#!/bin/sh
#Function: 快速分析iis日志脚本(日志格式W3C)
#Filename: analy_weblog.sh  How to: sh analy_weblog.sh logfile
#Coding: -*- utf-8 -*-
#Date = "2012-11-26" ; Author = "potaski@qq.com"
#Version = 0.9

log_file=$1

#--- 找出访问量最多的前5个IP地址 ---
TOP_IP(){
awk -F' ' '{print $10}' ${log_file}|sort|uniq -c|sort -nr|head -n 5 > top_ip.tmp
}

#--- 找出访问前5的IP地址所请求的url ---
TOP_IP_request(){
cat /dev/null > top_ip_request.tmp
base_file="top_ip.tmp"
while read line
do
    _ip=`echo ${line}|awk -F' ' '{print $2}'`
    echo "${line}" >> top_ip_request.tmp
    grep ${_ip} ${log_file}|awk -F' ' '{print $6}'|sort|uniq -c|sort -nr|head -n 5 >> top_ip_request.tmp
done < ${base_file}
echo "===== TOP_5 source ip address and their request underline url =====" > result.log
cat top_ip_request.tmp >> result.log
echo "===== TOP_5 source ip address and their request underline url =====" >> result.log
echo "" >> result.log
}

#--- 找出被请求量前5的url ---
TOP_URL(){
awk -F' ' '{print $6}' ${log_file}|sort|uniq -c|sort -nr|head -n 5 > top_url.tmp
}

#--- 找出被请求量前5的url的来源IP地址 ---
TOP_URL_sourceip(){
cat /dev/null > top_url_sourceip.tmp
base_file="top_url.tmp"
while read line
do
    _url=`echo ${line}|awk -F' ' '{print $2}'`
    echo "${line}" >> top_url_sourceip.tmp
    grep ${_url} ${log_file}|awk -F' ' '{print $10}'|sort|uniq -c|sort -nr|head -n 5 >> top_url_sourceip.tmp
done < ${base_file}
echo "===== TOP_5 access url and the source ip address =====" >> result.log
cat top_url_sourceip.tmp >> result.log
echo "===== TOP_5 access url and the source ip address =====" >> result.log
}

#--- 开始运行,生成结果 ---
TOP_IP
TOP_IP_request
TOP_URL
TOP_URL_sourceip