shell实现筛选Nginx访问日志超多阈值邮件告警

脚本思路：

1.统计一个小时内ip前十的访问日志，截取前10个；

2.判断ip访问的次数，大于1000输出到临时文件中

3.邮件告警；

详细代码如下:

#!/bin/bash
#function:analysis the nginx log file and count spider user
#author:hzsnone@163.com
#date:2017-08-28
log=/tmp/illegal.log
>$log
logfile=/usr/local/nginx/logs/access.log
hourtime=`date +%Y:%H`
grep "${hourtime}" $logfile> /tmp/${hourtime}.log
cd /tmp
awk '{print $1}' ${hourtime}.log |sort |uniq -c|sort -nr|head >head_ip.log
for ((i=1; i<=10; i ++))
do
    ip_count[$i]=`sed -n "$i,1p" /tmp/head_ip.log|awk '{print $1}'`
    ip_list[$i]=`sed -n "$i,1p" head_ip.log|awk '{print $2}'`
    #echo "${ip_count[$i]}"
    if [ "${ip_count[$i]}" -gt 1000 ];then
      echo -e "the ${ip_list[$i]} is Illegal ip ,count is ${ip_count[$i]}" >>$log
   fi
   # done
done
if [ -s "$log" ];then
     mail -s "Ip访问数超过阈值，请注意！！" xxx@xxx.com <$log
fi