Log analysis!
Analyze the last five minutes of logs, take out the most visited Ip,url, and access traffic within five minutes
#!/bin/shname= ' cat /etc/salt/minion | grep "^id" | awk ' {print $2} ' Ipaddr= '/sbin/ifconfig | grep "inet addr" | egrep -v "10\.| 127\. " | awk -f ' [: ]+ ' ' {print $4} ' #LogPath = '/usr/local/tengine/logs/' # #日志的时间格式. Function time () { filetime= ' head -1 $Logfile |awk -f "[[ / &NBSP:] " ' {print " ["$ $"/"$6"/"$7}" ' start_time=${filetime}: ' Date -d "6 mins ago" +%h:%m ' #now_time =${filetime}: ' Date +%h:%m '}# #取得指定最新时间内的日志, and analyzed Function ipurlflow () { time path= "/tmp /backup/log " [ ! -d $path/flow/ ] && mkdir - p $path/flow file= "$path/${logfile}.time.log" fileip= "$path /${logfile}. IP.log "&Nbsp; fileuri= "$path/${logfile}.uri.sort.log" fileipstat= "$path/${ Logfile}.flow.sort.log " filestat=" $path/flow/${logfile}.flow.log " #取出直接时间内的日志 #awk -v start_time= $start _time -v now_time= $now _ time ' {if ($4>start_time && $4<now_time) print $0 &NBSP,} ' ${Logfile} > $file awk -v start_time= $start _time -v now_time= $now _time ' {if ($4>start_time) print $0 } ' ${ logfile} > $file if [ -s $ file ] then #对取出的日志进行统计, remove the most visited IP and number of times awk ' {s[$1]++}End{for (n in s) print s[n] " " N&NBSP;} ' $file |sort -rn |head -20 > ${FileIp} #awk ' {s[$1]++}end{for (n in s) print s[n] " "N&NBSP;} ' $file |sort -rn |head -20 > ${fileipstat} # Count the logs taken out, remove the most visited URI and the number of times awk ' { S[$7]++}end{for (n in s) print s[n] " " N&NBSP;} ' $file |sort -rn |head -20 > ${FileUri} #awk ' {s[$7]++}end{for (n in s) print s[n] " "N&NBSP;} ' $file |sort -rn |head -20 >> ${FileIpStat} #对取出的日志进行统计 , remove the IP with the most traffic and the traffic size, unit m awk ' {S[$1] =+$10}end{for (n in s) print s[n] " " N&NBSP;} ' $file |sort -rn|head -20 |awk ' {a=$1/1024/1014}{print a ' M "$ $}" >${FileIpStat} #awk ' {s[$1]=+$10}end{for (n in s) print s[n ] " " N&NBSP;} ' $file |sort -rn|head -20 |awk ' {a=$1/1024/1014} {print a " M " $ >>${" Fileipstat} #整合到一个文件! echo -e "Ip_start" > &NBSP;${FILESTAT}&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;CAT&NBSP;${FILEIP} >> ${filestat} echo -e "ip_end\n" >> ${FileStat} echo -e "Url_start" >> ${FileStat} cat ${FileUri} >> ${FileStat} echo -e "url_end\n" >> ${FileStat} echo -e "Flow_star" >> ${FileStat} cat ${FileIpStat} >> ${FileStat} echo -e "flow_end\n" >> ${FileStat} &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;FI} #Ipfunction main () { cd ${logpath } for logfile in ' ls acce* ' do if [ ! -s ${Logfile} ] then echo ${Logfile} else Ip fi done}main########################################################## ############################################################################################################### #####################################################################!/bin/shname= ' Cat /etc/salt/minion | grep "^id" | awk ' {print $2} ' ipaddr= '/sbin/ifconfig | grep "Inet addr" | egrep -v "10\.| 127\. " | awk -f ' [: ]+ ' ' {print $4} ' logpath= '/usr/local/tengine/logs/' #filelog = ' Access_www.log ' #Logfile = "${logpath}${filelog}" Function time () { filetime= ' head -1 $Logfile |awk -f "[[ / :]" ' {print "[" $ $ "/" $6 "/" $7} " start_time=${filetime}: ' date -d ' 6 mins ago ' +%h:%m ' now_time=${filetime}: ' Date +%h:%m ' #echo $FileTime $start _time $now _time}function ip () { time path= "/script/shell/gaogd/loganalyze/log" [ ! -d $path/flow ] && mkdir -p $path/flow file= "$path/ ${logfile}.time.log " #FileIp =" $path/${logfile}. IP.log " #FileUri =" $path/${logfile}.uri.sort.log " #FileIpStat =" $ Path/${logfile}.stat.sort.log " filestat=" $path/flow/${logfile}. Statistics.log " awk -v start_time= $start _time -v now_time= $now _time ' {if ($4>start_time && $4<now_time) print $0 } ' ${Logfile} > $file if [ -s $file ] then echo -e "IP_start" > ${FileStat} awk ' { S[$1]++}end{for (n in s) print s[n] " " N&NBSP;} ' $file |sort -rn |head -20 >> ${FileStat} echo -e "ip_end\n" >> ${ filestat} echo -e "URL_start" >> ${FileStat} awk ' {s[$7]++}end{for (n in s) print s[n] " " n } ' $file |sort -rn |head -20 >> ${FileStat} echo -e "url_end\n" >> ${filestat} echo -e "Flow_star" >> ${filestat} awk ' {s[$1]=+$10}end{for (n in s) print s[n] " " n } ' $file |sort -rn|head -20 |awk ' {a=$1/1024/1014}{print a ' m "$ $}" >>${FileStat} echo -e "flow_end\n" >> ${filestat} else if [ -s ${FileStat} ] then mv ${filestat} /tmp fi &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;FI} #Ipfunction main () { cd ${ logpath} for logfile in ' ls acce* ' do if [ ! -s ${Logfile} ] then echo ${Logfile} else Ip fi done}main
This article from "Struggle Bar" blog, declined reprint!
Log analysis takes out the most visited Ip,url and accesses traffic within five minutes