# Real-Time Traffic Monitoring Commands (Direct Server Use) Copy and paste these commands directly on your server. ## Quick Status Checks ### See IPs visiting in the last few minutes: ```bash sudo tail -500 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head -20 ``` ### See what status codes they're getting: ```bash sudo tail -500 /var/log/nginx/access.log | awk '{print $1, $9}' | grep '216.73.216.38' ``` ### Count status codes (200 vs 403): ```bash sudo tail -500 /var/log/nginx/access.log | awk '{print $9}' | sort | uniq -c ``` ## Real-Time Monitoring ### Watch live traffic (updates every 2 seconds): ```bash watch -n 2 'sudo tail -200 /var/log/nginx/access.log | awk "{print \$1}" | sort | uniq -c | sort -rn | head -15' ``` ### See live log entries as they happen: ```bash sudo tail -f /var/log/nginx/access.log ``` ### Live GoAccess dashboard: ```bash sudo tail -f /var/log/nginx/access.log | goaccess - ``` ## Active Connections ### See who's connected RIGHT NOW: ```bash sudo netstat -tn | grep ':443' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn ``` ### Alternative (using ss command): ```bash sudo ss -tn | grep ':443' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn ``` ## Detailed Analysis ### Last 100 requests with timestamps: ```bash sudo tail -100 /var/log/nginx/access.log | awk '{print $4, $1}' | sed 's/\[//' ``` ### See what blocked IPs are trying to access: ```bash sudo tail -500 /var/log/nginx/access.log | grep '216.73.216.38' | awk '{print $7}' | head -10 ``` ### Show all 403 (blocked) requests: ```bash sudo tail -500 /var/log/nginx/access.log | awk '$9==403 {print $1}' | sort | uniq -c | sort -rn ``` ### Show all successful (200) requests: ```bash sudo tail -500 /var/log/nginx/access.log | awk '$9==200 {print $1}' | sort | uniq -c | sort -rn | head -10 ``` ## Comprehensive Monitoring Script ### Create a monitoring script: ```bash cat > /tmp/monitor-traffic.sh << 'EOF' #!/bin/bash echo "=== Traffic in last 5 minutes ===" echo "Time: $(date)" echo "" echo "Top IPs:" sudo tail -1000 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head -10 echo "" echo "Blocked IPs (403 errors):" sudo tail -1000 /var/log/nginx/access.log | awk '$9==403 {print $1}' | sort | uniq -c | sort -rn echo "" echo "Successful requests (200):" sudo tail -1000 /var/log/nginx/access.log | awk '$9==200 {print $1}' | sort | uniq -c | sort -rn | head -5 echo "" echo "Status Code Summary:" sudo tail -1000 /var/log/nginx/access.log | awk '{print $9}' | sort | uniq -c | sort -rn EOF chmod +x /tmp/monitor-traffic.sh ``` ### Run the monitoring script: ```bash /tmp/monitor-traffic.sh ``` ## Auto-Refreshing Dashboard ### Live dashboard (refreshes every 5 seconds): ```bash watch -n 5 'echo "=== Last 5 minutes ===" date echo "" echo "Top IPs:" sudo tail -1000 /var/log/nginx/access.log | awk "{print \$1}" | sort | uniq -c | sort -rn | head -10 echo "" echo "Status Codes:" sudo tail -1000 /var/log/nginx/access.log | awk "{print \$9}" | sort | uniq -c | sort -rn' ``` Press `Ctrl+C` to exit. ## GoAccess HTML Report (Live Updating) ### Generate live HTML report: ```bash sudo goaccess /var/log/nginx/access.log -o /var/www/html/live-stats.html --real-time-html --daemonize ``` Then visit: https://git.laantungir.net/live-stats.html ### Stop the live report: ```bash sudo pkill -f "goaccess.*live-stats" ``` ## Filter by Time ### Get timestamp from 5 minutes ago: ```bash date -d '5 minutes ago' '+%d/%b/%Y:%H:%M' ``` ### Analyze only recent logs (replace timestamp): ```bash sudo awk '/01\/Feb\/2026:19:09/,0' /var/log/nginx/access.log | goaccess - ``` ## Check Gitea CPU ### Current CPU usage: ```bash ps aux | grep gitea | grep -v grep ``` ### Watch CPU in real-time: ```bash watch -n 2 'ps aux | grep gitea | grep -v grep' ``` ## Most Useful Command for Quick Check This one-liner shows everything you need: ```bash echo "=== Quick Status ===" && \ echo "Time: $(date)" && \ echo "" && \ echo "Top 10 IPs (last 1000 requests):" && \ sudo tail -1000 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head -10 && \ echo "" && \ echo "Status Codes:" && \ sudo tail -1000 /var/log/nginx/access.log | awk '{print $9}' | sort | uniq -c && \ echo "" && \ echo "Gitea CPU:" && \ ps aux | grep gitea | grep -v grep ``` Copy any of these commands and run them directly on your server!