shell脚本分析nginx日志:
name=`awk -F ',' '{print $13":"$32}' $file | awk -F ':' '{print $4}'`
echo "name=$name"
awk -F
http://www.cnblogs.com/ggjucheng/archive/2013/01/13/2858470.html
抽取nginx日志access.log中的状态码,然后统计状态码中大于等于200小于300的数量
grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log | awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}}END{print i?i:0}'
grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log| awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}else if($2>=300&&$2<400){j++}}END{print i?i:0,j?j:0}'
采用慕课网上的案例:
得不出结果,经过调试发现在CentOS6.5下,if语句和上一个括号之间在同一行就好了:
脚本上用到了数组,grep,awk
#!/bin/sh # Nginx's log analysis
#控制终端的输出格式 resettem=$(tput sgr0)
#定义日志的路径 Logfile_path='/data/nginx/logs/access.log' #i=0 #j=1 #grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log| awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}else if($2>=300&&$2<400){j++}}END{print i?i:0,j?j:0}' echo "$Logfile_path"
#拿到日志中所有的包含HTTP状态码的部分,拿出第二段来判断,并将结果分配到数组中 grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" $Logfile_path | awk -F "[ ]+" 'BEGIN{i=0;j=0;k=0;n=0;p=0;}{ if($2>=100&&$2<200) {i++} else if($2>=200&&$2<300) {j++} else if($2>=300&&$2<400) {k++} else if($2>=400&&$2<500) {n++} else if($2>=500) {p++} }END{ print i?i:0,j?j:0,k?k:0,n?n:0,p?p:0,i+j+k+n+p }' Check_http_status() { #grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" access.log
#拿到日志中所有的包含HTTP状态码的部分,拿出第二段来判断,并将结果分配到数组中
Http_status_codes=(`grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" $Logfile_path | awk -F"[ ]+" 'BEGIN{i=0;j=0;k=0;n=0;p=0;}{ if($2>=100&&$2<200) {i++} else if($2>=200&&$2<300) {j++} else if($2>=300&&$2<400) {k++} else if($2>=400&&$2<500) {n++} else if($2>=500) {p++} }END{ print i?i:0,j?j:0,k?k:0,n?n:0,p?p:0,i+j+k+n+p }'`) echo "---------" echo -e 'E[33m'"The number of http status[100+]:" ${resettem} ${Http_status_codes[0]} echo -e 'E[33m'"The number of http status[200+]:" ${resettem} ${Http_status_codes[1]} echo -e 'E[33m'"The number of http status[300+]:" ${resettem} ${Http_status_codes[2]} echo -e 'E[33m'"The number of http status[400+]:" ${resettem} ${Http_status_codes[3]} echo -e 'E[33m'"The number of http status[500+]:" ${resettem} ${Http_status_codes[4]} echo -e 'E[33m'"The number of http all status:" ${resettem} ${Http_status_codes[5]} } Check_http_status
查看具体的状态码,比如403的状态码
grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log | awk -F "[ ]+"
'BEGIN{total=0;}{if($2!=""){code[$2]++;total++}else{exit}}END{print code[404]?code[404]:0,code[403]?code[403]:0,total?total:0}'
具体脚本:
Check_http_code() { #grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" access.log Http_Code=(`grep -ioE "HTTP/1.[1|0]"[[:blank:]][0-9]{3}" $Logfile_path | awk -F "[ ]+" 'BEGIN{total=0;}{ if($2!="") {code[$2]++;total++} else {exit} }END{ print code[404]?code[404]:0,code[403]?code[403]:0,total}'`) echo "---------" echo -e 'E[33m'"The number of http code[404]:" ${resettem} ${Http_Code[0]} echo -e 'E[33m'"The number of http code[403]:" ${resettem} ${Http_Code[1]} echo -e 'E[33m'"The number of http all status:" ${resettem} ${Http_Code[2]} } Check_http_code
查看IP来源记录:
nginx默认配置:
log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" $request_time'; access_log /var/log/nginx/access.log main buffer=32k;