accesslog数据分析的常用shell命令
May 20, 2025
除了用大而全的专业工具之外,如果我们专注与某个方面,则可以利用Shell命令分析accesslog。
- 统计80端口的tcp连接数量
netstat -tan | grep "ESTABLISHED" | grep ":80" | wc -l- 当前WEB服务器中联接次数最多的ip地址:
netstat -ntu |awk '{print $5}' |sort | uniq -c| sort -n -r
231 ::ffff:127.0.0.1:8095
23 ::ffff:192.168.50.201:5432
2 ::ffff:192.168.50.203:80
1 servers)
1 ::ffff:192.168.50.56:43314
1 ::ffff:192.168.50.21:2996
1 ::ffff:192.168.50.21:2989
1 ::ffff:192.168.50.200:8060
1 ::ffff:192.168.50.12:1300
1 ::ffff:192.168.50.12:1299
1 ::ffff:192.168.50.12:1298
1 ::ffff:127.0.0.1:57933
1 Address
1 192.168.50.41:65310
1 192.168.50.41:64949
1 192.168.50.41:49653- 查看日志中访问次数最多的前10个IP
cat access_log |cut -d ' ' -f 1 |sort |uniq -c | sort -nr | awk '{print $0 }' | head -n 10 |less
14085 121.207.252.122
13753 218.66.36.119
11069 220.162.237.6
1188 59.63.158.118
1025 ::1
728 220.231.141.28
655 114.80.126.139
397 117.25.55.100
374 222.76.112.211
348 120.6.214.70- 查看日志中出现100次以上的IP
cat access_log |cut -d ' ' -f 1 |sort |uniq -c | awk '{if ($1 > 100) print $0}'|sort -nr |less
14085 121.207.252.122
13753 218.66.36.119
11069 220.162.237.6
1188 59.63.158.118
1025 ::1
728 220.231.141.28
655 114.80.126.139
397 117.25.55.100
374 222.76.112.211
348 120.6.214.70
252 58.211.82.150
252 159.226.126.21
206 121.204.57.94
192 59.61.111.58
186 218.85.73.40
145 221.231.139.30
134 121.14.148.220
123 222.246.128.220
122 61.147.123.46
119 121.204.105.58
107 116.9.75.237
105 118.123.5.173
.....- 查看某一天的访问量
cat access_log|grep '12/Nov/2012'|grep "******.htm"|wc|awk '{print $1}'|uniq- 查看访问时间超过30ms的url列表
cat access_log|awk ‘($NF > 30){print $7}’|sort -n|uniq -c|sort -nr|head -20- 列出响应时间超过60m的url列表并统计出现次数
cat access_log |awk ‘($NF > 60 && $7~/\.php/){print $7}’|sort -n|uniq -c|sort -nr|head -100- 统计/index.[html]页面的访问uv
grep "/index.html" access.log | cut –d “ ” –f 4| sort | uniq | wc –l- 统计/index.[html]页面的PV
grep "/index.html" access.log | wc -l