Log analysis takes out the most visited Ip,url and accesses traffic within five minutes

Log analysis!

Analyze the last five minutes of logs, take out the most visited Ip,url, and access traffic within five minutes

#!/bin/shname= ' cat /etc/salt/minion | grep  "^id"  | awk  ' {print $2} ' Ipaddr= '/sbin/ifconfig | grep  "inet addr"  | egrep -v  "10\.| 127\. "  | awk  -f ' [:  ]+ '   ' {print $4} ' #LogPath = '/usr/local/tengine/logs/' # #日志的时间格式. Function time () {    filetime= ' head -1  $Logfile  |awk -f "[[ / &NBSP:] "  ' {print " ["$ $"/"$6"/"$7}" '     start_time=${filetime}: ' Date -d   "6 mins ago"  +%h:%m '      #now_time =${filetime}: ' Date  +%h:%m '}# #取得指定最新时间内的日志, and analyzed Function ipurlflow () {    time    path= "/tmp /backup/log "    [ ! -d  $path/flow/ ] && mkdir - p  $path/flow    file= "$path/${logfile}.time.log"     fileip= "$path /${logfile}. IP.log "&Nbsp;   fileuri= "$path/${logfile}.uri.sort.log"     fileipstat= "$path/${ Logfile}.flow.sort.log "    filestat=" $path/flow/${logfile}.flow.log "      #取出直接时间内的日志      #awk  -v start_time= $start _time -v now_time= $now _ time   ' {if  ($4>start_time &&  $4<now_time)  print $0 &NBSP,} '  ${Logfile} >  $file     awk -v start_time= $start _time  -v now_time= $now _time   ' {if  ($4>start_time)  print $0 } '  ${ logfile} >  $file         if [  -s $ file ]        then              #对取出的日志进行统计, remove the most visited IP and number of times              awk  ' {s[$1]++}End{for (n in s)  print s[n] "      " N&NBSP;} '    $file   |sort -rn |head -20  > ${FileIp}              #awk   ' {s[$1]++}end{for (n in s)  print s[n] "        "N&NBSP;} '    $file   |sort -rn |head -20   > ${fileipstat}            # Count the logs taken out, remove the most visited URI and the number of times             awk  ' { S[$7]++}end{for (n in s)  print s[n] "      " N&NBSP;} '     $file   |sort -rn |head -20  > ${FileUri}              #awk   ' {s[$7]++}end{for (n in s)  print  s[n] "       "N&NBSP;} '    $file   |sort -rn |head -20   >> ${FileIpStat}             #对取出的日志进行统计 , remove the IP with the most traffic and the traffic size, unit m            awk  ' {S[$1] =+$10}end{for (n in s)  print s[n] "      " N&NBSP;} '   $file  |sort -rn|head -20 |awk  ' {a=$1/1024/1014}{print a  '  M            "$ $}"  >${FileIpStat}              #awk   ' {s[$1]=+$10}end{for (n in s)  print s[n ] "      " N&NBSP;} '   $file  |sort -rn|head -20 |awk  ' {a=$1/1024/1014} {print a  " M          " $  >>${" Fileipstat}                      #整合到一个文件!             echo -e  "Ip_start"  > &NBSP;${FILESTAT}&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;CAT&NBSP;${FILEIP}  >> ${filestat}            echo  -e  "ip_end\n"   >> ${FileStat}             echo -e  "Url_start"   >> ${FileStat}             cat ${FileUri} >> ${FileStat}             echo -e  "url_end\n"    >> ${FileStat}            echo -e  "Flow_star"   >> ${FileStat}             cat ${FileIpStat} >> ${FileStat}             echo -e  "flow_end\n"   >> ${FileStat}  &NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;&NBSP;FI} #Ipfunction  main () {    cd ${logpath }    for logfile in  ' ls acce* '     do         if [ ! -s ${Logfile} ]         then             echo  ${Logfile}        else             Ip        fi                 done}main 

This article from "Struggle Bar" blog, declined reprint!

Log analysis takes out the most visited Ip,url and accesses traffic within five minutes