Home / server / Questions / 137184
In Process
user4318
Asked: 2010-04-30 13:45:10 +0800 CST

How do I associate server traffic to a domain hosted on that server?

  • 772

I have three or four Linux servers, each of which hosts anywhere from 5 to 50 domains. Each domain has its own folder:

/www/projectname/web/

Logs go in:

/www/projectname/log

However, if there's a traffic spike (or, as I see it on my end, a memory usage spike), I'm not sure how to figure out which domain is responsible for the traffic without running tail -f on each of the projects and making an educated guess based on how fast things scroll.

There's got to be a better way! There probably is, but I haven't seen it. And the last time I checked, bandwidth monitors only report system-wide load.

So if anyone knows how to do this the right way, please let me know.

Thanks!

EDIT: My goal is for something that gives instant feedback. I know I can configure Apache to log bytes sent and received, but it doesn't necessarily help if my server is getting hammered and I'm trying to figure out which domain all the traffic is from.

linux apache-2.2 traffic network-traffic

4 Answers

  1. You could also enable the Apache status page and restrict it to your IP, then look for trends on which pages are being requested.

    Sample output: http://www.apache.org/server-status

    Configuration:

    <Location /server-status>
    SetHandler server-status
    Order Deny,Allow
    Deny from all
    Allow from <your IP>
</Location>
    • 1

  2. You can use apachetop:

    apachetop -f /www/projectname/log/access_log

    It gives you stats about BW in and out for the specified log.

    • 0

  3. Have a look at the mod_cband plugin. You can then provide real-time traffic levels for each of your virual domains if you add the plugin into the configuration file for each domain. Just use the same scoreboard for each domain. The /cband-status page will give you stats on the current traffic levels for each domain.

    • 0

  4. When you are virtual hosting (multiple domains on one IP address) you can only measure the traffic by parsing the Apache logfiles. Only apache knows which host a request was for, because that's how the virtual hosting works.

    In that case, you can add a different CustomLog line for each virtual host, like:

    CustomLog ${APACHE_LOG_DIR}/host.domain.net.log combined

    You can then use log processing software like 'webalizer' to process the log, adding up the bytes for each response and come up with an approximation of traffic for that domain.

    It's an approximation, because it doesn't include the bytes in the request part of the communication, and it doesn't include overhead.

    If you're just trying to see which site is getting hammered, however, you should maybe just enable access to the /server-status page, which will show you where all of the current / recent activity is coming from.

    If you really want exact byte counts the only possibility is to use IP-based virtual hosting, and use software to count the actual bytes of traffic to each IP address. In those situations the best software I have found is pmacctd 'Promiscuous Mode Accounting Daemon' which does a great job of per-IP traffic accounting.

    Regards, Andrew McMillan.

    • -1