shell脚本实现nginx日志日志的实例教程
时间:2014-08-20 02:44 来源:linux.it.net.cn 作者:it
如何用shell脚本分析nginx日志文件?
有如下格式的nginx日志文件:
178.255.215.86 - - [04/Jul/2013:00:00:31 +0800] "GET /tag/316/PostgreSQL HTTP/1.1" 200 4779 "-" "Mozilla/5.0 (compatible; jbxue/3.0 (BiggerBetter); +http://www.it.net.cn/go/robot)" "-"-
178.255.215.86 - - [04/Jul/2013:00:00:34 +0800] "GET /tag/317/edit HTTP/1.1" 303 5 "-" "Mozilla/5.0 (compatible; jbxue/3.0 (BiggerBetter); +http://www.it.net.cn/go/robot)" "-"-
103.29.134.200 - - [04/Jul/2013:00:00:34 +0800] "GET /code-snippet/2022/edit HTTP/1.0" 303 0 "-" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/17.0 Firefox/17.0" "-"-
103.29.134.200 - - [04/Jul/2013:00:00:35 +0800] "GET /user/login?url=http%3A//outofmemory.cn/code-snippet/2022/edit HTTP/1.0" 200 4748 "-" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/17.0 Firefox/17.0" "-"-
说明:
以下脚本都是基于上面日志格式的,如果日志格式不同需要调整awk后面的参数,对完成日志分析。
例子,分析日志中UserAgent选项:
cat access_20130704.log | awk -F "\""'{print $(NF-3)}'| sort | uniq -c | sort -nr | head -20
上面的脚本将分析出日志文件中最多的20个UserAgent
#分析日志中那些IP访问最多
cat access_20130704.log | awk '{print $1}'| sort | uniq -c | sort -nr | head -20
#分析日志中每分钟请求url排序
cat access.2013-11-19.log| awk '{arr[$4]++} END{for(a in arr) print a, arr[a]}' | sort >111
#分析日志中那些Url请求访问次数最多
cat access_20130704.log | awk -F "\""'{print $(NF-5)}'| sort | uniq -c | sort -nr | head -20
附,对Nginx或其他日志进行简单的统计分析
#shell脚本对某一列进行统计,可以分析Statu Code,URL等
# cat access.log | awk '{print $9}'|sort|uniq -c | sort -r -n > stat.log
或#cat access.log |grep "200" | awk '{print $7}'|sort|uniq -c | sort -r -n > stat.log
# vi stat.log
#指定String统计
#cat access.log|grep "200"|wc -l
# cat access.log|grep "www.it.net.cn"|wc -l
Goaccess工具
goaccess -f access.log
goaccess -f access.log -a -s -b
#Goaccess分析压缩日志
zcat access.log-20130123.gz | goaccess
(责任编辑:IT)
如何用shell脚本分析nginx日志文件?
有如下格式的nginx日志文件:
178.255.215.86 - - [04/Jul/2013:00:00:31 +0800] "GET /tag/316/PostgreSQL HTTP/1.1" 200 4779 "-" "Mozilla/5.0 (compatible; jbxue/3.0 (BiggerBetter); +http://www.it.net.cn/go/robot)" "-"-
178.255.215.86 - - [04/Jul/2013:00:00:34 +0800] "GET /tag/317/edit HTTP/1.1" 303 5 "-" "Mozilla/5.0 (compatible; jbxue/3.0 (BiggerBetter); +http://www.it.net.cn/go/robot)" "-"- 103.29.134.200 - - [04/Jul/2013:00:00:34 +0800] "GET /code-snippet/2022/edit HTTP/1.0" 303 0 "-" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/17.0 Firefox/17.0" "-"- 103.29.134.200 - - [04/Jul/2013:00:00:35 +0800] "GET /user/login?url=http%3A//outofmemory.cn/code-snippet/2022/edit HTTP/1.0" 200 4748 "-" "Mozilla/5.0 (Windows NT 6.1; rv:17.0) Gecko/17.0 Firefox/17.0" "-"-
说明:
例子,分析日志中UserAgent选项:
cat access_20130704.log | awk -F "\""'{print $(NF-3)}'| sort | uniq -c | sort -nr | head -20
上面的脚本将分析出日志文件中最多的20个UserAgent
#分析日志中那些IP访问最多
#分析日志中每分钟请求url排序
#分析日志中那些Url请求访问次数最多
附,对Nginx或其他日志进行简单的统计分析
#shell脚本对某一列进行统计,可以分析Statu Code,URL等
(责任编辑:IT)# cat access.log | awk '{print $9}'|sort|uniq -c | sort -r -n > stat.log 或#cat access.log |grep "200" | awk '{print $7}'|sort|uniq -c | sort -r -n > stat.log # vi stat.log #指定String统计 #cat access.log|grep "200"|wc -l # cat access.log|grep "www.it.net.cn"|wc -l Goaccess工具 goaccess -f access.log goaccess -f access.log -a -s -b #Goaccess分析压缩日志 zcat access.log-20130123.gz | goaccess |