脚本如下

#!/bin/bash

echo `date +"%F %H:%M:%S"` "HTTP80-ALL" "`netstat -anlp|grep tcp|grep 服务器ip|grep -w 80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20`" >> /var/log/ip80_count`date +"%F"`.txt
#完整可用

echo `date +"%F %H:%M:%S"` "HTTP80-疑似攻击-ALL" "`netstat -anlp|grep tcp|grep 服务器ip|grep -w 80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20`" >> /var/log/ip80疑似攻击_count`date +"%F"`.txt
echo `date +"%F %H:%M:%S"` "HTTP80-已连接-ALL" "` netstat -anlp|grep tcp|grep 服务器ip:80|grep ESTABLISHED|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20 `" >> /var/log/ip80已连接_count`date +"%F"`.txt

#更精简的写法

netstat -anlp|grep tcp|grep 服务器ip:80|awk ‘{print $5}’|awk -F: ‘{print $4}’|sort|uniq -c|sort -nr|head -n20