使用perl分析apache日志文件
我 不是专家,因为之前没做过类似的工作,所以选择了perl语言对apache日志进行分析.我可以断定有更简单更好的方法,也可以断定我的程序不是很好.仅仅将两个perl脚本作为处子秀,给大家献献丑.
脚本1
功能为:扫描apache日志,寻找type==1的日志,写到数据库里.
#! /usr/bin/perl -w
use DBI;
use Benchmark;
use DBI;
use Benchmark;
$apache_log_file_path="/usr/local/apache/logs/access_log";
my $WARN_SCAN_TIME="/usr/local/apache/logs/warn_scan_time";
$date_pattern=" \\d+\\/\\w+\\/\\d+\:\\d+\:\\d+\:\\d+";
if(open(WARN_TIME,$WARN_SCAN_TIME)){
print "open warn_sacn_time file success\n";
}else{
die "can't open warn_sacn_time file";
}
$warn_line=<WARN_TIME>;
$warn_line=~ qr/$date_pattern/;
my $time_string=$&;
my $WARN_SCAN_TIME="/usr/local/apache/logs/warn_scan_time";
$date_pattern=" \\d+\\/\\w+\\/\\d+\:\\d+\:\\d+\:\\d+";
if(open(WARN_TIME,$WARN_SCAN_TIME)){
print "open warn_sacn_time file success\n";
}else{
die "can't open warn_sacn_time file";
}
$warn_line=<WARN_TIME>;
$warn_line=~ qr/$date_pattern/;
my $time_string=$&;
if(open(APACHE_LOG_FILE,$apache_log_file_path)){
print "open apache log sucess";
}else{
die "can't open apache_log_file $!\n";
}
$date_time;
$time_flag=1;
$time_flag=1;
my $startime = new Benchmark;
my $type;
$pattern="([\\w+||_]+=\\w+)([&]?[\\w+||_]+=[\\w||\\[||\\]||\\%||\\\\||_||\"||\:||=||-]+)*";
my $dbh = DBI->connect("DBI:mysql:database=botest:host=192.168.65.128","root","",{"RaiseError" => 1});
my $sqr;
my $sqr_query;
LINE: while($line=<APACHE_LOG_FILE>){
if($line=~ qr/$date_pattern/){
$date_time=$&;
}
if($time_flag==1){
if($date_time eq $time_string){
$time_flag=0;
next LINE if $time_flag==0;
}
}
if($time_flag==0){
my $type;
$pattern="([\\w+||_]+=\\w+)([&]?[\\w+||_]+=[\\w||\\[||\\]||\\%||\\\\||_||\"||\:||=||-]+)*";
my $dbh = DBI->connect("DBI:mysql:database=botest:host=192.168.65.128","root","",{"RaiseError" => 1});
my $sqr;
my $sqr_query;
LINE: while($line=<APACHE_LOG_FILE>){
if($line=~ qr/$date_pattern/){
$date_time=$&;
}
if($time_flag==1){
if($date_time eq $time_string){
$time_flag=0;
next LINE if $time_flag==0;
}
}
if($time_flag==0){
if($line=~ qr/type=([0||1||2||3])/) {
$type=$1;
}
next LINE if $type!=1;
$taskId;
if($line=~ qr/task_id=([0-9]+)/){
$taskId=$1;
}
$sqr_query=$dbh->prepare("select * from warn_set where task_id=?");
$sqr_query->execute($taskId);
($id,$warn_method,$interval_time,$warn_total_times,$task_id) = $sqr_query->fetchrow_array;
$sqr_query->finish();
if($line=~ qr/$pattern/){
$temp_line=$&;
$temp_line =~ s/%20/ /g;
my @array=(split('&',$temp_line));
my $temp;
my @sql_field_value_array;
my $sql_field="(warn_method,last_warn_time,interval_time,warn_total_times,warn_times,";
my $sql_value="('$warn_method.',CURRENT_TIMESTAMP,'$interval_time','$warn_total_times','0',";
my $flage=1;
my $sql="insert into ";
foreach $temp (@array){
@sql_field_value_array=(split('=',$temp));
if($flage==0){
$sql_field.=",".$sql_field_value_array[0];
$sql_value.=","."'$sql_field_value_array[1]'";
}else{
$sql_field.=$sql_field_value_array[0];
$sql_value.="'".$sql_field_value_array[1]."'";
$flage=0;
}
}
$sql_field.=",status)";
$sql_value.=",'1')";
$sql.="warn $sql_field values $sql_value";
$sqr=$dbh->prepare($sql);
$sqr->execute();
}
}
}
open(OUTFILE, ">$WARN_SCAN_TIME") || die("Cannot open files\n");
print OUTFILE ($date_time);
printf "** %s\n\n", timestr(timediff(new Benchmark, $startime));
$dbh->disconnect();
$type=$1;
}
next LINE if $type!=1;
$taskId;
if($line=~ qr/task_id=([0-9]+)/){
$taskId=$1;
}
$sqr_query=$dbh->prepare("select * from warn_set where task_id=?");
$sqr_query->execute($taskId);
($id,$warn_method,$interval_time,$warn_total_times,$task_id) = $sqr_query->fetchrow_array;
$sqr_query->finish();
if($line=~ qr/$pattern/){
$temp_line=$&;
$temp_line =~ s/%20/ /g;
my @array=(split('&',$temp_line));
my $temp;
my @sql_field_value_array;
my $sql_field="(warn_method,last_warn_time,interval_time,warn_total_times,warn_times,";
my $sql_value="('$warn_method.',CURRENT_TIMESTAMP,'$interval_time','$warn_total_times','0',";
my $flage=1;
my $sql="insert into ";
foreach $temp (@array){
@sql_field_value_array=(split('=',$temp));
if($flage==0){
$sql_field.=",".$sql_field_value_array[0];
$sql_value.=","."'$sql_field_value_array[1]'";
}else{
$sql_field.=$sql_field_value_array[0];
$sql_value.="'".$sql_field_value_array[1]."'";
$flage=0;
}
}
$sql_field.=",status)";
$sql_value.=",'1')";
$sql.="warn $sql_field values $sql_value";
$sqr=$dbh->prepare($sql);
$sqr->execute();
}
}
}
open(OUTFILE, ">$WARN_SCAN_TIME") || die("Cannot open files\n");
print OUTFILE ($date_time);
printf "** %s\n\n", timestr(timediff(new Benchmark, $startime));
$dbh->disconnect();
脚本2
功能:提取有用的参数写到数据库里
#! /usr/bin/perl -w
use DBI;
use Benchmark;
use DBI;
use Benchmark;
$apache_log_file_path="/usr/local/apache/logs/access_log";
my $LOG_SCAN_TIME="/usr/local/apache/logs/log_scan_time";
$date_pattern=" \\d+\\/\\w+\\/\\d+\:\\d+\:\\d+\:\\d+";
if(open(LOG_TIME,$LOG_SCAN_TIME)){
print "open warn_sacn_time file success\n";
}else{
die "can't open warn_sacn_time file";
}
$warn_line=<LOG_TIME>;
$warn_line=~ qr/$date_pattern/;
my $time_string=$&;
my $LOG_SCAN_TIME="/usr/local/apache/logs/log_scan_time";
$date_pattern=" \\d+\\/\\w+\\/\\d+\:\\d+\:\\d+\:\\d+";
if(open(LOG_TIME,$LOG_SCAN_TIME)){
print "open warn_sacn_time file success\n";
}else{
die "can't open warn_sacn_time file";
}
$warn_line=<LOG_TIME>;
$warn_line=~ qr/$date_pattern/;
my $time_string=$&;
if(open(APACHE_LOG_FILE,$apache_log_file_path)){
print "open apache log sucess";
}else{
die "can't open apache_log_file $!\n";
}
my $startime = new Benchmark;
my $type;
$pattern="([\\w+||_]+=\\w+)([&]?[\\w+||_]+=[\\w||\\[||\\]||\\%||\\\\||_||\"||\:||=||-]+)*";
my $dbh = DBI->connect("DBI:mysql:database=botest:host=192.168.65.128","root","",{"RaiseError" => 1});
my $sqr;
print "open apache log sucess";
}else{
die "can't open apache_log_file $!\n";
}
my $startime = new Benchmark;
my $type;
$pattern="([\\w+||_]+=\\w+)([&]?[\\w+||_]+=[\\w||\\[||\\]||\\%||\\\\||_||\"||\:||=||-]+)*";
my $dbh = DBI->connect("DBI:mysql:database=botest:host=192.168.65.128","root","",{"RaiseError" => 1});
my $sqr;
$date_time;
$time_flag=1;
$time_flag=1;
LINE: while($line=<APACHE_LOG_FILE>){
if($line=~ qr/$date_pattern/){
$date_time=$&;
}
if($time_flag==1){
if($date_time eq $time_string){
$time_flag=0;
next LINE;
}
}
if($time_flag==0){
if($line=~ qr/type=([0||1||2||3])/){
$type=$1;
}
if($line=~ qr/$pattern/){
$temp_line=$&;
$temp_line =~ s/%20/ /g;
my @array=(split('&',$temp_line));
my $temp;
my @sql_field_value_array;
my $sql_field="(";
my $sql_value="(";
my $flage=1;
my $sql="insert into ";
foreach $temp (@array){
@sql_field_value_array=(split('=',$temp));
if($flage==0){
$sql_field.=",".$sql_field_value_array[0];
$sql_value.=","."'$sql_field_value_array[1]'";
}else{
$sql_field.=$sql_field_value_array[0];
$sql_value.="'".$sql_field_value_array[1]."'";
$flage=0;
}
}
$sql_field.=")";
$sql_value.=")";
if($type==0||$type==1){
$sql.="result_target $sql_field values $sql_value";
$sqr=$dbh->prepare($sql);
$sqr->execute();
}
if($type==2||$type==3){
$sql.="result $sql_field values $sql_value";
$sqr=$dbh->prepare($sql);
$sqr->execute();
}
}
}
}
$dbh->commit;
printf "** %s\n\n", timestr(timediff(new Benchmark, $startime));
$dbh->disconnect();
if($line=~ qr/$date_pattern/){
$date_time=$&;
}
if($time_flag==1){
if($date_time eq $time_string){
$time_flag=0;
next LINE;
}
}
if($time_flag==0){
if($line=~ qr/type=([0||1||2||3])/){
$type=$1;
}
if($line=~ qr/$pattern/){
$temp_line=$&;
$temp_line =~ s/%20/ /g;
my @array=(split('&',$temp_line));
my $temp;
my @sql_field_value_array;
my $sql_field="(";
my $sql_value="(";
my $flage=1;
my $sql="insert into ";
foreach $temp (@array){
@sql_field_value_array=(split('=',$temp));
if($flage==0){
$sql_field.=",".$sql_field_value_array[0];
$sql_value.=","."'$sql_field_value_array[1]'";
}else{
$sql_field.=$sql_field_value_array[0];
$sql_value.="'".$sql_field_value_array[1]."'";
$flage=0;
}
}
$sql_field.=")";
$sql_value.=")";
if($type==0||$type==1){
$sql.="result_target $sql_field values $sql_value";
$sqr=$dbh->prepare($sql);
$sqr->execute();
}
if($type==2||$type==3){
$sql.="result $sql_field values $sql_value";
$sqr=$dbh->prepare($sql);
$sqr->execute();
}
}
}
}
$dbh->commit;
printf "** %s\n\n", timestr(timediff(new Benchmark, $startime));
$dbh->disconnect();
转载于:https://blog.51cto.com/huqilong/168267
6022
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
