Count how many times "petal" has appeared in the logs of all sites on the 10th J

1. Count how many times "petal" has appeared in the logs of all sites on the 10th July, between 09:00 and 14:00:
2.  
3.     egrep "13/Jul/2020:(09|10|11|12|13|14):" /var/www/vhosts/*/logs/access*og | grep petal | wc -l
4.  
5.    
6.     Just for home flair, by the hour:
7.    
8.     egrep "13/Jul/2020:09" /var/www/vhosts/homeflairdecor.co.uk/logs/access*og | grep petal | wc -l
9.     egrep "13/Jul/2020:10" /var/www/vhosts/homeflairdecor.co.uk/logs/access*og | grep petal | wc -l
10.     egrep "13/Jul/2020:11" /var/www/vhosts/homeflairdecor.co.uk/logs/access*og | grep petal | wc -l
11.    
12.  
13.     egrep "13/Jul/2020:(09|10|11|12|13|14):" /var/www/vhosts/*/logs/access*og | grep petal | wc -l
14.  
15.  
16.  
17.  
18. List all the unique IP addresses for log entries containing "petal" on the 13th July, along with the log path:
19.  
20.     grep  "06/Oct/2020"  /var/www/vhosts/*/logs/access*log | grep petal | awk {'print $1'} | sort -u
21.  
22.  
23. ==========================
24.  
25. Count of the top 20 requests by IP's :
26.  
27.     grep "`date +%d/%b/%Y`" /var/www/vhosts/system/*/logs/access*og | awk '{print $1, $6, $7, $11}' | sort | uniq -c | sort -gr | head -n 20
28.    
29.    
30.    
31.     grep "`date +%d/%b/%Y`" /var/www/vhosts/system/*/logs/access*og | grep whos | awk '{print $(NF)}' | sort | uniq -c
32.  
33.  
34. ==========================
35.  
36. DEBUGGING A BUSY SERVER
37.  
38. 1) I can see there have been a couple of traffic spikes yesterday at 13:00 and 17:00
39.  
40.     grep '18/Sep/2020' /var/www/vhosts/system/*/logs/access_*log | cut -d[ -f2 | cut -d] -f1 | awk -F: '{print $2":00"}' | sort -n | uniq -c
41.  
42.  
43. 2) Between 1 and 2PM today, here are the top sites that recieved the most requests:
44.  
45.     for logfile in $(ls /var/www/vhosts/system/*/logs/access_*log) ; do echo $(grep "18/Sep/2020:17" $logfile | wc -l)" "$logfile; done | sort -nr | head -n 5
46.    
47.  
48. 3) These are the IPs hammering the site the most
49.  
50.     grep '18/Sep/2020:17' /var/www/vhosts/system/rockdoor.com/logs/access_*log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20
51.    
52.     These are the top file requests by IP, 13:00-14:00
53.    
54.     less /var/www/vhosts/theabi.org.uk/logs/access_ssl_log.processed-20201017.gz | grep 16/Oct/2020:13 | awk '{print $1, $6, $7, $9, $11}' | sort | uniq -c | sort -gr | head -n 20
55.    
56.     OR
57.    
58.     grep "`date +%d/%b/%Y`" /var/www/vhosts/*/logs/access*og | awk '{print $1, $6, $7, $9, $11}' | sort | uniq -c | sort -gr | head -n 20
59.  
60. ==========================
61.  
62. Sites that are hitting the PHP max children limit:
63.  
64.     grep -r "server reached max_children setting" /var/log/*php*-fpm* | cut -d' ' -f5 | tr -d ']' | sort | uniq -c | sort -nr
65.  
66. ==========================
67.  
68. Requests which had served 200 OK between 10:44-49 and 10:50-53:
69.  
70.     egrep  "24/Jul/2020:10:5(0|3)"  /var/www/vhosts/*/logs/access*og | awk '{print $1, $6, $7, $9, $11}' | grep 200 | sort | uniq -c | sort -gr | wc -l
71.     109
72.  
73.     egrep  "24/Jul/2020:10:4(4|9)"  /var/www/vhosts/*/logs/access*og | awk '{print $1, $6, $7, $9, $11}' | grep 200 | sort | uniq -c | sort -gr | wc -l
74.     241
75.  
76.  
77. Amount of requests from ahrefs.com:
78.  
79.     egrep  "24/Jul/2020:10"  /var/www/vhosts/*/logs/access*og | grep ahrefs.com | wc -l
80.     521
81.  
82.  
83. Find sites which had been trawled by ahrefs.com:
84.  
85.     egrep  "24/Jul/2020:10"  /var/www/vhosts/*/logs/access*og | grep ahrefs.com | awk '{print $1, $6, $7, $9, $11}' | sort | uniq -c | sort -gr | awk {'print $2'} | sed 's/\:.*$//' | grep -v /access_log| uniq
86.  
87.  
88.  
89. ==========================
90.  
91. List the culprits in the slow query log
92.  
93.      grep "User@Host" /var/log/mariadb-slow.log | grep "User@Host" | awk {'print $3'} | sort -u
94.  
95.  
96. =============================================