Common Linux Commands for Analyzing Web Server Logs and Network Connections

The guide gathers useful one‑liners for extracting insights from web server access logs and for monitoring network connections on a Linux host. It starts with basic IP counting ( awk '{print $1}' log_file | sort | uniq | wc -l ) and progresses to more complex queries such as per‑page visit counts, time‑range filtering, and identifying the heaviest‑traffic URLs.

Key log‑analysis examples include:

Finding how many times a specific page was accessed: grep "/index.php" log_file | wc -l

Listing each IP with the number of distinct pages it requested: awk '{++S[$1]} END {for (a in S) print a, S[a]}' log_file

Sorting IPs by request volume: awk '{print $1}' log_file | sort | uniq -c | sort -nr | head -10

Filtering logs for a particular date and extracting the top URLs: grep '04/May/2012' access.log | awk '{print $11}' | sort | uniq -c | sort -nr | head -20

Identifying large file transfers (>200 KB) and counting occurrences: awk '($10 > 200000 && $7~/\.php/){print $7}' access.log | sort | uniq -c | sort -nr | head -100

Network‑state monitoring commands are also covered, such as counting established connections ( netstat -an | grep ESTABLISHED | wc -l ), summarising TCP states ( netstat -n | awk '/^tcp/ {++S[$NF]}; END {for (a in S) print a, S[a]}' ), and locating the most frequent source IPs for port 80 traffic ( netstat -ant | awk '/:80/ {split($5,ip,":"); ++A[ip[1]]} END {for (i in A) print A[i], i}' | sort -rn | head -20 ).

Additional snippets demonstrate bandwidth calculation ( awk '{sum+=$10} END {print sum/1024/1024/1024}' access.log ), HTTP status aggregation, and per‑minute request spikes. The article concludes with a reminder to share and like the content if it proved helpful.