In the day-to-day operation of the flow of traffic will find the phenomenon of sudden increase or increase in server load and so on, in order to find out why, need to use the Nginx limit module to access IP restrictions, and then can analyze the log.
Configure Nginx to restrict IP access and configure multiple zone.
Limit_req_zone $binary _remote_addr zone=allips:10m rate=20r/s;
Parse script for the resulting nginx log.
# #提供默认日志路径和名称
Logsfile= "journal name"
# #配置多个zoneName
Zonename= "Allips name2 name3"
# #生产临时文件存放目录
mkdir./cache$$
# #日志分析函数
Fenxi () {
for zone in $zoneName;
Todo
printf \ n The current report is {$zone} limit generated: \ n "
grep "$zone" $logFile >/cache$$/$zone. Log
printf "%-7s|%-12s|%-19s|%-20s|%-36s|%s\n" "Ordinal" "Number" "IP Address" "IP Attribution" "Time range"
ucount=0;
# #过滤出访问的IP地址并排序去重 to ensure that the results are sorted by the number of visits high to low
ip_list=$ (egrep-o "[0-9]{1,3}\.[ 0-9]{1,3}\. [0-9] {1,3}\. [0-9] {1,3} "cache$$/$zone. Log |sort |uniq-c |sort-n-R |awk ' {print $} ')
For IP in $ip _list;
Todo
grep $ip cache$$/$zone. Log >/cache$$/temp.$$.log
Tstart= ' cut-c-19/cache$$/temp.$$.log | Head-1 '
Tend= ' cut-c-19./cache$$/temp.$$.log|tail-1 '
Let ucount++
Attempts= ' Cat/cache$$/temp.$$.log |wc-l '
Time_range= "$tstart"--"$tend"
# #通过138找到ip地址归属
Ip138= ' Curl-s "http://ip138.com/ips138.asp?ip= $ip &action=2" | Iconv-f gb2312-t utf-8 |grep ' | Awk-f ' [<>]+ ' {print substr ($7,6)} '
Ipwhere= ' echo $ip 138 |awk ' {print $} '
printf "%-5s|%-10s|%-17s|%-20s|%-33s|%s\n" "$ucount" "$Attempts" "$ip" "$ipwhere" "$time _range"
Done
Done
}
# #可以手动输入日志文件或者执行默认分析
If ["$" = ""];then
For LogFile in $logsFile;
Todo
If [-F "$logFile]"
Then
printf "\n#############################################################\n"
printf \ \ \ n Current parsed log file: $logFile, the following is a generated report: \ n
Else
echo "Log file error, please check file"
Fi
echo "Current log analysis time: ' Date '"
Fenxi
Done
Else
Logfile=$1
printf "\n################################################################\n"
printf \ \ \ n Current parsed log file: $logFile, the following is a generated report: \ n
echo "Current log analysis time: ' Date '"
Fenxi
Fi
RM-RF cache$$/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
