日志格式如下:
- log_format iptables '"$remote_addr" "$time_local" "$request_uri" "$http_user_agent" "$http_referer"';
"218.22.202.130" "12/Jun/2012:17:20:34 +0800" "/chanke/19/19060321.htm" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Tride nt/5.0)" "http://www.baidu.com/s?word=%BF"
第一列是访问ip 第二列是访问时间 第三列uri,第四列是user-agent,第五列是referer
- #!/bin/bash
- if [ $# -eq 0 ]; then
- echo "Error: please specify logfile."
- exit 0
- else
- LOG=$1
- fi
- if [ ! -f $1 ]; then
- echo "Sorry, sir, I can't find this log file, pls try again!"
- exit 0
- fi
- ################################
- echo "Most of the ip:"
- echo "-------------------------------------------"
- awk '{ print $1 }' $LOG| sort| uniq -c| sort -nr| head -10
- echo
- echo
- ###################
- echo "Most of the time:"
- echo "--------------------------------------------"
- awk '{ print $2 }' $LOG| cut -c 14-18| sort| uniq -c| sort -nr| head -10
- echo
- echo
- #######################
- echo "Most of the page:"
- echo "--------------------------------------------"
- awk '{print $4}' $LOG| sed 's/^.*\(.cn*\)\"/\1/g'| sort| uniq -c| sort -rn| head -10
- echo
- echo
- #####################3
- echo "Most of the time / Most of the ip:"
- echo "--------------------------------------------"
- awk '{ print $2 }' $LOG| cut -c 14-18| sort -n| uniq -c| sort -nr| head -10 > timelog
- for i in `awk '{ print $2 }' timelog`
- do
- num=`grep $i timelog| awk '{ print $1 }' `
- echo "$i $num"
- ip=`grep $i $LOG| awk '{ print $1}'| sort -n| uniq -c| sort -nr| head -10`
- echo "$ip"
- echo
- done
- rm -f timelog