三、常用日志分析命令
1、总请求数
|
1
|
wc
-l access.log |
awk
'{print $1}'
|
2、独立IP数
|
1
|
awk
'{print $1}'
access.log|
sort
|
uniq
|
wc
-l
|
3、每秒客户端请求数 TOP5
|
1
|
awk
-F
'[ []'
'{print $5}'
access.log|
sort
|
uniq
-c|
sort
-rn|
head
-5
|
4、访问最频繁IP Top5
|
1
|
awk
'{print $1}'
access.log|
sort
|
uniq
-c |
sort
-rn |
head
-5
|
5、访问最频繁的URL TOP5
|
1
|
awk
'{print $7}'
access.log|
sort
|
uniq
-c |
sort
-rn |
head
-5
|
6、响应大于10秒的URL TOP5
|
1
|
awk
'{if ($12 > 10){print $7}}'
access.log|
sort
|
uniq
-c|
sort
-rn |
head
-5
|
7、HTTP状态码(非200)统计 Top5
|
1
|
awk
'{if ($13 != 200){print $13}}'
access.log|
sort
|
uniq
-c|
sort
-rn|
head
-5
|
8、分析请求数大于50000的源IP的行为
|
1
2
3
4
5
6
7
8
9
10
|
awk
'{print $1}'
access.log|
sort
|
uniq
-c |
sort
-rn|
awk
'{if ($1 > 50000){print $2}}'
> tmp.txt
for
i
in
$(
cat
tmp.txt)
do
echo
$i >> analysis.txt
echo
"访问行为统计"
>> analysis.txt
grep
$i access.log|
awk
'{print $6}'
|
sort
|
uniq
-c |
sort
-rn |
head
-5 >> analysis.txt
echo
"访问接口统计"
>> analysis.txt
grep
$i access.log|
awk
'{print $7}'
|
sort
|
uniq
-c |
sort
-rn |
head
-5 >> analysis.txt
echo
-e
"\n"
>>
/root/analysis/
$Ydate.txt
done
|