一,分析apache日誌
1,有一個檔案shell.sh,內容如下:
[root@test3root]#catshell.sh
http://www.baidu.com/index.html
http://www.google.com/index.html
http://www.baidu.com/get.html
http://www.baidu.com/set.html
http://www.google.com/index.html
http://www.yahoo.com.cn/put.html
現要求將該檔案中的網域名稱截取出來,統計重複網域名稱出現的次數,然後按次數進行降序排列,統計後的結果如下:
3www.baidu.com
2www.google.com
1www.yahoo.com.
sort將檔案的每一行作為一個單位,相互比較,比較原則是從首字元向後,依次按ASCII碼值進行比較,最後將他們按升序輸出,uniq是去除緊挨著的相同的行只保留一行
[root@test3 ~]# awk -F "/"'{print $3}' shell.sh |sort |uniq -c
3 www.baidu.com
2 www.google.com
1 www.yahoo.com.cn
2,在apachelog中找出訪問次數最多的10個IP
/usr/local/apache2/logs/access_log的格式如下
192.168.46.1-chen[21/Sep/2013:14:04:48+0800]"GET/phpmyadmin/themes/pmahomme/img/tab_hover_bg.pngHTTP/1.1"200502
[root@test3 ~]# awk '{print $1}' /usr/local/apache2/logs/access_log |sort|uniq -c|head -n 10
7 127.0.0.1
228 192.168.46.1
3.在apache日誌中找出訪問次數最多的幾個分鐘
/usr/local/apache2/logs/access_log的格式如下
192.168.46.1-chen[21/Sep/2013:14:04:48+0800]"GET/phpmyadmin/themes/pmahomme/img/tab_hover_bg.pngHTTP/1.1"200502
[root@test3 ~]# awk '{print $4}' /usr/local/apache2/logs/access_log|cut -c 14-18 |sort|uniq -c|sort -nr|head
33 13:55
30 13:35
19 13:22
15 13:54
15 13:45
15 13:38
15 13:36
13 13:04
10 12:59
9 13:18
4.在apache日誌中找到訪問最多的頁面
/usr/local/apache2/logs/access_log的格式如下
192.168.46.1-chen[21/Sep/2013:14:04:48+0800]"GET/phpmyadmin/themes/pmahomme/img/tab_hover_bg.pngHTTP/1.1"200502
[root@test3 ~]# awk '{print $7}' /usr/local/apache2/logs/access_log |sort|uniq -c|sort -nr|head
46 /
44 /phpmyadmin/
10 /phpmyadmin/js/jquery/jquery-1.6.2.js?ts=1359376847
9 /phpmyadmin/js/update-location.js?ts=1359376847
9 /phpmyadmin/js/jquery/jquery-ui-1.8.16.custom.js?ts=1359376847
9 /phpmyadmin/js/jquery/jquery.qtip-1.0.0-rc3.js?ts=1359376847
9 /phpmyadmin/js/functions.js?ts=1359376847
8 /phpmyadmin/js/cross_framing_protection.js?ts=1359376847
7 /phpmyadmin/themes/pmahomme/jquery/jquery-ui-1.8.16.custom.css
7 /phpmyadmin/themes/pmahomme/img/sprites.png
5,在apache日誌中找出訪問次數最多(負載最重)的幾個時間段(以分鐘為單位),然後在看看這些時間哪幾個IP訪問的最多?
/usr/local/apache2/logs/access_log的格式如下
192.168.46.1-chen[21/Sep/2013:14:04:48+0800]"GET/phpmyadmin/themes/pmahomme/img/tab_hover_bg.pngHTTP/1.1"200502
如下是時間段的訪問量情況
[root@test3 ~]# awk '{print $4}' /usr/local/apache2/logs/access_log |cut -c 9-18 |uniq -c|sort -nr|head
33 2013:13:55
30 2013:13:35
19 2013:13:22
15 2013:13:54
15 2013:13:45
15 2013:13:38
15 2013:13:36
10 2013:12:59
9 2013:13:18
9 2013:13:16
6,apache相關的系統操作
1,查看apache進程:
ps aux | grep httpd | grep -v grep | wc -l
2,查看80連接埠的tcp串連:
netstat -tan | grep "ESTABLISHED" | grep ":80" | wc -l
3,通過日誌查看當天ip串連數,過濾重複:
cat access_log | grep "19/May/2011" | awk '{print $2}' | sort | uniq -c | sort -nr
4,當天ip串連數最高的ip都在幹些什麼(原來是蜘蛛):
cat access_log | grep "19/May/2011:00" | grep "61.135.166.230" | awk '{print $8}' | sort | uniq -c | sort -nr | head -n 10
5,當天訪問頁面排前10的url:
cat access_log | grep "19/May/2010:00" | awk '{print $8}' | sort | uniq -c | sort -nr | head -n 10
6,用tcpdump嗅探80連接埠的訪問看看誰最高
tcpdump -i eth0 -tnn dst port 80 -c 1000 | awk -F"." '{print $1"."$2"."$3"."$4}' | sort | uniq -c | sort -nr
接著從日誌裡查看該ip在幹嘛:
cat access_log | grep 220.181.38.183| awk '{print $1"/t"$8}' | sort | uniq -c | sort -nr | less
7,查看某一時間段的ip串連數:
grep "2006:0[7-8]" www20110519.log | awk '{print $2}' | sort | uniq -c| sort -nr | wc -l
8,當前WEB伺服器中聯結次數最多的20條ip地址:
netstat -ntu |awk '{print $5}' |sort | uniq -c| sort -n -r | head -n 20
9,查看日誌中訪問次數最多的前10個IP
cat access_log |cut -d ' ' -f 1 |sort |uniq -c | sort -nr | awk '{print $0 }' | head -n 10 |less
10,查看日誌中出現100次以上的IP
cat access_log |cut -d ' ' -f 1 |sort |uniq -c | awk '{if ($1 > 100) print $0}'|sort -nr |less
11,查看最近訪問量最高的檔案
cat access_log |tail -10000|awk '{print $7}'|sort|uniq -c|sort -nr|less
12,查看日誌中訪問超過100次的頁面
cat access_log | cut -d ' ' -f 7 | sort |uniq -c | awk '{if ($1 > 100) print $0}' | less
13,列出傳輸時間超過 30 秒的檔案
cat access_log|awk '($NF > 30){print $7}'|sort -n|uniq -c|sort -nr|head -20
14,列出最最耗時的頁面(超過60秒的)的以及對應頁面發生次數
cat access_log |awk '($NF > 60 && $7~//.php/){print $7}'|sort -n|uniq -c|sort -nr|head -100
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
