[转]Shell分析access_log
whats 2011-04-10
#查看80端口的tcp连接
#netstat-tan|grep"ESTABLISHED"|grep":80"|wc-l
1
#当前WEB服务器中联接次数最多的ip地址:
#netstat-ntu|awk'{print$5}'|sort|uniq-c|sort-n-r
231::ffff:127.0.0.1:8095
23::ffff:192.168.50.201:5432
2::ffff:192.168.50.203:80
1servers)
1::ffff:192.168.50.56:43314
1::ffff:192.168.50.21:2996
1::ffff:192.168.50.21:2989
1::ffff:192.168.50.200:8060
1::ffff:192.168.50.12:1300
1::ffff:192.168.50.12:1299
1::ffff:192.168.50.12:1298
1::ffff:127.0.0.1:57933
1Address
1192.168.50.41:65310
1192.168.50.41:64949
1192.168.50.41:49653
#查看日志中访问次数最多的前10个IP
#cataccess_log|cut-d''-f1|sort|uniq-c|sort-nr|awk'{print$0}'|head-n10|less
14085121.207.252.122
13753218.66.36.119
11069220.162.237.6
118859.63.158.118
1025::1
728220.231.141.28
655114.80.126.139
397117.25.55.100
374222.76.112.211
348120.6.214.70
#查看日志中出现100次以上的IP
#cataccess_log|cut-d''-f1|sort|uniq-c|awk'{if($1>100)print$0}'|sort-nr|less
14085121.207.252.122
13753218.66.36.119
11069220.162.237.6
118859.63.158.118
1025::1
728220.231.141.28
655114.80.126.139
397117.25.55.100
374222.76.112.211
348120.6.214.70
25258.211.82.150
252159.226.126.21
206121.204.57.94
19259.61.111.58
186218.85.73.40
145221.231.139.30
134121.14.148.220
123222.246.128.220
12261.147.123.46
119121.204.105.58
107116.9.75.237
105118.123.5.173
#查看最近访问量最高的文件
#cataccess_log|tail-10000|awk'{print$7}'|sort|uniq-c|sort-nr|less
8729/server-status?auto
618/
15/favicon.ico
12/manager/html
10*
9/top/icons.gif
8/www.766.com/awstats.www.766.com.html
8/awstatsicons/other/vv.png
8/awstatsicons/other/vu.png
8/awstatsicons/other/vp.png
8/awstatsicons/other/vk.png
8/awstatsicons/other/vh.png
8/awstatsicons/other/hx.png
8/awstatsicons/other/hp.png
8/awstatsicons/other/hk.png
8/awstatsicons/other/hh.png
8/awstatsicons/other/he.png
8/awstatsicons/other/awstats_logo6.png
8/awstatsicons/os/win.png
8/awstatsicons/os/unknown.png
8/awstatsicons/os/unix.png
8/awstatsicons/os/symbian.png
8/awstatsicons/os/psp.png
#查看最近访问量最高的页面(.png)
#cataccess_log|awk'{print$7}'|grep'.png'|sort|uniq-c|sort-nr|head-n10
241/awstatsicons/other/awstats_logo6.png
227/awstatsicons/clock/hr12.png
226/awstatsicons/other/vv.png
226/awstatsicons/other/vu.png
226/awstatsicons/other/vp.png
226/awstatsicons/other/vk.png
226/awstatsicons/other/vh.png
226/awstatsicons/clock/hr9.png
226/awstatsicons/clock/hr8.png
226/awstatsicons/clock/hr7.png
#查看日志中访问超过100次的页面
#cataccess_log|cut-d''-f7|sort|uniq-c|awk'{if($1>100)print$0}'|less
20107/
1027*
215/awstatsicons/browser/chrome.png
215/awstatsicons/browser/firefox.png
136/awstatsicons/browser/mozilla.png
216/awstatsicons/browser/msie.png
201/awstatsicons/browser/netscape.png
123/awstatsicons/browser/notavailable.png
214/awstatsicons/browser/opera.png
215/awstatsicons/browser/pdaphone.png
214/awstatsicons/browser/safari.png
215/awstatsicons/browser/unknown.png
226/awstatsicons/clock/hr10.png
226/awstatsicons/clock/hr11.png
227/awstatsicons/clock/hr12.png
225/awstatsicons/clock/hr1.png
226/awstatsicons/clock/hr2.png
226/awstatsicons/clock/hr3.png
226/awstatsicons/clock/hr4.png
226/awstatsicons/clock/hr5.png
226/awstatsicons/clock/hr6.png
226/awstatsicons/clock/hr7.png
226/awstatsicons/clock/hr8.png
#access_log昨天一天的点击量(clicks);
cataccess_log|grep'12/Nov/2009'|grep"******.jsp"|wc|awk'{print$1}'|uniq
0#昨天访问网站的独立IP有多少;
cataccess_log|grep'12/Aug/2009'|grep"******"|wc|awk'{print$1}'|uniq
194
#统计某url,一天的访问次数
#cataccess_log|grep'12/Aug/2009'|grep'/images/index/e1.gif'|wc|awk'{print$1}'
2
#拉出前五天的访问次数最多的网页前20名清单;进行五天日志对比,找出排名靠前重复的网页,即可得出本周访问量最大的前几个网页;
#cataccess_log|awk'{print$7}'|uniq-c|sort-n-r|head-20
10519/
654/manager/html
450/manager/html
397/
368/manager/html
304/
280/manager/html
279/
263/manager/html
252/manager/html
252/manager/html
226/
220/
193/
187/
180/
167/
166/
134/
129/
#从日志里查看该ip在干嘛:
#cataccess_log|grep218.66.36.119|awk'{print$1"\t"$7}'|sort|uniq-c|sort-nr|less
243218.66.36.119/
210218.66.36.119/awstatsicons/other/awstats_logo6.png
198218.66.36.119/awstatsicons/clock/hr12.png
197218.66.36.119/awstatsicons/other/vv.png
197218.66.36.119/awstatsicons/other/vu.png
197218.66.36.119/awstatsicons/other/vp.png
197218.66.36.119/awstatsicons/other/vk.png
197218.66.36.119/awstatsicons/other/vh.png
197218.66.36.119/awstatsicons/clock/hr9.png
197218.66.36.119/awstatsicons/clock/hr8.png
197218.66.36.119/awstatsicons/clock/hr7.png
197218.66.36.119/awstatsicons/clock/hr6.png
197218.66.36.119/awstatsicons/clock/hr5.png
197218.66.36.119/awstatsicons/clock/hr4.png
197218.66.36.119/awstatsicons/clock/hr3.png
197218.66.36.119/awstatsicons/clock/hr2.png
197218.66.36.119/awstatsicons/clock/hr1.png
197218.66.36.119/awstatsicons/clock/hr11.png
#列出传输时间超过30秒的文件
#cataccess_log|awk‘($NF>30){print$7}’|sort-n|uniq-c|sort-nr|head-20
14058/server-status?auto
8966/
3955/manager/html
1025*
214/www.766.com/awstats.www.766.com.html
211/awstatsicons/other/awstats_logo6.png
199/awstatsicons/clock/hr12.png
198/awstatsicons/other/vv.png
198/awstatsicons/other/vu.png
198/awstatsicons/other/vp.png
198/awstatsicons/other/vk.png
198/awstatsicons/other/vh.png
198/awstatsicons/clock/hr9.png
198/awstatsicons/clock/hr8.png
198/awstatsicons/clock/hr7.png
198/awstatsicons/clock/hr6.png
198/awstatsicons/clock/hr5.png
198/awstatsicons/clock/hr4.png
198/awstatsicons/clock/hr3.png
198/awstatsicons/clock/hr2.png
#列出最最耗时的页面(超过60秒的)的以及对应页面发生次数
#cataccess_log|awk‘($NF>60&&$7~/\.php/){print$7}’|sort-n|uniq-c|sort-nr|head-100
