WEB正确日志格式分析
#日志统计举例
[root@master ~]# cat /etc/httpd/logs/access_log |awk '{print $1}'
#对IP排序
[root@master ~]# cat /etc/httpd/logs/access_log |awk '{print $1}'|sort
#打印每一个重复出现IP的次数,
[root@master ~]# cat /etc/httpd/logs/access_log |awk '{print $1}'|sort|uniq -c
#排序并统计行数
[root@master ~]# cat /etc/httpd/logs/access_log |awk '{print $1}'|sort|uniq -c|sort -rn|wc -l
#显示访问前10的IP地址
[root@master ~]# cat /etc/httpd/logs/access_log |awk '{print $1}'|sort|uniq -c|sort -rn|head -10
#显示指定时间以后的日志
[root@master ~]# cat /etc/httpd/logs/access_log |awk '$4>="21/Mar/2020:16:34:13"{print}'
#找出访问最大的IP地址并封掉
[root@master ~]# cat /etc/httpd/logs/access_log |awk '{print $1}'|sort|uniq -c|sort -rn|more
#找出日志中下载最的几个css文件,
[root@master ~]# cat /etc/httpd/logs/access_log |awk '($7~/css/){print $10" "$4" "$7" "$1}'|sort -n|uniq -c|sort -rn|head -10
6 241 [21/Sept/2024:16:34:52 /noindex/css/fonts/Light/OpenSans-Light.woff 192.168.1.5
6 240 [21/Sept/2024:16:34:52 /noindex/css/fonts/Light/OpenSans-Light.ttf 192.168.1.5
6 239 [21/Sept/2024:16:34:52 /noindex/css/fonts/Bold/OpenSans-Bold.woff 192.168.1.5
6 238 [21/Sept/2024:16:34:53 /noindex/css/fonts/Bold/OpenSans-Bold.ttf 192.168.1.5
5 241 [21/Sept/2024:16:34:53 /noindex/css/fonts/Light/OpenSans-Light.woff 192.168.1.5
5 240 [21/Sept/2024:16:34:53 /noindex/css/fonts/Light/OpenSans-Light.ttf 192.168.1.5
5 240 [21/Sept/2024:16:34:51 /noindex/css/fonts/Light/OpenSans-Light.ttf 192.168.1.5
5 239 [21/Sept/2024:16:34:53 /noindex/css/fonts/Bold/OpenSans-Bold.woff 192.168.1.5
5 238 [21/Sept/2024:16:34:52 /noindex/css/fonts/Bold/OpenSans-Bold.ttf 192.168.1.5
5 238 [21/Sept/2024:16:34:51 /noindex/css/fonts/Bold/OpenSans-Bold.ttf 192.168.1.5
[root@master ~]# cat /etc/httpd/logs/access_log |awk '($10>=1000 && $7~/css/){print $10" "$4" "$7" "$1}'|sort -n|uniq -c|sort -rn|head -10
1 5081 [21/Sept/2024:16:47:08 /noindex/css/open-sans.css 192.168.1.4
1 5081 [21/Sept/2024:16:34:13 /noindex/css/open-sans.css 192.168.1.5
1 19341 [21/Sept/2024:16:47:08 /noindex/css/bootstrap.min.css 192.168.1.4
1 19341 [21/Sept/2024:16:34:13 /noindex/css/bootstrap.min.css 192.168.1.5
大于等于1k
#简单统计流量
[root@master ~]# cat /etc/httpd/logs/access_log |awk '{sum+=$10}'
#统计401访问拒绝的数量
[root@master ~]# cat /etc/httpd/logs/access_log |awk '(/401/)'|wc -l
[root@master ~]# cat /etc/httpd/logs/access_log |awk '{print $9}'|sort|uniq -c|sort -rn
#查看某一时间的IP连接数
[root@master ~]# grep "2020:16:47" /etc/httpd/logs/access_log |awk '{print $4}'|sort|uniq -c|sort -rn
错误日志分析
错误日志记录等级
标签:sort,web,21,noindex,16,192.168,linux,日志,css From: https://www.cnblogs.com/o-O-oO/p/18547038原创 运维星火燎原