Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to achieve apache log analysis and status view under Linux" related knowledge, editor through the actual case to show you the operation process, the method of operation is simple and fast, practical, I hope that this "how to achieve apache log analysis and status view under Linux" article can help you solve the problem.

Suppose the apache log format is:

118.78.199.98-[09/jan/2010:00:59:59 + 0800] "get / public/css/index.css http/1.1" 304-"http://www.a.cn/common/index.php"" mozilla/4.0 (compatible; msie 6.0; windows nt 5.1; sv1; gtb6.3) "

Question 1: find the 10 most visited ip in apachelog.

Awk'{print $1} 'apache_log | sort | uniq-c | sort-nr | head-n 10

Awk first captures the ip in each log. If the log format is customized, you can define the delimiter and print specified column by-f.

Sort sorts for the first time in order to arrange the same records together

Upiq-c merges duplicate rows and records the number of repeats.

Head conducts top ten screening.

Sort-nr sorts backwards by number.

The orders I refer to are:

Show the 10 most commonly used commands

Sed-e "s / | / / nzag" ~ / .bash_history | cut-d'- f 1 | sort | uniq-c | sort-nr | head

Question 2: find out the minutes with the most visits in the apache log.

Awk'{print $4} 'access_log | cut-c 14-18 | sort | uniq-c | sort-nr | head

The fourth column of awk separated by spaces is [09/jan/2010:00:59:59]

Cut-c extracts 14 to 18 characters

The rest is similar to question 1.

Question 3: find the most visited page in the apache log:

Awk'{print $11} 'apache_log | sed's / ^. * cn/ (. * /) / "/ / 1Accord g' | sort | uniq-c | sort-rn | head

Similar to questions 1 and 2, the only exception is to replace "http://www.a.cn/common/index.php" with the content in parentheses:" http://www.a.cn (/ common/index.php) with the replacement function of sed

Question 4: find out the periods (in minutes) with the highest number of visits (in minutes) in the apache log, and then see which ip visits are the most frequently accessed at these times?

1. View the apache process:

Ps aux | grep httpd | grep-v grep | wc-l

2. View the tcp connection on port 80:

Netstat-tan | grep "established" | grep ": 80" | wc-l

3. Check the number of ip connections in the current day through the log, and filter duplicates:

Cat access_log | grep "19/may/2011" | awk'{print $2}'| sort | uniq-c | sort-nr

4. What is the ip with the highest number of ip connections doing (originally spiders):

Cat access_log | grep "19/may/2011:00" | grep "61.135.166.230" | awk'{print $8}'| sort | uniq-c | sort-nr | head-n 10

5. Visit the top 10 url on the same day:

Cat access_log | grep "19/may/2010:00" | awk'{print $8}'| sort | uniq-c | sort-nr | head-n 10

6. Use tcpdump to sniff the access to port 80 to see who is the highest.

Tcpdump-I eth0-tnn dst port 80-c 1000 | awk-f "."'{print $1 "." $2 "." $3 "." $4}'| sort | uniq-c | sort-nr

Then check the log to see what the ip is doing:

Cat access_log | grep 220.181.38.183 | awk'{print $1 "/ t" $8}'| sort | uniq-c | sort-nr | less

7. Check the number of ip connections in a certain time period:

Grep "2006 print 0 [7-8]" www20110519.log | awk'{print $2}'| sort | uniq-c | sort-nr | wc-l

8, the 20 ip addresses with the largest number of connections in the current web server:

Netstat-ntu | awk'{print $5}'| sort | uniq-c | sort-n-r | head-n 20

9, view the top 10 most visited ip in the log

Cat access_log | cut-d ''- f 1 | sort | uniq-c | sort-nr | awk'{print $0}'| head-n 10 | less

10. Check the ip that appears in the log more than 100 times.

Cat access_log | cut-d''- f 1 | sort | uniq-c | awk'{if ($1 > 100) print $0}'| sort-nr | less

11, view the most visited files recently

Cat access_log | tail-10000 | awk'{print $7}'| sort | uniq-c | sort-nr | less

12, view the pages in the log that have been visited more than 100 times

Cat access_log | cut-d''- f 7 | sort | uniq-c | awk'{if ($1 > 100) print $0}'| less

13, listing files that have been transferred for more than 30 seconds

Cat access_log | awk'($nf > 30) {print $7}'| sort-n | uniq-c | sort-nr | head-20

14, listing the most time-consuming pages (more than 60 seconds) and the number of times the corresponding pages occurred

Cat access_log | awk'($nf > 60 & & $7~//.php/) {print $7}'| sort-n | uniq-c | sort-nr | head-100

This is the end of the content about "how to achieve apache log analysis and status view under Linux". Thank you for your reading. If you want to know more about the industry, you can follow the industry information channel. The editor will update different knowledge points for you every day.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.