /tmp/sslip.io.log
A file which I subsequently copy to my Mac (warning: uses BSD-variant of tools
like sed, so you may need to tweak the following commands if you're on Linux):
[I use cut instead of awk because it's twice as fast (9.11s instead of 22.56s)]
To find the domains queried (95% sslip.io):
# find all successful queries of A & AAAA records
grep -v '\. \? nil' < sslip.io.log |\
egrep "TypeA | TypeAAAA " |\
cut -d " " -f 10 > /tmp/hosts.log
sed -E 's=.*(\.[^.]+\.[^.]+\.$)=\1=' < hosts.log | tr 'A-Z' 'a-z' | sort | uniq -c | sort -n
# find the most looked-up IP addresses using the above hosts.log
sort < /tmp/hosts.log | uniq -c | sort -n | tail -50
# Who's trying to find out their own IP via ip.sslip.io?
sudo journalctl --since yesterday -u sslip.io-dns | \
grep -v "nil, SOA" | \
grep "TypeTXT ip.sslip.io" | \
sed 's/.*TypeTXT ip.sslip.io. ? \["//; s/"\]$//' | \
sort | \
uniq -c
# Who's querying us the most?
awk '{print $8}' < /tmp/sslip.io.log | \
grep -v "nil, SOA" | \
sed 's/\.[0-9]*$//' | \
sort | \
uniq -c | \
sort -n | \
tail -50