How Nginx access.log logs analyze shell commands 03/18 Update SLTechnology News&Howtos

How Nginx access.log logs analyze shell commands

2025-03-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)06/01 Report--

This article will explain in detail how to analyze shell commands in the Nginx access.log log. The content of the article is of high quality, so the editor shares it for you as a reference. I hope you will have a certain understanding of the relevant knowledge after reading this article.

Nginx version Information:

Nginx version: nginx/0.8.53

Nginx log configuration entry:

Access_log / data0/logs/access.log combined

Nginx log format:

$remote_addr-$remote_user [$time_local] $request $status $apache_bytes_sent $http_referer $http_user_agent

127.0.0.1-[24/Mar/2011:12:45:07 + 0800] "GET / fcgi_bin/xxx.fcgi?id=xxx HTTP/1.0" 200 160 "-"Mozilla/4.0"

Check the top 10 url: # > cat access.log | grep "24/Mar/2011" | awk'{print $7}'| sort | uniq-c | sort-nr | head-n 10

Check the number of ip connections of the day through the log, and count the total number of connections to the ip address # > cat access.log | grep "24/Mar/2011" | awk'{print $1}'| sort | uniq-c | sort-nr

38 112.97.192.16 20 117.136.31.145 19 112.97.192.31 3 61.156.31.20 2 209.213.40.6 1 222.76.85.28

To view the 10 most visited IP of the day through the log, you only need to add the head command # > cat access.log | grep "24/Mar/2011" after the last command | awk'{print $3}'| sort | uniq-c | sort-nr | head-n 10

38 112.97.192.16 20 117.136.31.145 19 112.97.192.31 3 61.156.31.20 2 209.213.40.6 1 222.76.85.28

View the 10 most visited IP # > awk'{print $1} 'access.log | sort | uniq-c | sort-nr | head 10680 10.0.21.17 1702 10.0.20.167 823 10.0.20.51 504 10.0.20.255 215 58.60.188.61 192 183.216 38 112.97.192.16 20 117.136.31.145 112.97.192.31 6 113.106.88.10

Check the url and number of visits to the specified ip on the current day through the log: # > cat access.log | grep "10.0.21.17" | awk'{print $7}'| sort | uniq-c | sort-nr

224 / test/themes/default/img/logo_index.gif 224 / test/themes/default/img/bg_index_head.jpg 224 / test/themes/default/img/bg_index.gif 219 / test/vc.php 219 / 213 / misc/js/global.js 211 / misc/jsext/popup.ext.js 211 / misc/js/common.js 210 / sladmin/home 197 / misc/js/flib.js

View the period of the day with the most visits through the log # > awk'{print $4} 'access.log | grep "24/Mar/2011" | cut-c 14-18 | sort | uniq-c | sort-nr | head

24 16:49 19 16:17 16 16:51 11 16:48 4 16:50 3 16:52 1 20:09 1 20:05 1 20:03 1 19:55

Take out all the status codes

Cat / opt/logs/nginx/access.log | grep-ioE "HTTP\ / 1\. [1 | 0]\" [[: blank:]] [0-9] {3} "

Don't you need to add "\" to grep?

On how to analyze the Nginx access.log log shell commands are shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.