Log analysis!
Analyze the last five minutes of logs, take out the most visited Ip,url, and access traffic within five minutes
#!/bin/shname= ' cat /etc/salt/minion | grep "^id" | awk ' {print $2} ' Ipaddr= '/sbin/ifconfig | grep "inet addr" | egrep -v "10\.| 127\. " | awk -f ' [: ]+ ' ' {print $4} ' #LogPath = '/usr/local/tengine/logs/' # #日志的时间格式. Function time () { filetime= ' head -1 $Logfile |awk -f "[[ / &NBSP:] " ' {print " ["$ $"/"$6"/"$7}" ' start_time=${filetime}: ' Date -d "6 mins ago" +%h:%m ' #now_time =${filetime}: ' Date +%h:%m '}# #取得指定最新时间内的日志, and analyzed Function ipurlflow () { time path= "/tmp /backup/log " [ ! -d $path/flow/ ] && mkdir - p $path/flow file= "$path/${logfile}.time.log" fileip= "$path /${logfile}. IP.log "&Nbsp; fileuri= "$path/${logfile}.uri.sort.log" fileipstat= "$path/${ Logfile}.flow.sort.log " filestat=" $path/flow/${logfile}.flow.log " #取出直接时间内的日志 #awk -v start_time= $start _time -v now_time= $now _ time ' {if ($4>start_time && $4<now_time) print $0 &NBSP,} ' ${Logfile} > $file awk -v start_time= $start _time -v now_time= $now _time ' {if ($4>start_time) print $0 } ' ${ logfile} > $file if [ -s $ file ] then #对取出的日志进行统计, remove the most visited IP and number of times awk ' {s[$1]++}End{for (n in s) print s[n] " " N&NBSP;} ' $file |sort -rn |head -20 > ${FileIp} #awk ' {s[$1]++}end{for (n in s) print s[n] " "N&NBSP;} ' $file |sort -rn |head -20 > ${fileipstat} # Count the logs taken out, remove the most visited URI and the number of times awk ' { S[$7]++}end{for (n in s) print s[n] " " N&NBSP;} ' $file |sort -rn |head -20 > ${FileUri} #awk ' {s[$7]++}end{for (n in s) print s[n] " "N&NBSP;} ' $file |sort -rn |head -20 >> ${FileIpStat} #对取出的日志进行统计 , remove the IP with the most traffic and the traffic size, unit m awk ' {S[$1] =+$10}end{for (n in s) print s[n] " " N&NBSP;} ' $file |sort -rn|head -20 |awk ' {a=$1/1024/1014}{print a ' M "$ $}" >${FileIpStat} #awk ' {s[$1]=+$10}end{for (n in s) print s[n ] " " N&NBSP;} ' $file |sort -rn|head -20 |awk ' {a=$1/1024/1014} {print a " M " $ >>${" Fileipstat} #整合到一个文件! echo -e "Ip_start" > &NBSP;${FILESTAT}&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;CAT&NBSP;${FILEIP} >> ${filestat} echo -e "ip_end\n" >> ${FileStat} echo -e "Url_start" >> ${FileStat} cat ${FileUri} >> ${FileStat} echo -e "url_end\n" >> ${FileStat} echo -e "Flow_star" >> ${FileStat} cat ${FileIpStat} >> ${FileStat} echo -e "flow_end\n" >> ${FileStat} &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;FI} #Ipfunction main () { cd ${logpath } for logfile in ' ls acce* ' do if [ ! -s ${Logfile} ] then echo ${Logfile} else Ip fi done}main
This article from "Struggle Bar" blog, declined reprint!
Log analysis takes out the most visited Ip,url and accesses traffic within five minutes