2、写一个脚本analyzelog.sh,完成日志分析:(使用函数)(日志文件在课件中)
说明:此脚本可以接受选项(i,d,t,a),使用格式:analyzelog.sh <-i IP|-d DATE|-t TYPE|-a> 日志文件名 :
先判断是访问日志文件还是错误日志文件
访问日志文件如下:
(1)当用户使用选项-i时,统计出访问日志文件中指定IP地址的访问次数(通常每一行为一次);
(2)当用户使用选项-d时,统计出访问日志文件中指定日期(某一天,如:04/May/2015)内每个IP地址访问的次数;如:
192.168.0.1:33
192.168.0.195:17
...
(3)当用户使用选项-t时,统计出访问日志文件中以后缀后指定类型的文件(如.png表示png格式的图片)被访问的次数;
(4)当用户使用选项-a时,统计出访问日志文件中每个IP地址访问的次数;
错误日志文件日下:
(1)当用户使用选项-i时,统计出错误日志文件中指定IP地址的访问次数(通常每一行为一次);
(2)当用户使用选项-d时,统计出错误日志文件中指定日期(某一天,如:2015/05/04)内每个IP地址访问的次数;如:
192.168.0.1:33
192.168.0.195:17
...
(3)当用户使用选项-t时,统计出错误日志文件中GET获取失败的次数(就是一行错误信息中包含GET);
说明:此脚本可以接受选项(i,d,t,a),使用格式:analyzelog.sh <-i IP|-d DATE|-t TYPE|-a> 日志文件名 :
先判断是访问日志文件还是错误日志文件
访问日志文件如下:
(1)当用户使用选项-i时,统计出访问日志文件中指定IP地址的访问次数(通常每一行为一次);
(2)当用户使用选项-d时,统计出访问日志文件中指定日期(某一天,如:04/May/2015)内每个IP地址访问的次数;如:
192.168.0.1:33
192.168.0.195:17
...
(3)当用户使用选项-t时,统计出访问日志文件中以后缀后指定类型的文件(如.png表示png格式的图片)被访问的次数;
(4)当用户使用选项-a时,统计出访问日志文件中每个IP地址访问的次数;
错误日志文件日下:
(1)当用户使用选项-i时,统计出错误日志文件中指定IP地址的访问次数(通常每一行为一次);
(2)当用户使用选项-d时,统计出错误日志文件中指定日期(某一天,如:2015/05/04)内每个IP地址访问的次数;如:
192.168.0.1:33
192.168.0.195:17
...
(3)当用户使用选项-t时,统计出错误日志文件中GET获取失败的次数(就是一行错误信息中包含GET);
(4)当用户使用选项-a时,统计出错误日志文件中每个IP地址访问的次数;
#!/bin/bash
#exec 2>>/dev/null
DIR=/root/tkp/file/
command=$1
[ -z $command ]&&command="-h"
[ -z $FILE ]&&FILE="null"
function helptext()
{
echo "analyzelog.sh <-i IP|-d DATE|-t TYPE|-a|-h> filename"
echo "filename is access.log or error.log"
echo "-------------access.log-----------------------"
echo "-i IP (show how many times of the IP)"
echo "-d DATE (format example 04/May/2015,list different IPs and times of their appearances)"
echo "-a list all IPS and their IPs"
echo "-t type show how many times the suffix appears"
echo "-------------error.log------------------------"
echo "-i IP (show how many times of the IP)"
echo "-d DATE (format example 2015/05/04,list different IPs and times of their appearances)"
echo "-a list all interfaces and their IPs"
echo "-t type show how many times the wrong request appears"
echo "-h show the help text"
}
function legalip()
{
ip=$1
flag=0
echo $ip | grep "[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}.[0-9]\{1,3\}" &>/dev/null
if [ $? -ne 0 ];then
flag=1
else
list=`echo $ip | awk -F"." '{print $1,$2,$3,$4}'`
for i in $list;
do
if [ $i -lt 1 ]||[ $i -gt 255 ];then
flag=1
fi
done
fi
echo $flag
}
function access()
{
OPTION=$1
PARA=$2
FILE_PATH=$DIR$3
if [ $OPTION == "-i" ];then
count=`cat $FILE_PATH | grep ^$PARA | wc -l`
echo $PARA appear $count times
elif [ $OPTION == "-d" ];then
cat $FILE_PATH | grep $PARA | awk -F" " '{count[$1]++}END{for(ip in count){printf("%s %d\n",ip,count[ip]);}}'
elif [ $OPTION == "-t" ];then
count=`cat $FILE_PATH | grep $PARA | wc -l`
echo "$PARA appears $count times"
fi
}
function error()
{
OPTION=$1
PARA=$2
FILE_PATH=$DIR$3
if [ $OPTION == "-i" ];then
count=`cat $FILE_PATH | grep "client: $PARA" | wc -l`
echo $PARA appear $count times
elif [ $OPTION == "-d" ];then
cat $FILE_PATH | grep $PARA | awk -F"," '{print $2}' | awk -F": " '{count[$2]++}END{for(ip in count){printf("%s %d\n",ip,count[ip]);}}'
elif [ $OPTION == "-t" ];then
count=`cat $FILE_PATH | grep $PARA | wc -l`
echo "$PARA appears $count times"
fi
}
if [ $# -lt 1 -o $# -gt 3 ];then
echo "the number of the parameters is wrong "
helptext
elif [ $command == "-h" ];then
helptext
elif [ $command == "-i" ];then
if [ $# -le 2 ];then
"the filename or IP cannot be null!"
elif [ $# -eq 3 ];then
IP=$2
FILE=$3
flag=$(legalip $IP)
if [ $flag -ne 0 ];then
echo "error format ip(1-255.1-255.1-255.1-255)"
else
if [ $FILE == "access.log" ];then
access $command $IP $FILE
elif [ $FILE == "error.log" ];then
error $command $IP $FILE
else
echo "filename $FILE is wrong"
helptext
fi
fi
fi
elif [ $command == "-d" ];then
if [ $# -le 2 ];then
echo "the filename or DATE cannot be null!"
elif [ $# -eq 3 ];then
date=$2
file=$3
if [ $file == "access.log" ];then
access $command $date $file
elif [ $file == "error.log" ];then
error $command $date $file
else
echo "filename $FILE is wrong"
helptext
fi
fi
elif [ $command == "-t" ];then
if [ $# -le 2 ];then
echo "the filename or TYPE cannot be null!"
elif [ $# -eq 3 ];then
type=$2
file=$3
if [ $file == "access.log" ];then
access $command $type $file
elif [ $file == "error.log" ];then
error $command $type $file
else
echo "filename $FILE is wrong"
helptext
fi
fi
elif [ $command == "-a" ];then
if [ $# -eq 1 ];then
echo "the filename cannot be null!"
elif [ $# -eq 2 ];then
FILE=$2
if [ $FILE == "access.log" ];then
cat $DIR$FILE | awk -F" " '{count[$1]++}END{for(ip in count){printf("%s %d\n",ip,count[ip]);}}'
elif [ $FILE == "error.log" ];then
cat $DIR$FILE |awk -F"," '{print $2}' | awk -F": " '{count[$2]++}END{for(ip in count){printf("%s %d\n",ip,count[ip]);}}'
else
echo "filename $FILE is wrong"
helptext
fi
fi
else
echo "error command"
helptext
fi
扫一扫
942
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
