系统过程分析

为了达到一个目的,而进行的命令组合与分析

 

新装centos6.5-minimal所必须要做的初始动作,修改一些默认的东西

vi /boot/grub/grub.conf在内核行后加入vga=ask或788就启用了framebuffer

cp /etc/DIR_COLORS ~/.dir_colors

控制台设置白底黑字

setterm -foreground black -background white -store

 

 

一。先列出系统中进程的pid,用ps或pstree都可以,哪个方便用哪个

[root@250-shiyan ~]# pstree -p

init(1)─┬─auditd(934)───{auditd}(935)

        ├─crond(1130)

        ├─master(1120)─┬─pickup(9284)

        │              └─qmgr(1129)

        ├─mfsmount(5061)─┬─{mfsmount}(5062)

        │                ├─{mfsmount}(5063)

        │                ├─{mfsmount}(5064)

        │                ├─{mfsmount}(5065)

        │                ├─{mfsmount}(5066)

        │                ├─{mfsmount}(5067)

        │                ├─{mfsmount}(5068)

        │                ├─{mfsmount}(5069)

        │                ├─{mfsmount}(5071)

        │                ├─{mfsmount}(5072)

        │                └─{mfsmount}(5089)

        ├─mingetty(1143)

        ├─mingetty(1145)

        ├─mingetty(1147)

        ├─mingetty(1149)

        ├─mingetty(1151)

        ├─mingetty(1153)

        ├─rpc.idmapd(14858)

        ├─rpc.mountd(14820)

        ├─rpc.statd(991)

        ├─rpcbind(973)

        ├─rsyslogd(2453)─┬─{rsyslogd}(2454)

        │                ├─{rsyslogd}(2456)

        │                └─{rsyslogd}(2457)

        ├─sshd(12432)─┬─sshd(3634)───bash(3636)

        │             └─sshd(7655)───bash(7657)───pstree(9361)

        └─udevd(379)─┬─udevd(1159)

                     └─udevd(1160)

[root@250-shiyan ~]# ps -C rsyslogd

  PID TTY          TIME CMD

 2453 ?        00:00:00 rsyslogd



二。再查看相关线程信息

[root@250-shiyan ~]# pstack 2453

Thread 4 (Thread 0x7f59c23ac700 (LWP 2454)):

#0  0x00007f59c3a005bc in pthread_cond_wait@@GLIBC_2.3.2 () from /lib64/libpthread.so.0

#1  0x00007f59c4078184 in wtiWorker ()

#2  0x00007f59c4077c1a in ?? ()

#3  0x00007f59c39fc9d1 in start_thread () from /lib64/libpthread.so.0

#4  0x00007f59c3127b6d in clone () from /lib64/libc.so.6

Thread 3 (Thread 0x7f59c19ab700 (LWP 2456)):

#0  0x00007f59c31205e3 in select () from /lib64/libc.so.6

#1  0x00007f59c25c4d51 in ?? () from /lib64/rsyslog/imuxsock.so

#2  0x00007f59c4086b6a in ?? ()

#3  0x00007f59c39fc9d1 in start_thread () from /lib64/libpthread.so.0

#4  0x00007f59c3127b6d in clone () from /lib64/libc.so.6

Thread 2 (Thread 0x7f59c0faa700 (LWP 2457)):

#0  0x00007f59c3a0375d in read () from /lib64/libpthread.so.0

#1  0x00007f59c23afd04 in klogLogKMsg () from /lib64/rsyslog/imklog.so

#2  0x00007f59c23af16c in ?? () from /lib64/rsyslog/imklog.so

#3  0x00007f59c4086b6a in ?? ()

#4  0x00007f59c39fc9d1 in start_thread () from /lib64/libpthread.so.0

#5  0x00007f59c3127b6d in clone () from /lib64/libc.so.6

Thread 1 (Thread 0x7f59c403c700 (LWP 2453)):

#0  0x00007f59c31205e3 in select () from /lib64/libc.so.6

#1  0x00007f59c40592f5 in ?? ()

#2  0x00007f59c405a9fa in realMain ()

#3  0x00007f59c305dd1d in __libc_start_main () from /lib64/libc.so.6

#4  0x00007f59c4056629 in _start ()

 

对待每一个守护进程都是这个过程。

一。先查看系统中都有哪些进程在运行

[root@84-monitor logs]# pstree

init─┬─auditd───{auditd}

     ├─crond───4*[crond─┬─sendmail───postdrop]

     │                  └─sh───sh───sh───sh───mail───mail]

     ├─httpd───8*[httpd]

     ├─java───23*[{java}]

     ├─master─┬─cleanup

     │        ├─local

     │        ├─pickup

     │        └─qmgr

     ├─6*[mingetty]

     ├─mysqld_safe───mysqld───9*[{mysqld}]

     ├─rpc.statd

     ├─rpcbind

     ├─rsyslogd───3*[{rsyslogd}]

     ├─sshd─┬─sshd───bash───pstree

     │      └─3*[sshd───bash───bash───ssh]

     └─udevd───2*[udevd]



二。其次列出以rsys开头的进程打开的所有文件

[root@84-monitor 972]# lsof -c rsys

COMMAND  PID USER   FD   TYPE             DEVICE SIZE/OFF       NODE NAME

rsyslogd 972 root  cwd    DIR              253,0     4096          2 /

rsyslogd 972 root  rtd    DIR              253,0     4096          2 /

rsyslogd 972 root  txt    REG              253,0   396064     521732 /sbin/rsyslogd

rsyslogd 972 root  mem    REG              253,0    27232     521711 /lib64/rsyslog/imklog.so

rsyslogd 972 root  mem    REG              253,0   340568     521717 /lib64/rsyslog/imuxsock.so

rsyslogd 972 root  mem    REG              253,0   110960     521867 /lib64/libresolv-2.12.so

rsyslogd 972 root  mem    REG              253,0    27424     521245 /lib64/libnss_dns-2.12.so

rsyslogd 972 root  mem    REG              253,0    65928     521865 /lib64/libnss_files-2.12.so

rsyslogd 972 root  mem    REG              253,0    26984     521718 /lib64/rsyslog/lmnet.so

rsyslogd 972 root  mem    REG              253,0  1921176     521231 /lib64/libc-2.12.so

rsyslogd 972 root  mem    REG              253,0    90880     521844 /lib64/libgcc_s-4.4.7-20120601.so.1

rsyslogd 972 root  mem    REG              253,0    43880     521868 /lib64/librt-2.12.so

rsyslogd 972 root  mem    REG              253,0    19536     521861 /lib64/libdl-2.12.so

rsyslogd 972 root  mem    REG              253,0   142640     521255 /lib64/libpthread-2.12.so

rsyslogd 972 root  mem    REG              253,0    88600     521285 /lib64/libz.so.1.2.3

rsyslogd 972 root  mem    REG              253,0   154624     521489 /lib64/ld-2.12.so

rsyslogd 972 root    0u  unix 0xffff88001fbd06c0      0t0      10252 /dev/log

rsyslogd 972 root    1w   REG              253,0      292     786284 /var/log/messages

rsyslogd 972 root    2w   REG              253,0  1191255     785232 /var/log/cron

rsyslogd 972 root    3r   REG                0,3        0 4026532040 /proc/kmsg

rsyslogd 972 root    4w   REG              253,0   564219     785245 /var/log/maillog

rsyslogd 972 root    5w   REG              253,0     1004     786285 /var/log/secure



三。随后进入到972的fd目录,列出文件列表,打开了5个文件

[root@84-monitor 972]# cd /proc/972/fd

[root@84-monitor fd]# ll

total 0

lrwx------. 1 root root 64 Mar 18 09:39 0 -> socket:[10252]

l-wx------. 1 root root 64 Mar 18 09:39 1 -> /var/log/messages

l-wx------. 1 root root 64 Mar 18 09:39 2 -> /var/log/cron

lr-x------. 1 root root 64 Mar 18 09:39 3 -> /proc/kmsg

l-wx------. 1 root root 64 Mar 18 09:39 4 -> /var/log/maillog

l-wx------. 1 root root 64 Mar 18 09:39 5 -> /var/log/secure



四。查漏补缺

FD列

txt  program text (code and data);

rtd  root directory;

cwd  current working directory;

cwd,rtd这两个经常是一样的,因为如果没有具体的目录的话,默认全放到根下。

mem  memory-mapped file;

u    for read and write access;

TYPE列

unix     for a UNIX domain socket;

REG    for a regular file;

DIR    for a directory;



一。

[root@84-monitor fd]# lsof -c rpcbind

COMMAND   PID USER   FD   TYPE             DEVICE SIZE/OFF    NODE NAME

rpcbind 32580  rpc  cwd    DIR              253,0     4096       2 /

rpcbind 32580  rpc  rtd    DIR              253,0     4096       2 /

rpcbind 32580  rpc  txt    REG              253,0    54408  521226 /sbin/rpcbind

rpcbind 32580  rpc  mem    REG              253,0    65928  521865 /lib64/libnss_files-2.12.so

rpcbind 32580  rpc  mem    REG              253,0  1921176  521231 /lib64/libc-2.12.so

rpcbind 32580  rpc  mem    REG              253,0   142640  521255 /lib64/libpthread-2.12.so

rpcbind 32580  rpc  mem    REG              253,0    19536  521861 /lib64/libdl-2.12.so

rpcbind 32580  rpc  mem    REG              253,0    36584  521220 /lib64/libgssglue.so.1.0.0

rpcbind 32580  rpc  mem    REG              253,0   113432  521863 /lib64/libnsl-2.12.so

rpcbind 32580  rpc  mem    REG              253,0   162016  521225 /lib64/libtirpc.so.1.0.10

rpcbind 32580  rpc  mem    REG              253,0    40792  521329 /lib64/libwrap.so.0.7.6

rpcbind 32580  rpc  mem    REG              253,0   154624  521489 /lib64/ld-2.12.so

rpcbind 32580  rpc    0u   CHR                1,3      0t0    3782 /dev/null

rpcbind 32580  rpc    1u   CHR                1,3      0t0    3782 /dev/null

rpcbind 32580  rpc    2u   CHR                1,3      0t0    3782 /dev/null

rpcbind 32580  rpc    3r   REG              253,0        0  786245 /var/run/rpcbind.lock

rpcbind 32580  rpc    4u  sock                0,6      0t0 3617563 can't identify protocol

rpcbind 32580  rpc    5u  unix 0xffff88001dfc3080      0t0 3617538 /var/run/rpcbind.sock

rpcbind 32580  rpc    6u  IPv4            3617540      0t0     UDP *:sunrpc

rpcbind 32580  rpc    7u  IPv4            3617542      0t0     UDP *:955

rpcbind 32580  rpc    8u  IPv4            3617543      0t0     TCP *:sunrpc (LISTEN)

rpcbind 32580  rpc    9u  IPv6            3617545      0t0     UDP *:sunrpc

rpcbind 32580  rpc   10u  IPv6            3617547      0t0     UDP *:955

rpcbind 32580  rpc   11u  IPv6            3617548      0t0     TCP *:sunrpc (LISTEN)



二。查漏补缺

TYPE列

sock    for a socket of unknown domain;

IPv4    for an IPv4 socket;

IPv6    for an open IPv6 network file - even if its address is IPv4, mapped in an IPv6 address;

 

程序占用内存分析

一。
[root@250-shiyan ~]# top PID USER PR NI VIRT RES SHR S
%CPU %MEM TIME+ COMMAND 5061 root 1 -19 649m 17m 908 S 0.0 3.6 1:17.03 mfsmount 二。 [root@250-shiyan ~]# lsof -c mfsmount COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME mfsmount 5061 root cwd DIR 253,0 4096 781826 /root mfsmount 5061 root rtd DIR 253,0 4096 2 / mfsmount 5061 root txt REG 253,0 236648 403887 /usr/bin/mfsmount mfsmount 5061 root mem REG 253,0 65928 260640 /lib64/libnss_files-2.12.so mfsmount 5061 root mem REG 253,0 1921216 260624 /lib64/libc-2.12.so mfsmount 5061 root mem REG 253,0 142640 260648 /lib64/libpthread-2.12.so mfsmount 5061 root mem REG 253,0 596264 260632 /lib64/libm-2.12.so mfsmount 5061 root mem REG 253,0 43832 260652 /lib64/librt-2.12.so mfsmount 5061 root mem REG 253,0 258504 402028 /usr/lib64/libpcap.so.1.4.0 mfsmount 5061 root mem REG 253,0 19536 260630 /lib64/libdl-2.12.so mfsmount 5061 root mem REG 253,0 221728 261115 /lib64/libfuse.so.2.8.3 mfsmount 5061 root mem REG 253,0 154520 260617 /lib64/ld-2.12.so mfsmount 5061 root 0u CHR 1,3 0t0 3782 /dev/null mfsmount 5061 root 1u CHR 1,3 0t0 3782 /dev/null mfsmount 5061 root 2u CHR 1,3 0t0 3782 /dev/null mfsmount 5061 root 3r FIFO 0,8 0t0 1586590 pipe mfsmount 5061 root 4u IPv4 1892119 0t0 TCP 192.168.2.250:44567->mfsmaster:9421 (ESTABLISHED) mfsmount 5061 root 5u unix 0xffff88001fb876c0 0t0 1616111 socket mfsmount 5061 root 6u IPv4 1616113 0t0 TCP localhost:44911 (LISTEN) mfsmount 5061 root 8u CHR 10,229 0t0 6954 /dev/fuse [root@250-shiyan ~]# bc bc 1.06.95 Copyright 1991-1994, 1997, 1998, 2000, 2004, 2006 Free Software Foundation, Inc. This is free software with ABSOLUTELY NO WARRANTY. For details type `warranty'. 65928+1921216+142640+596264+43832+258504+19536+221728+154520 3424168 [root@250-shiyan ~]# ll /usr/bin/mfsmount -rwxr-xr-x 1 root root 236648 Feb 10 19:27 /usr/bin/mfsmount [root@250-shiyan ~]# size /usr/bin/mfsmount text data bss dec hex filename 229679 4352 16923472 17157503 105cd7f /usr/bin/mfsmount 229679+4352+16923472=17157503 [root@250-shiyan ~]# pmap -x 5061 5061: mfsmount /mnt/mfs1 Address Kbytes RSS Dirty Mode Mapping ---------------- ------ ------ ------ total kB 664836 17980 17072 三。分析 top中显示的某一个进程的RES列大小,与size某个文件显示的dec列是一样的,lsof中的SIZE列只是size命令中所显示的text列 即: top-RES=size-dec lsof-SIZE=size-text

 

一。先查看哪个用户从哪来,时长等信息。w与who都可以

[root@109-com1 ~]# w

 09:55:16 up 106 days, 21:48,  2 users,  load average: 1.11, 1.14, 1.02

USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT

root     pts/2    192.168.2.84     09:43    0.00s  0.08s  0.00s w

root     pts/3    1.85.49.230      09:44    7:17   0.08s  0.04s vi FLTPsThread.cpp

[root@109-com1 ~]# who -a

           system boot  2014-12-02 11:59

           run-level 3  2014-12-02 11:59

LOGIN      tty2         2014-12-02 12:04              1499 id=2

LOGIN      tty3         2014-12-02 12:04              1501 id=3

LOGIN      tty1         2014-12-02 12:04              1497 id=1

LOGIN      tty4         2014-12-02 12:04              1505 id=4

LOGIN      tty5         2014-12-02 12:04              1507 id=5

LOGIN      tty6         2014-12-02 12:04              1509 id=6

           pts/0        2015-02-09 13:51             27045 id=ts/0  term=0 exit=0

           pts/1        2015-03-10 22:16             11075 id=ts/1  term=0 exit=0

root     + pts/2        2015-03-19 09:43   .         12395 (192.168.2.84)

root     + pts/3        2015-03-19 09:44 00:07       12448 (1.85.49.230)

           pts/4        2015-03-11 10:29             24135 id=ts/4  term=0 exit=0

二。再根据终端,pid,目录查看他在干什么,运用了哪些资源

[root@109-com1 ~]# lsof /dev/pts/3

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME

bash    12448 root    0u   CHR  136,3      0t0    6 /dev/pts/3

bash    12448 root    1u   CHR  136,3      0t0    6 /dev/pts/3

bash    12448 root    2u   CHR  136,3      0t0    6 /dev/pts/3

bash    12448 root  255u   CHR  136,3      0t0    6 /dev/pts/3

vi      12736 root    0u   CHR  136,3      0t0    6 /dev/pts/3

vi      12736 root    1u   CHR  136,3      0t0    6 /dev/pts/3

vi      12736 root    2u   CHR  136,3      0t0    6 /dev/pts/3

[root@109-com1 ~]# lsof -p 12448

COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF   NODE NAME

bash    12448 root  cwd    DIR  253,0     4096 141592 /usr/local/ps/src

bash    12448 root  rtd    DIR  253,0     4096      2 /

bash    12448 root  txt    REG  253,0   903336 651864 /bin/bash

bash    12448 root  mem    REG  253,0 99158576 138120 /usr/lib/locale/locale-archive

bash    12448 root  mem    REG  253,0    65928 651834 /lib64/libnss_files-2.12.so

bash    12448 root  mem    REG  253,0  1921216 651818 /lib64/libc-2.12.so

bash    12448 root  mem    REG  253,0    19536 651824 /lib64/libdl-2.12.so

bash    12448 root  mem    REG  253,0   135896 651863 /lib64/libtinfo.so.5.7

bash    12448 root  mem    REG  253,0   154520 655746 /lib64/ld-2.12.so

bash    12448 root  mem    REG  253,0    26060 264514 /usr/lib64/gconv/gconv-modules.cache

bash    12448 root    0u   CHR  136,3      0t0      6 /dev/pts/3

bash    12448 root    1u   CHR  136,3      0t0      6 /dev/pts/3

bash    12448 root    2u   CHR  136,3      0t0      6 /dev/pts/3

bash    12448 root  255u   CHR  136,3      0t0      6 /dev/pts/3

[root@109-com1 ~]# lsof +D /usr/local/ps

COMMAND     PID USER   FD   TYPE DEVICE  SIZE/OFF   NODE NAME

FLTServic 11167 root  cwd    DIR  253,0      4096 141580 /usr/local/ps/log

FLTServic 11167 root  txt    REG  253,0   2264102 141634 /usr/local/ps/bin/FLTService

FLTServic 11167 root    3u   REG  253,0 626612286 136213 /usr/local/ps/log/debug20150319.log

bash      12448 root  cwd    DIR  253,0      4096 141592 /usr/local/ps/src

vi        12736 root  cwd    DIR  253,0      4096 141592 /usr/local/ps/src

vi        12736 root    4u   REG  253,0     16384 141668 /usr/local/ps/src/.FLTPsThread.cpp.swp

 

目的:分析出uid与euid

一。linux系统中每个进程都有2个ID,分别为用户ID(uid)和有效用户ID(euid),UID一般表示进程的创建者(属于哪个用户创建),而EUID表示进程对于文件和资源的访问权限(具备等同于哪个用户的权限)。C语言中,可以通过函数getuid()和geteuid()来获得进程的两个ID值。

当一个用户登陆系统时,系统会将UID和EUID都赋值为/etc/passwd文件中的UID,一般情况下2个ID是相同的,但是某些情况下会出现2个ID不同的情况。gid和egid同理。



新建用户

[root@250-shiyan ~]# useradd test2

[root@250-shiyan ~]# passwd test2

用新用户去登录

[test2@250-shiyan ~]$ id

uid=503(test2) gid=503(test2) groups=503(test2)

下面一段C代码将解释区别:"printid.c"

[test2@250-shiyan ~]$ vi printid.c

#include <stdlib.h>

#include <stdio.h>

#include <unistd.h>

#include <sys/types.h>



int main(void)

{

    printf(" UID\t= %d\n", getuid());

    printf(" EUID\t= %d\n", geteuid());

    printf(" GID\t= %d\n", getgid());

    printf(" EGID\t= %d\n", getegid());



    return EXIT_SUCCESS;

}

[test2@250-shiyan ~]$ gcc -o printid printid.c

[test2@250-shiyan ~]$ id

uid=503(test2) gid=503(test2) groups=503(test2)

[test2@250-shiyan ~]$ ./printid

 UID    = 503

 EUID   = 503

 GID    = 503

 EGID   = 503

看看/etc/passwd里uid和gid:

[test2@250-shiyan ~]$ cat /etc/passwd|grep "\<test2\>"|awk -F ':' '{print "uid:"$3,"tgid:"$4}'

uid:503 tgid:503

以上是相同的例子。





下面演示uid和euid不同的例子。

首先,修改一下文件属性,setuid或setgid

[test2@250-shiyan ~]$ chmod u+s printid #这样一来,文件在执行阶段具有文件所有者的权限。

还可以再补充一个:

[test2@250-shiyan ~]$ chmod g+s printid #这样一来,文件在执行阶段具有文件所属组的权限。

其次,变成其他用户,再来试验一下,比如变成root;

[test2@250-shiyan ~]$ su

Password:

[root@250-shiyan test2]# ll

total 12

-rwsrwxr-x 1 test2 test2 7055 Mar 24 10:31 printid

-rw-rw-r-- 1 test2 test2  284 Mar 24 10:30 printid.c

[root@250-shiyan test2]# ./printid

 UID    = 0

 EUID   = 503

 GID    = 0

 EGID   = 0

这时uid虽是0,但EUID却是503,即文件所有者的权限

Linux系统就是使用setuid来解决这个矛盾的问题:如果一个程序被设置了setuid位,那么它无论被哪个用户启用,都会具备程序所有者的权限。而passwd程序的所有者是root用户,passwd的权限如下所示,那么任何用户执行该程序,程序的EUID就会变成root用户的EUID,而不是执行该程序的UID。



可以使用chmod u+s 或chmod g+s来设置二进制的可执行文件的euid。setuid只能对二进制的可执行设置。

 

[root@84-monitor httpd]# vi /etc/httpd/conf/httpd.conf

# prefork MPM

# StartServers: number of server processes to start

# MinSpareServers: minimum number of server processes which are kept spare

# MaxSpareServers: maximum number of server processes which are kept spare

# ServerLimit: maximum value for MaxClients for the lifetime of the server

# MaxClients: maximum number of server processes allowed to start

# MaxRequestsPerChild: maximum number of requests a server process serves

<IfModule prefork.c>

StartServers       8

MinSpareServers    5

MaxSpareServers   20

ServerLimit      256

MaxClients       256

MaxRequestsPerChild  4000

</IfModule>

[root@84-monitor httpd]# pstree -p|grep httpd

        |-httpd(13367)-+-httpd(13370)

        |              |-httpd(13371)

        |              |-httpd(13372)

        |              |-httpd(13373)

        |              |-httpd(13374)

        |              |-httpd(13375)

        |              |-httpd(13376)

        |              |-httpd(13377)



在客户端浏览器F5刷新http://125.76.228.16:2002/about.php这个页面,就产生下面13个资源请求

总共13个对象,总共有8个进程在循环等待请求到来

[root@84-monitor httpd]# tail -f access_log.1428364800

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13372 "GET /about.php HTTP/1.1" 200 10569 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13375 "GET /cacti/include/main.css HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13377 "GET /cacti/include/layout.js HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13376 "GET /cacti/images/left_border.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13371 "GET /cacti/images/tab_console_down.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13373 "GET /cacti/images/tab_graphs.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13374 "GET /cacti/images/transparent_line.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13370 "GET /cacti/images/cacti_logo.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"



1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13372 "GET /images/cacti_about_logo.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13377 "GET /cacti/images/cacti_backdrop.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13375 "GET /cacti/images/shadow_gray.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13376 "GET /cacti/images/shadow.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

1.85.49.230 - - [07/Apr/2015:16:00:08 +0800] 13371 "GET /cacti/images/menu_line.gif HTTP/1.1" 304 - "http://125.76.228.16:2002/about.php" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"

 

你可能感兴趣的:(系统)