laantungir/c-relay
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 8 Wiki Activity
Files
086d2af56c4491787eda87e1d3a6d79aa2854cd3
c-relay/Real-Time Traffic Monitoring Commands.md
Your Name 4cc2d2376e v1.1.6 - Optimize: Deduplicate kinds in subscription index to prevent redundant operations 
The kind index was adding subscriptions multiple times when filters contained
duplicate kinds (e.g., 'kinds': [1, 1, 1] or multiple filters with same kind).
This caused:
- Redundant malloc/free operations during add/remove
- Multiple index entries for same subscription+kind pair
- Excessive TRACE logging (7+ removals for single subscription)
- Wasted CPU cycles on duplicate operations

Fix:
- Added bitmap-based deduplication in add_subscription_to_kind_index()
- Uses 8KB bitmap (65536 bits) to track which kinds already added
- Prevents adding same subscription to same kind index multiple times
- Reduces index operations by 3-10x for subscriptions with duplicate kinds

Performance Impact:
- Eliminates redundant malloc/free cycles
- Reduces lock contention on kind index operations
- Decreases log volume significantly
- Should reduce CPU usage by 20-40% under production load
2026-02-01 15:59:54 -04:00

4.3 KiB
Raw Blame History

Real-Time Traffic Monitoring Commands (Direct Server Use)

Copy and paste these commands directly on your server.

Quick Status Checks

See IPs visiting in the last few minutes:

sudo tail -500 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head -20

See what status codes they're getting:

sudo tail -500 /var/log/nginx/access.log | awk '{print $1, $9}' | grep '216.73.216.38'

Count status codes (200 vs 403):

sudo tail -500 /var/log/nginx/access.log | awk '{print $9}' | sort | uniq -c

Real-Time Monitoring

Watch live traffic (updates every 2 seconds):

watch -n 2 'sudo tail -200 /var/log/nginx/access.log | awk "{print \$1}" | sort | uniq -c | sort -rn | head -15'

See live log entries as they happen:

sudo tail -f /var/log/nginx/access.log

Live GoAccess dashboard:

sudo tail -f /var/log/nginx/access.log | goaccess -

Active Connections

See who's connected RIGHT NOW:

sudo netstat -tn | grep ':443' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn

Alternative (using ss command):

sudo ss -tn | grep ':443' | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -rn

Detailed Analysis

Last 100 requests with timestamps:

sudo tail -100 /var/log/nginx/access.log | awk '{print $4, $1}' | sed 's/\[//'

See what blocked IPs are trying to access:

sudo tail -500 /var/log/nginx/access.log | grep '216.73.216.38' | awk '{print $7}' | head -10

Show all 403 (blocked) requests:

sudo tail -500 /var/log/nginx/access.log | awk '$9==403 {print $1}' | sort | uniq -c | sort -rn

Show all successful (200) requests:

sudo tail -500 /var/log/nginx/access.log | awk '$9==200 {print $1}' | sort | uniq -c | sort -rn | head -10

Comprehensive Monitoring Script

Create a monitoring script:

cat > /tmp/monitor-traffic.sh << 'EOF'
#!/bin/bash
echo "=== Traffic in last 5 minutes ==="
echo "Time: $(date)"
echo ""
echo "Top IPs:"
sudo tail -1000 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head -10
echo ""
echo "Blocked IPs (403 errors):"
sudo tail -1000 /var/log/nginx/access.log | awk '$9==403 {print $1}' | sort | uniq -c | sort -rn
echo ""
echo "Successful requests (200):"
sudo tail -1000 /var/log/nginx/access.log | awk '$9==200 {print $1}' | sort | uniq -c | sort -rn | head -5
echo ""
echo "Status Code Summary:"
sudo tail -1000 /var/log/nginx/access.log | awk '{print $9}' | sort | uniq -c | sort -rn
EOF
chmod +x /tmp/monitor-traffic.sh

Run the monitoring script:

/tmp/monitor-traffic.sh

Auto-Refreshing Dashboard

Live dashboard (refreshes every 5 seconds):

watch -n 5 'echo "=== Last 5 minutes ==="
date
echo ""
echo "Top IPs:"
sudo tail -1000 /var/log/nginx/access.log | awk "{print \$1}" | sort | uniq -c | sort -rn | head -10
echo ""
echo "Status Codes:"
sudo tail -1000 /var/log/nginx/access.log | awk "{print \$9}" | sort | uniq -c | sort -rn'

Press Ctrl+C to exit.

GoAccess HTML Report (Live Updating)

Generate live HTML report:

sudo goaccess /var/log/nginx/access.log -o /var/www/html/live-stats.html --real-time-html --daemonize

Then visit: https://git.laantungir.net/live-stats.html

Stop the live report:

sudo pkill -f "goaccess.*live-stats"

Filter by Time

Get timestamp from 5 minutes ago:

date -d '5 minutes ago' '+%d/%b/%Y:%H:%M'

Analyze only recent logs (replace timestamp):

sudo awk '/01\/Feb\/2026:19:09/,0' /var/log/nginx/access.log | goaccess -

Check Gitea CPU

Current CPU usage:

ps aux | grep gitea | grep -v grep

Watch CPU in real-time:

watch -n 2 'ps aux | grep gitea | grep -v grep'

Most Useful Command for Quick Check

This one-liner shows everything you need:


echo "=== Quick Status ===" && \
echo "Time: $(date)" && \
echo "" && \
echo "Top 10 IPs (last 1000 requests):" && \
sudo tail -1000 /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -rn | head -10 && \
echo "" && \
echo "Status Codes:" && \
sudo tail -1000 /var/log/nginx/access.log | awk '{print $9}' | sort | uniq -c && \
echo "" && \
echo "Gitea CPU:" && \
ps aux | grep gitea | grep -v grep

Copy any of these commands and run them directly on your server!