{"id":1634,"date":"2017-07-20T15:41:48","date_gmt":"2017-07-20T07:41:48","guid":{"rendered":"http:\/\/nick.txtcc.com\/?p=1634"},"modified":"2017-07-20T15:41:48","modified_gmt":"2017-07-20T07:41:48","slug":"nginx-access-log%e6%97%a5%e5%bf%97%e7%bb%9f%e8%ae%a1%e5%88%86%e6%9e%90%e5%b8%b8%e7%94%a8%e5%91%bd%e4%bb%a4","status":"publish","type":"post","link":"http:\/\/nick.txtcc.com\/index.php\/linux\/1634","title":{"rendered":"Nginx Access Log\u65e5\u5fd7\u7edf\u8ba1\u5206\u6790\u5e38\u7528\u547d\u4ee4"},"content":{"rendered":"

IP\u76f8\u5173\u7edf\u8ba1<\/h2>\n

\u7edf\u8ba1IP\u8bbf\u95ee\u91cf<\/strong><\/p>\n

awk <span class="hljs-string">'{print $1}'<\/span> access.<span class="hljs-keyword">log<\/span> | <span class="hljs-keyword">sort<\/span> -n | uni<span class="hljs-string">q | wc -l<\/span><\/code><\/pre>\n
\u67e5\u770b\u67d0\u4e00\u65f6\u95f4\u6bb5\u7684IP\u8bbf\u95ee\u91cf(4-5\u70b9)<\/strong><\/p>\n
<span class="hljs-keyword">grep<\/span> <span class="hljs-string">"07\/Apr\/2017:0[4-5]"<\/span> access.<span class="hljs-keyword">log<\/span> | awk <span class="hljs-string">'{print $1}'<\/span> | <span class="hljs-keyword">sort<\/span> | uniq -c| <span class="hljs-keyword">sort<\/span> -nr | wc -l   <\/code><\/pre>\n
\u67e5\u770b\u8bbf\u95ee\u6700\u9891\u7e41\u7684\u524d100\u4e2aIP<\/strong><\/p>\n
awk '{<span class="hljs-built_in">print<\/span> $<span class="hljs-number">1<\/span>}' access.log | <span class="hljs-built_in">sort<\/span> -n |uniq -<span class="hljs-built_in">c<\/span> | <span class="hljs-built_in">sort<\/span> -rn | head -n <span class="hljs-number">100<\/span><\/code><\/pre>\n
\u67e5\u770b\u8bbf\u95ee100\u6b21\u4ee5\u4e0a\u7684IP<\/strong><\/p>\n
awk '{<span class="hljs-built_in">print<\/span> $<span class="hljs-number">1<\/span>}' access.log | <span class="hljs-built_in">sort<\/span> -n |uniq -<span class="hljs-built_in">c<\/span> |awk '{<span class="hljs-keyword">if<\/span>($<span class="hljs-number">1<\/span> ><span class="hljs-number">100<\/span>) <span class="hljs-built_in">print<\/span> $<span class="hljs-number">0<\/span>}'|<span class="hljs-built_in">sort<\/span> -rn<\/code><\/pre>\n
\u67e5\u8be2\u67d0\u4e2aIP\u7684\u8be6\u7ec6\u8bbf\u95ee\u60c5\u51b5,\u6309\u8bbf\u95ee\u9891\u7387\u6392\u5e8f<\/strong><\/p>\n
<span class="hljs-keyword">grep<\/span> <span class="hljs-string">'104.217.108.66'<\/span> access.<span class="hljs-keyword">log<\/span> |awk <span class="hljs-string">'{print $7}'<\/span>|<span class="hljs-keyword">sort<\/span> |uniq -c |<span class="hljs-keyword">sort<\/span> -rn |head -n <span class="hljs-number">100<\/span>   <\/code><\/pre>\n
\u9875\u9762\u8bbf\u95ee\u7edf\u8ba1<\/h2>\n
\u67e5\u770b\u8bbf\u95ee\u6700\u9891\u7684\u9875\u9762(TOP100)<\/strong><\/p>\n
awk '{<span class="hljs-built_in">print<\/span> $<span class="hljs-number">7<\/span>}' access.log | <span class="hljs-built_in">sort<\/span> |uniq -<span class="hljs-built_in">c<\/span> | <span class="hljs-built_in">sort<\/span> -rn | head -n <span class="hljs-number">100<\/span><\/code><\/pre>\n
\u67e5\u770b\u8bbf\u95ee\u6700\u9891\u7684\u9875\u9762([\u6392\u9664php\u9875\u9762\u3011(TOP100)<\/strong><\/p>\n
<span class="hljs-keyword">grep<\/span> -v <span class="hljs-string">".php"<\/span>  access.<span class="hljs-keyword">log<\/span> | awk <span class="hljs-string">'{print $7}'<\/span> | <span class="hljs-keyword">sort<\/span> |uniq -c | <span class="hljs-keyword">sort<\/span> -rn | head -n <span class="hljs-number">100<\/span>          <\/code><\/pre>\n
\u67e5\u770b\u9875\u9762\u8bbf\u95ee\u6b21\u6570\u8d85\u8fc7100\u6b21\u7684\u9875\u9762<\/strong><\/p>\n
<span class="hljs-attribute">cat<\/span> access.log | cut -d <span class="hljs-string">' '<\/span> -f <span class="hljs-number">7<\/span> | sort |uniq -c | awk <span class="hljs-string">'{if (<span class="hljs-variable">$1<\/span> > 100) print <span class="hljs-variable">$0<\/span>}'<\/span> | less<\/code><\/pre>\n
\u67e5\u770b\u6700\u8fd11000\u6761\u8bb0\u5f55\uff0c\u8bbf\u95ee\u91cf\u6700\u9ad8\u7684\u9875\u9762<\/strong><\/p>\n
tail -<span class="hljs-number">1000<\/span> access.log |awk '{<span class="hljs-built_in">print<\/span> $<span class="hljs-number">7<\/span>}'|<span class="hljs-built_in">sort<\/span>|uniq -<span class="hljs-built_in">c<\/span>|<span class="hljs-built_in">sort<\/span> -nr|less<\/code><\/pre>\n
\u6bcf\u79d2\u8bf7\u6c42\u91cf\u7edf\u8ba1<\/h2>\n
\u7edf\u8ba1\u6bcf\u79d2\u7684\u8bf7\u6c42\u6570,top100\u7684\u65f6\u95f4\u70b9(\u7cbe\u786e\u5230\u79d2)<\/p>\n
awk '{<span class="hljs-built_in">print<\/span> $<span class="hljs-number">4<\/span>}' access.log |cut -<span class="hljs-built_in">c<\/span> <span class="hljs-number">14<\/span>-<span class="hljs-number">21<\/span>|<span class="hljs-built_in">sort<\/span>|uniq -<span class="hljs-built_in">c<\/span>|<span class="hljs-built_in">sort<\/span> -nr|head -n <span class="hljs-number">100<\/span><\/code><\/pre>\n
\u6bcf\u5206\u949f\u8bf7\u6c42\u91cf\u7edf\u8ba1<\/h2>\n
\u7edf\u8ba1\u6bcf\u5206\u949f\u7684\u8bf7\u6c42\u6570,top100\u7684\u65f6\u95f4\u70b9(\u7cbe\u786e\u5230\u5206\u949f)<\/p>\n
awk '{<span class="hljs-built_in">print<\/span> $<span class="hljs-number">4<\/span>}' access.log |cut -<span class="hljs-built_in">c<\/span> <span class="hljs-number">14<\/span>-<span class="hljs-number">18<\/span>|<span class="hljs-built_in">sort<\/span>|uniq -<span class="hljs-built_in">c<\/span>|<span class="hljs-built_in">sort<\/span> -nr|head -n <span class="hljs-number">100<\/span><\/code><\/pre>\n
\u6bcf\u5c0f\u65f6\u8bf7\u6c42\u91cf\u7edf\u8ba1<\/h2>\n
\u7edf\u8ba1\u6bcf\u5c0f\u65f6\u7684\u8bf7\u6c42\u6570,top100\u7684\u65f6\u95f4\u70b9(\u7cbe\u786e\u5230\u5c0f\u65f6)<\/p>\n
awk '{<span class="hljs-built_in">print<\/span> $<span class="hljs-number">4<\/span>}' access.log |cut -<span class="hljs-built_in">c<\/span> <span class="hljs-number">14<\/span>-<span class="hljs-number">15<\/span>|<span class="hljs-built_in">sort<\/span>|uniq -<span class="hljs-built_in">c<\/span>|<span class="hljs-built_in">sort<\/span> -nr|head -n <span class="hljs-number">100<\/span><\/code><\/pre>\n
\u6027\u80fd\u5206\u6790<\/h2>\n
\u5728nginx log\u4e2d\u6700\u540e\u4e00\u4e2a\u5b57\u6bb5\u52a0\u5165$request_time<\/p>\n
\u5217\u51fa\u4f20\u8f93\u65f6\u95f4\u8d85\u8fc7 3 \u79d2\u7684\u9875\u9762\uff0c\u663e\u793a\u524d20\u6761<\/strong><\/p>\n
cat access.log|awk '($<span class="hljs-type">NF<\/span> > <span class="hljs-number">3<\/span>){<span class="hljs-built_in">print<\/span> $<span class="hljs-number">7<\/span>}'|<span class="hljs-built_in">sort<\/span> -n|uniq -<span class="hljs-built_in">c<\/span>|<span class="hljs-built_in">sort<\/span> -nr|head -<span class="hljs-number">20<\/span><\/code><\/pre>\n
\u5217\u51faphp\u9875\u9762\u8bf7\u6c42\u65f6\u95f4\u8d85\u8fc73\u79d2\u7684\u9875\u9762\uff0c\u5e76\u7edf\u8ba1\u5176\u51fa\u73b0\u7684\u6b21\u6570\uff0c\u663e\u793a\u524d100\u6761<\/strong><\/p>\n
<span class="hljs-attribute">cat<\/span> access.log|awk <span class="hljs-string">'(<span class="hljs-variable">$NF<\/span> > 1 &&  <span class="hljs-variable">$7<\/span>~\/\\.php\/){print <span class="hljs-variable">$7<\/span>}'<\/span>|sort -n|uniq -c|sort -nr|head -<span class="hljs-number">100<\/span><\/code><\/pre>\n
\u8718\u86db\u6293\u53d6\u7edf\u8ba1<\/h2>\n
\u7edf\u8ba1\u8718\u86db\u6293\u53d6\u6b21\u6570<\/strong><\/p>\n
<span class="hljs-keyword">grep<\/span> <span class="hljs-string">'Baiduspider'<\/span> access.<span class="hljs-keyword">log<\/span> |wc -l<\/code><\/pre>\n
\u7edf\u8ba1\u8718\u86db\u6293\u53d6404\u7684\u6b21\u6570<\/strong><\/p>\n
<span class="hljs-keyword">grep<\/span> <span class="hljs-string">'Baiduspider'<\/span> access.<span class="hljs-keyword">log<\/span> |<span class="hljs-keyword">grep<\/span> <span class="hljs-string">'404'<\/span> | wc -l<\/code><\/pre>\n
TCP\u8fde\u63a5\u7edf\u8ba1<\/h2>\n
\u67e5\u770b\u5f53\u524dTCP\u8fde\u63a5\u6570<\/p>\n
netstat -tan | <span class="hljs-keyword">grep<\/span> <span class="hljs-string">"ESTABLISHED"<\/span> | <span class="hljs-keyword">grep<\/span> <span class="hljs-string">":80"<\/span> | wc -l<\/code><\/pre>\n
\u7528tcpdump\u55c5\u63a280\u7aef\u53e3\u7684\u8bbf\u95ee\u770b\u770b\u8c01\u6700\u9ad8<\/p>\n
tcpdump -i eth0 -tnn dst port <span class="hljs-number">80<\/span> -<span class="hljs-built_in">c<\/span> <span class="hljs-number">1000<\/span> | awk -<span class="hljs-type">F<\/span>\n<span class="hljs-string">"."<\/span> '{<span class="hljs-built_in">print<\/span> $<span class="hljs-number">1<\/span>\n<span class="hljs-string">"."<\/span>$<span class="hljs-number">2<\/span>\n<span class="hljs-string">"."<\/span>$<span class="hljs-number">3<\/span>\n<span class="hljs-string">"."<\/span>$<span class="hljs-number">4<\/span>}' | <span class="hljs-built_in">sort<\/span> | uniq -<span class="hljs-built_in">c<\/span> | <span class="hljs-built_in">sort<\/span> -nr<\/code><\/pre>","protected":false},"excerpt":{"rendered":"
IP\u76f8\u5173\u7edf\u8ba1 \u7edf\u8ba1IP\u8bbf\u95ee\u91cf awk ‘{print $1}’<\/span> access.","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-1634","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/1634","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/comments?post=1634"}],"version-history":[{"count":1,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/1634\/revisions"}],"predecessor-version":[{"id":1635,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/1634\/revisions\/1635"}],"wp:attachment":[{"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/media?parent=1634"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/categories?post=1634"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/tags?post=1634"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}