Apache Log Analysis

Tag:compatible   windows    record    apache    log analysis    

Log Format:118.78.199.98 – - [09/jan/2010:00:59:59 +0800]  "Get /public/css/index.css  http/1.1″ 304 – "http://www.a.cn/common/index.php"   "mozilla/4.0  (compatible;  msie 6.0; windows nt 5.1; sv1; gtb6.3) "Most visited 10 ip:awk  ' {print $1} '  apache_log |sort |uniq -c|sort -nr|head -n 10awk  first the IP in each log is captured, If the log format has been customized, you can  -F  define the delimiter and  print the specified column; Sort for the first order, for the same records to be arranged together;upiq -c  merge duplicate rows and record the number of repetitions. Head for the top 10 filters; Sort -nr in flashbacks by number. Reference command: Show 10 most commonly used commands sed -e  "s/| //n/g"  ~/.bash_history | cut -d  '   '  -f 1 | sort | uniq -c | sort -nr |  Head access times up to several minutes:awk  ' {print $4} '  access_log |cut -c 14-18|sort|uniq -c|sort  -nr|headawk  the fourth column separated by a space is [09/jan/2010:00:59:59;cut -c  extract 14 to 18 characters remaining content and problem 1 are similar. Most visited pages:awk  ' {PRint $11} '  apache_log |sed  ' s/^.*cn/(. */)/"//1/g ' |sort |uniq -c|sort -rn| Head similar to questions 1 and 2, the only special is to replace "http://www.a.cn/common/index.php" with the "sed" function in parentheses: "Http://www.a.cn (/common/index.php)" Number of time periods (in minutes) for the most visited (heaviest), and then look at these times which IP access is the most? View Apache process: ps aux | grep httpd | grep -v grep | wc - L View TCP connection for port 80:netstat -tan | grep  "established"  | grep  ":  | WC"  -l the number of IP connections in the day through the log, filter repeat:cat access_log | grep  "19/may/2011"  | awk  ' { print $2} '  | sort | uniq -c | sort -nr what is the highest IP connection IP of the day (originally a spider): cat access_log | grep  "19/may/2011:00"  | grep  "61.135.166.230"  |  awk  ' {print $8} '  | sort | uniq -c | sort -nr |  Head -n 10 the same day access page 10 url:cat access_log | grep  "19/may/2010:XX " | awk  ' {print $8} '  | sort | uniq -c | sort -nr  | head -n 10 with tcpdump Sniff 80 port to see who's highest: Tcpdump -i eth0 -tnn dst port  80 -c 1000 | awk -f "."   ' {print $1 '. " $ "." $ "." $4} '  | sort | uniq -c | sort -nr to see what the IP is doing: cat access_log |  grep 220.181.38.183| awk  ' {print $1 '/t ' $8} '  | sort | uniq - C | sort -nr | less View the number of IP connections for a time period:grep  "2006:0[7-8]"  www20110519.log |  awk  ' {print $2} '  | SORT | UNIQ -C| SORT -NR | WC  -l the 20 most connected IP addresses in the current Web server:netstat -ntu |awk  ' {print $5} '  |sort | uniq  -C| SORT -N -R | HEAD -N 20 View the top 10 most visited Ip:cat access_log in a log  |cut -d  '   '  -F&Nbsp;1 |sort |uniq -c | sort -nr | awk  ' {print $0 } '  | head -n 10 |less view logs with more than 100 occurrences of ip:cat access_log |cut -d  '   '  -f 1 |sort |uniq -c | awk  ' {if  ($1 > 100)  print $0} ' |sort -nr |less view most recently accessed files: Cat access_log |tail -10000|awk   ' {print $7} ' |sort|uniq -c|sort -nr|less view log for more than 100 pages of Access:cat access_log |  cut -d  '   '  -f 7 | sort |uniq -c | awk  ' {if  ($ 1 > 100)  print $0} '  | less list files with transfer time exceeding  30  sec: Cat access_log|awk   ' ($NF  > 30) {print $7} ' |sort -n|uniq -c|sort -nr|head -20 the most time-consuming page ( More than 60 seconds) and the number of corresponding page occurrences:

This article is from the "Small Zheng Technology Blog" blog, please be sure to keep this source http://ko178.blog.51cto.com/220419/1656414

Apache Log Analysis