[转]Shell分析access_log

#查看80端口的tcp连接

#netstat-tan|grep"ESTABLISHED"|grep":80"|wc-l

1

#当前WEB服务器中联接次数最多的ip地址:

#netstat-ntu|awk'{print$5}'|sort|uniq-c|sort-n-r

231::ffff:127.0.0.1:8095

23::ffff:192.168.50.201:5432

2::ffff:192.168.50.203:80

1servers)

1::ffff:192.168.50.56:43314

1::ffff:192.168.50.21:2996

1::ffff:192.168.50.21:2989

1::ffff:192.168.50.200:8060

1::ffff:192.168.50.12:1300

1::ffff:192.168.50.12:1299

1::ffff:192.168.50.12:1298

1::ffff:127.0.0.1:57933

1Address

1192.168.50.41:65310

1192.168.50.41:64949

1192.168.50.41:49653

#查看日志中访问次数最多的前10个IP

#cataccess_log|cut-d''-f1|sort|uniq-c|sort-nr|awk'{print$0}'|head-n10|less

14085121.207.252.122

13753218.66.36.119

11069220.162.237.6

118859.63.158.118

1025::1

728220.231.141.28

655114.80.126.139

397117.25.55.100

374222.76.112.211

348120.6.214.70

#查看日志中出现100次以上的IP

#cataccess_log|cut-d''-f1|sort|uniq-c|awk'{if($1>100)print$0}'｜sort-nr|less

14085121.207.252.122

13753218.66.36.119

11069220.162.237.6

118859.63.158.118

1025::1

728220.231.141.28

655114.80.126.139

397117.25.55.100

374222.76.112.211

348120.6.214.70

25258.211.82.150

252159.226.126.21

206121.204.57.94

19259.61.111.58

186218.85.73.40

145221.231.139.30

134121.14.148.220

123222.246.128.220

12261.147.123.46

119121.204.105.58

107116.9.75.237

105118.123.5.173

#查看最近访问量最高的文件

#cataccess_log|tail-10000|awk'{print$7}'|sort|uniq-c|sort-nr|less

8729/server-status?auto

618/

15/favicon.ico

12/manager/html

10*

9/top/icons.gif

8/www.766.com/awstats.www.766.com.html

8/awstatsicons/other/vv.png

8/awstatsicons/other/vu.png

8/awstatsicons/other/vp.png

8/awstatsicons/other/vk.png

8/awstatsicons/other/vh.png

8/awstatsicons/other/hx.png

8/awstatsicons/other/hp.png

8/awstatsicons/other/hk.png

8/awstatsicons/other/hh.png

8/awstatsicons/other/he.png

8/awstatsicons/other/awstats_logo6.png

8/awstatsicons/os/win.png

8/awstatsicons/os/unknown.png

8/awstatsicons/os/unix.png

8/awstatsicons/os/symbian.png

8/awstatsicons/os/psp.png

#查看最近访问量最高的页面(.png)

#cataccess_log|awk'{print$7}'|grep'.png'|sort|uniq-c|sort-nr|head-n10

241/awstatsicons/other/awstats_logo6.png

227/awstatsicons/clock/hr12.png

226/awstatsicons/other/vv.png

226/awstatsicons/other/vu.png

226/awstatsicons/other/vp.png

226/awstatsicons/other/vk.png

226/awstatsicons/other/vh.png

226/awstatsicons/clock/hr9.png

226/awstatsicons/clock/hr8.png

226/awstatsicons/clock/hr7.png

#查看日志中访问超过100次的页面

#cataccess_log|cut-d''-f7|sort|uniq-c|awk'{if($1>100)print$0}'|less

20107/

1027*

215/awstatsicons/browser/chrome.png

215/awstatsicons/browser/firefox.png

136/awstatsicons/browser/mozilla.png

216/awstatsicons/browser/msie.png

201/awstatsicons/browser/netscape.png

123/awstatsicons/browser/notavailable.png

214/awstatsicons/browser/opera.png

215/awstatsicons/browser/pdaphone.png

214/awstatsicons/browser/safari.png

215/awstatsicons/browser/unknown.png

226/awstatsicons/clock/hr10.png

226/awstatsicons/clock/hr11.png

227/awstatsicons/clock/hr12.png

225/awstatsicons/clock/hr1.png

226/awstatsicons/clock/hr2.png

226/awstatsicons/clock/hr3.png

226/awstatsicons/clock/hr4.png

226/awstatsicons/clock/hr5.png

226/awstatsicons/clock/hr6.png

226/awstatsicons/clock/hr7.png

226/awstatsicons/clock/hr8.png

#access_log昨天一天的点击量(clicks);

cataccess_log|grep'12/Nov/2009'|grep"******.jsp"|wc|awk'{print$1}'|uniq

#昨天访问网站的独立IP有多少；

cataccess_log|grep'12/Aug/2009'|grep"******"|wc|awk'{print$1}'|uniq

194

#统计某url，一天的访问次数

#cataccess_log|grep'12/Aug/2009'|grep'/images/index/e1.gif'|wc|awk'{print$1}'

2

#拉出前五天的访问次数最多的网页前20名清单；进行五天日志对比，找出排名靠前重复的网页，即可得出本周访问量最大的前几个网页；

#cataccess_log|awk'{print$7}'|uniq-c|sort-n-r|head-20

10519/

654/manager/html

450/manager/html

397/

368/manager/html

304/

280/manager/html

279/

263/manager/html

252/manager/html

252/manager/html

226/

220/

193/

187/

180/

167/

166/

134/

129/

#从日志里查看该ip在干嘛:

#cataccess_log|grep218.66.36.119|awk'{print$1"\t"$7}'|sort|uniq-c|sort-nr|less

243218.66.36.119/

210218.66.36.119/awstatsicons/other/awstats_logo6.png

198218.66.36.119/awstatsicons/clock/hr12.png

197218.66.36.119/awstatsicons/other/vv.png

197218.66.36.119/awstatsicons/other/vu.png

197218.66.36.119/awstatsicons/other/vp.png

197218.66.36.119/awstatsicons/other/vk.png

197218.66.36.119/awstatsicons/other/vh.png

197218.66.36.119/awstatsicons/clock/hr9.png

197218.66.36.119/awstatsicons/clock/hr8.png

197218.66.36.119/awstatsicons/clock/hr7.png

197218.66.36.119/awstatsicons/clock/hr6.png

197218.66.36.119/awstatsicons/clock/hr5.png

197218.66.36.119/awstatsicons/clock/hr4.png

197218.66.36.119/awstatsicons/clock/hr3.png

197218.66.36.119/awstatsicons/clock/hr2.png

197218.66.36.119/awstatsicons/clock/hr1.png

197218.66.36.119/awstatsicons/clock/hr11.png

#列出传输时间超过30秒的文件

#cataccess_log|awk‘($NF>30){print$7}’|sort-n|uniq-c|sort-nr|head-20

14058/server-status?auto

8966/

3955/manager/html

1025*

214/www.766.com/awstats.www.766.com.html

211/awstatsicons/other/awstats_logo6.png

199/awstatsicons/clock/hr12.png

198/awstatsicons/other/vv.png

198/awstatsicons/other/vu.png

198/awstatsicons/other/vp.png

198/awstatsicons/other/vk.png

198/awstatsicons/other/vh.png

198/awstatsicons/clock/hr9.png

198/awstatsicons/clock/hr8.png

198/awstatsicons/clock/hr7.png

198/awstatsicons/clock/hr6.png

198/awstatsicons/clock/hr5.png

198/awstatsicons/clock/hr4.png

198/awstatsicons/clock/hr3.png

198/awstatsicons/clock/hr2.png

#列出最最耗时的页面(超过60秒的)的以及对应页面发生次数

#cataccess_log|awk‘($NF>60&&$7~/\.php/){print$7}’|sort-n|uniq-c|sort-nr|head-100