apache_httpd_로그_분석

차이

문서의 선택한 두 판 사이의 차이를 보여줍니다.

차이 보기로 링크

다음 판		 이전 판
apache_httpd_로그_분석 [2021/12/14 03:25] – 만듦 koovapache_httpd_로그_분석 [2021/12/14 04:29] (현재) koov
줄 28: 줄 28:
 402 05:00 402 05:00
 522 06:00 522 06:00
-456 07:00 +</code> 
-490 08:00 +</WRAP> 
-438 09:00 + 
-430 10:00 +<WRAP prewrap> 
-357 11:00 +<code bash> 
-284 12:00 +[root@localhost ~]# awk -F":[/]" '{print $7"-"$6"-"$5" "$8}' access_log | sort | uniq -c 
-391 13:00 +    172 2021-Dec-13 00 
-163 14:00+    158 2021-Dec-13 01 
 +    109 2021-Dec-13 02 
 +    142 2021-Dec-13 03 
 +    115 2021-Dec-13 04
 </code> </code>
 </WRAP> </WRAP>
줄 61: 줄 64:
 </code> </code>
 </WRAP> </WRAP>
 +
 +===== Request Query 분석 스크립트 =====
 +
 +<WRAP prewrap>
 +<code vim>
 +#!/bin/bash
 +
 +###### SETUP ############
 +LOG_FOLDER=/var/www/vhosts/domain.co.uk/statistics/logs
 +ACCESS_LOG=$LOG_FOLDER/access_log
 +
 +HOW_MANY_ROWS=20000
 +
 +
 +
 +######### FUNCTIONS ##############
 +
 +
 +function title() {
 +    echo "
 +---------------------------------
 +$@
 +---------------------------------
 +"
 +}
 +
 +function urls_by_ip() {
 +    local IP=$1
 +    tail -5000 $ACCESS_LOG | awk -v ip=$IP ' $1 ~ ip {freq[$7]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20
 +}
 +
 +
 +function ip_addresses_by_user_agent(){
 +    local USERAGENT_STRING="$1"
 +    local TOP_20_IPS="`tail  -$HOW_MANY_ROWS $ACCESS_LOG | grep "${USERAGENT_STRING}"  | awk '{freq[$1]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20`"
 +    echo "$TOP_20_IPS"
 +}
 +
 +####### RUN REPORTS #############
 +
 +
 +title "top 20 URLs"
 +TOP_20_URLS="`tail -$HOW_MANY_ROWS $ACCESS_LOG | awk '{freq[$7]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20`"
 +echo "$TOP_20_URLS"
 +
 +
 +title "top 20 URLS excluding POST data"
 +TOP_20_URLS_WITHOUT_POST="`tail  -$HOW_MANY_ROWS $ACCESS_LOG | awk -F"[ ?]" '{freq[$7]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20`"
 +echo "$TOP_20_URLS_WITHOUT_POST"
 +
 +
 +title "top 20 IPs"
 +TOP_20_IPS="`tail  -$HOW_MANY_ROWS $ACCESS_LOG | awk '{freq[$1]++} END {for (x in freq) {print freq[x], x}}' | sort -rn | head -20`"
 +echo "$TOP_20_IPS"
 +
 +title "top 20 user agents"
 +TOP_20_USER_AGENTS="`tail  -$HOW_MANY_ROWS $ACCESS_LOG | cut -d\  -f12- | sort | uniq -c | sort -rn | head -20`"
 +echo "$TOP_20_USER_AGENTS"
 +
 +
 +title "IP Addresses for Top 3 User Agents"
 +
 +for ((I=1; I<=3; I++))
 +do
 +    UA="`echo "$TOP_20_USER_AGENTS" | head -n $I | tail -n 1 | awk '{$1=""; print $0}'`"
 +    echo "$UA"
 +    echo "~~~~~~~~~~~~~~~~~~"
 +    ip_addresses_by_user_agent "$UA"
 +    echo "
 +    "
 +done
 +</code>
 +</WRAP>
 +
 +  * Top 20 URLs
 +  * Top 20 URLs exclude POST
 +  * Top 20 Remote IPs
 +  * Top 20 User-Agent
 +
  
  
  • apache_httpd_로그_분석.1639452319.txt.gz
  • 마지막으로 수정됨: 2021/12/14 03:25
  • 저자 koov