shell 习题54 分析日志

已知nginx访问的日志文件在/usr/local/nginx/logs/access.log内,请统计下早上10点到12点来访ip最多的是哪个?

日志示例:

1
2
111.199.186.68 – [10/Feb/2020:10:58:37 +0800]  “//plugin.php?id=security:job” 200 “POST //plugin.php?id=security:job HTTP/1.1″”http://a.lishiming.net/forum.php?mod=viewthread&tid=11338&extra=page%3D1%26filter%3Dauthor%26orderby%3Ddateline” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3141.7 Safari/537.36”
203.208.60.208 – [10/Feb/2020:10:58:46 +0800] “/misc.php?mod=patch&action=ipnotice&_r=0.05560809863330207&inajax=1&ajaxtarget=ip_notice” 200 “GET /misc.php?mod=patch&action=ipnotice&_r=0.05560809863330207&inajax=1&ajaxtarget=ip_notice HTTP/1.1″”http://a.lishiming.net/forum.php?mod=forumdisplay&fid=65&filter=author&orderby=dateline” “Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3141.7 Safari/537.36”

核心要点

通过grep找出10点到12点之间的日志

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
$ egrep "`date +%d/%b/%Y:1[01]:[0-5][0-9]:`" aaa  #%b表示英语缩写月份 1[01]:[0-5][0-9]正则10:00-11:59

$ egrep "`date +%d/%b/%Y:1[01]:[0-5][0-9]:`" aaa|awk '{print $1}'
111.199.186.68
203.208.60.208
111.199.186.68
111.199.186.68

#sort -n 以数字从小到大排序
$ egrep "`date +%d/%b/%Y:1[01]:[0-5][0-9]:`" aaa|awk '{print $1}'|sort -n
111.199.186.68
111.199.186.68
111.199.186.68
203.208.60.208

$ egrep "`date +%d/%b/%Y:1[01]:[0-5][0-9]:`" aaa|awk '{print $1}'|sort -n|uniq -c
      3 111.199.186.68
      1 203.208.60.208

$ egrep "`date +%d/%b/%Y:1[01]:[0-5][0-9]:`" aaa|awk '{print $1}'|sort -n|uniq -c |sort -n
      1 203.208.60.208
      3 111.199.186.68

$ egrep "`date +%d/%b/%Y:1[01]:[0-5][0-9]:`" aaa|awk '{print $1}'|sort -n|uniq -c |sort -n|tail -1
      3 111.199.186.68

$ egrep "`date +%d/%b/%Y:1[01]:[0-5][0-9]:`" aaa|awk '{print $1}'|sort -n|uniq -c |sort -n|tail -1|awk '{print $2}'
111.199.186.68

代码内容

1
2
3
4
5
6
7
8
9
10
11
12
13
#!/bin/bash
#
#program:
#    统计下早上10点到12点来访ip最多的日志
#
#histroy:
#2020/02/10    kun    V1.0

export LANG=en
log="/usr/local/nginx/logs/access.log"
date=`date +%d/%b/%Y:1[01]:[0-5][0-9]:`

egrep "$date" $log |awk '{print $1}' |sort -n |uniq -c |sort -n |tail -1 |awk '{print $2}'

扫一扫,分享到微信

微信分享二维码

tag:

    缺失模块。
    1、请确保node版本大于6.2
    2、在博客根目录(注意不是yilia根目录)执行以下命令:
    npm i hexo-generator-json-content --save

    3、在根目录_config.yml里添加配置: 

      jsonContent:
    meta: false
    pages: false
    posts:
      title: true
      date: true
      path: true
      text: false
      raw: false
      content: false
      slug: false
      updated: false
      comments: false
      link: false
      permalink: false
      excerpt: false
      categories: false
      tags: true

欢迎光临<br><br>本博客是用来记录学习Linux Python Shell和Perl<br>谢谢大家