Apache日志轮询Cronolog安装及简单用法

安装日志轮询工具cronolog：

[root@bqh-119 tools]# tar xf cronolog-1.6.2.tar.gz 
[root@bqh-119 tools]# cd cronolog-1.6.2
[root@bqh-119 cronolog-1.6.2]# ./configure
make
make install
[root@bqh-119 cronolog-1.6.2]# ll /usr/local/sbin/cronolog
-rwxr-xr-x 1 root root 40486 7月  15 21:55 /usr/local/sbin/cronolog

按天轮询：（生产环境常见用法，推荐使用）：

CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_blog_%Y%m%d.log" combined
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%Y%m%d.log" combined

注：按天记录日志，日志不会自动覆盖。

按小时轮询：（较常见用法）

CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_blog_%Y%m%d%H.log" combined
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%Y%m%d%H.log" combined

注：适合短时间分析的apache详细日志信息。

按周轮询：（较常见用法）

CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_blog_%w.log" combined
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%w.log" combined
----------------------------------------------------------------------------------------------↓↓↓分目录按周记录日志
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/%w/access_blog_%w.log" combined
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/%w/access_bbs_%w.log" combined

注：每周循环覆盖；如果需要保留少量日志，供sa等使用，不作为特殊其他信息分析等，可以按周轮询，免去担心空间问题。

按月轮询：

CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_blog_%Y%m.log" combined
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%Y%m.log" combined

按天+按小时轮询：

CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_blog_%Y%m%d.log" combined
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_blog_%Y%m%d%H.log" combined
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%Y%m%d.log" combined
CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%Y%m%%d%H.log" combined

.....可以自由组合来轮询日志。

下面以按天轮询日志的测试配置：

[root@bqh-119 extra]# vim httpd-vhosts.conf

......以上省略
<VirtualHost *:80>
    ServerAdmin 1147076062@qq.com
    DocumentRoot "/var/html/blog"
    ServerName blog.bqh123.com
    ServerAlias bg.bqh123.com
    ErrorLog "logs/blog-error_log"
    CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_blog_%Y%m%d.log" combined
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin 1147076062@qq.com
    DocumentRoot "/var/html/bbs"
    ServerName bbs.bqh123.com
    ServerAlias bs.bqh123.com
    ErrorLog "logs/bbs-error_log"
    CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%Y%m%d.log" combined
</VirtualHost>

 刷新配置：

[root@bqh-119 extra]# vim httpd-vhosts.conf
[root@bqh-119 extra]# ../../bin/apachectl -t
Syntax OK
[root@bqh-119 extra]# ../../bin/apachectl graceful

访问测试，并查看日志：

[root@bqh-119 logs]# ll
总用量 40
-rw-r--r-- 1 root   root  206 7月  15 22:34 access_bbs_20190715.log
-rw-r--r-- 1 root   root  591 7月  15 23:10 access_blog_20190715.log
-rw-r--r-- 1 root   root 1419 7月  14 21:52 access_log
-rw-r--r-- 1 root   root  805 7月  14 22:11 bbs-access_log
-rw-r--r-- 1 root   root  340 7月  14 21:27 bbs-error_log
-rw-r--r-- 1 root   root 1074 7月  15 21:36 blog-access_log
-rw-r--r-- 1 root   root  219 7月  14 20:02 blog-error_log
srwx------ 1 daemon root    0 7月  14 23:29 cgisock.1343
srwx------ 1 daemon root    0 7月  15 22:23 cgisock.1625
srwx------ 1 daemon root    0 7月  13 23:40 cgisock.58405
-rw-r--r-- 1 root   root 5941 7月  15 22:23 error_log
-rw-r--r-- 1 root   root    5 7月  15 22:23 httpd.pid
[root@bqh-119 logs]# tail -2 ./access_blog_20190715.log 
192.168.0.105 - - [15/Jul/2019:22:35:07 +0800] "GET / HTTP/1.1" 200 23 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"
[root@bqh-119 logs]# tail -2 ./access_bbs_20190715.log 
192.168.0.105 - - [15/Jul/2019:22:34:45 +0800] "GET / HTTP/1.1" 200 22 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36 SE 2.X MetaSr 1.0"

apache不记录图片的日志：

程序配置：
<FilesMatch “.(css|js|gif|jpg|ico|swf)”>
    SetEnv IMAG 1
</FilesMatch>

日志配置：
<VirtualHost *:80>
    ServerAdmin 1147076062@qq.com
    DocumentRoot "/var/html/bbs"
    ServerName bbs.bqh123.com
    ServerAlias bs.bqh123.com
    ErrorLog "logs/bbs-error_log"
    CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%Y%m%d.log" combined env=!dontlog

RS服务器不记录负载均衡健康检查日志(check.html)：

<VirtualHost *:80>
    ServerAdmin 1147076062@qq.com
    DocumentRoot "/var/html/bbs"
    ServerName bbs.bqh123.com
    ServerAlias bs.bqh123.com
    SetEnvIf Request_URI “^/check.html$” dontlog
    ErrorLog "logs/bbs-error_log"
    CustomLog "|/usr/local/sbin/cronolog /application/apache/logs/access_bbs_%Y%m%d.log" combined env=!dontlog
</VirtualHost>

统计apache日志单IP访问请求数排名：

[root@bqh-119 logs]# awk '{print $1}' ./access_bbs_20190715.log |sort|uniq -c|sort -rn -k1
      114 192.168.0.105
       93 192.168.0.200
       42 192.168.0.88
       32 192.168.0.109
       22 192.168.0.107
       12 192.168.0.10
        1 192.168.0.96
        1 192.168.0.5
        1 192.168.0.222
        1 192.168.0.15
        1 192.168.0.110
[root@bqh-119 logs]# awk '{++s[$1]} END {for (key in s) print s[key],key}' access_bbs_20190715.log |sort -rn -k1
144 192.168.0.105
 93 192.168.0.200
 42 192.168.0.88
 32 192.168.0.109
 22 192.168.0.107
 12 192.168.0.10
  1 192.168.0.96
  1 192.168.0.5
  1 192.168.0.222
1 192.168.0.15
1 192.168.0.110