Nginx access log split by time

Filter logs by hour:

#!/bin/bash#file log pathlog_file=‘/var/log/nginx/access.log‘last_hour=1# start timestart_time=`date -d "$last_hour hour ago" +"%H:%M:%S"`# end timeend_time=`date +"%H:%M:%S"`#Get the host ip addresshost_ip=`ip addr |grep eth0|awk ‘BEGIN{FS="([[:space:]]|/)+"}NR==2{print $3}‘`# output log filefilter_ip=‘/opt/scripts/log/hour_ip.txt‘# app nameapp_name="#"echo "$app_name: $host_ip $end_time" > $filter_iptac $log_file | awk -v st="$start_time" -v et="$end_time" ‘{t=substr($4,RSTART+14,15);if(t>=st && t<=et) {print $0}}‘ |awk ‘{if($9~/404/)a[$1" "$7" "$9]++}END{for(i in a) print i,a[i]}‘ |awk ‘{print $4,$1,$2}‘|sort -nr|head -n 10 >> $filter_ipnum=`cat $filter_ip|wc -l`if [ $num -ge 2 ]; then  cat $result | mail -s "$app_name: suspect_attack" [email protected]fi

Filter logs by minute:

#/bin/bash#日志文件logfile=‘/var/log/nginx/access.log‘log_file=‘/opt/scripts/log/half_ip.txt‘# app nameapp_name="#"#host ip addrhost_ip=`ip addr |grep eth0|awk ‘NR==2{print $2}‘|awk -F/ ‘{print $1}‘`#time intervallast_minutes=30#开始时间start_time=`date -d "$last_minutes minutes ago" +"%H:%M:%S"`#结束时间stop_time=`date +"%H:%M:%S"`echo "$app_name: $host_ip $stop_time" > $log_file#过滤出单位之间内的日志并统计最高ip数tac $logfile | awk -v st="$start_time" -v et="$stop_time" ‘{t=substr($4,RSTART+14,21);if(t>=st && t<=et) {print $0}}‘ | awk ‘{print $1}‘ | sort | uniq -c | sort -nr |egrep -v ‘106.14.240.239‘|awk ‘{if($1 > 1000){print $0}}‘ >> $log_filenum=`cat $log_file|wc -l`if [ $num -ge 2 ]; then  cat $log_file | mail -s "$app_name: suspect_attack" [email protected]fi

Nginx access log split by time