1.分析日志文件,将各个IP地址截取,并统计出现次数,按从大到小排序
http://192.168.200.10/index.html
http://192.168.200.20/test.html
http://192.168.200.30/order.html
http://192.168.200.40/order.html
http://192.168.200.50/index4.html
http://192.168.200.40/index3.html
http://192.168.200.40/index2.html
http://192.168.200.30/index1.html
http://192.168.200.20/index1.html
http://192.168.200.20/index3.html
http://192.168.200.70/index2.html
http://192.168.200.10/index.html
解题步骤
step1: 查看文件内容
[root@localhost interview]# cat t.txt
http://192.168.200.10/index.html
http://192.168.200.20/test.html
http://192.168.200.30/order.html
http://192.168.200.40/order.html
http://192.168.200.50/index4.html
http://192.168.200.40/index3.html
http://192.168.200.40/index2.html
http://192.168.200.30/index1.html
http://192.168.200.20/index1.html
http://192.168.200.20/index3.html
http://192.168.200.70/index2.html
http://192.168.200.10/index.html
step2:通过cut命令按照“/”切分,并可知ip在第三段
[root@localhost interview]# cat t.txt | cut -d "/" -f 3
192.168.200.10
192.168.200.20
192.168.200.30
192.168.200.40
192.168.200.50
192.168.200.40
192.168.200.40
192.168.200.30
192.168.200.20
192.168.200.20
192.168.200.70
192.168.200.10
step3: 统计ip出现的次数,先使用sort进行排序,然后使用uniq计数统计
[root@localhost interview]# cat t.txt | cut -d "/" -f 3 | sort | uniq -c
2 192.168.200.10
3 192.168.200.20
2 192.168.200.30
3 192.168.200.40
1 192.168.200.50
1 192.168.200.70
step4:按照从大到小的顺序排序,sort默认为升序,使用参数“-nr”为降序
[root@localhost interview]# cat t.txt | cut -d "/" -f 3 | sort | uniq -c | sort -nr
3 192.168.200.40
3 192.168.200.20
2 192.168.200.30
2 192.168.200.10
1 192.168.200.70
1 192.168.200.50
总结:本题涉及3个命令cut(连接文件并打印到标准输出设备上),sort (排序文件并输出),uniq(去除文件中的重复行)
2.统计链接到服务器的各ip情况,按照连接数从大到小排序
step1:使用“netstat -an“ 查看链接情况
```bash
[root@localhost interview]# netstat -an | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:8000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:20000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:8888 0.0.0.0:* LISTEN
tcp6 0 0 :::3306 :::* LISTEN
tcp6 0 0 :::111 :::* LISTEN
tcp6 0 0 :::6000 :::* LISTEN
tcp6 0 0 :::22 :::* LISTEN
tcp6 0 0 ::1:631 :::* LISTEN
step2: 使用grep过滤 ‘’ESTABLISHED‘’状态的网络地址,由于没有其他的ip登陆,所以只有一条,但是进行的步骤继续做
```bash
[root@localhost interview]# netstat -an | grep ESTABLISHED
tcp 0 0 192.168.137.134:22 192.168.137.1:55862 ESTABLISHED
step3:取出外部IP地址。使用awk取出外部地址加端口号,在使用awk取出ip地址
[root@localhost interview]# netstat -an | grep ESTABLISHED |awk -F " " '{print($5)}' |awk -F ":" '{print($1)}'
192.168.137.1
step4:此时的步骤与第一题相似
[root@localhost interview]# netstat -an | grep ESTABLISHED |awk -F " " '{print($5)}' |awk -F ":" '{print($1)}' | sort | uniq -c | sort -nr
1 192.168.137.1
总结:这题的思想与第一题差不多,但是由于cut不能剪切空格,所以使用awk(文本和数据进行处理的编程语言)。awk适用于更复杂的剪切