查找特定时间点的日志
1 cat access.log | awk '$1 >="[21/Jul/2018:14:37:50" && $1 <="[21/Jul/2018:14:38:00"'
禁止特定ip访问
封掉此IP: iptables -t mangle -I PREROUTING -s 192.168.1.53 -j DROP
解封命令: iptables -t mangle -D PREROUTING -s 192.168.1.53 -j DROP
#查看mangle规则
# 打印出行号
iptables -t mangle -L --line-numbers |grep DROP
# 通过编号删除一条规则
iptables -t mangle -D PREROUTING
获取IP前10
awk '{print $7}' access.log | sort | uniq -c | sort -n | tail
计算文件中列的和
[root@test-host /tmp]# cat test.txt
1
2
3
4
5
#求列的和
awk 'BEGIN{sum=0}{sum+=$1}END{print sum}' test.txt
检索request_time比较长的日志请求
# 匹配request_time大于1秒以上的请求日志中,并匹配hall的location匹配
cat access.log | awk 'substr($10,2,5)>1 && $0~/hall/{print $0}' > lr2-response_long_access.log
统计nginx访问日志的QPS
tail -f access.log | awk '{print $3}' | awk 'BEGIN{key="";count=0}{if(key==$1){count++}else{printf("%s\t%d\r\n", key, count);count=1;key=$1}}'
根据访问IP统计UV
awk '{print $1}' access.log|sort | uniq -c |wc -l
统计访问URL统计PV
awk '{print $7}' access.log|wc -l
查询访问最频繁的URL
awk '{print $7}' access.log|sort | uniq -c |sort -n -k 1 -r|more
查询访问最频繁的IP
awk '{print $1}' access.log|sort | uniq -c |sort -n -k 1 -r|more
根据时间段统计查看日志
cat access.log| sed -n '/14\/Mar\/2015:21/,/14\/Mar\/2015:22/p'|more
截取30分钟内的日志信息
# 截取三十分钟日志
_befor=$(date -d '-30 minutes' "+%F %T")
_now=$(date "+%F %T")
awk -F '\\[|\\]' -v _befor="${_befor}" -v _now="${_now}" '$2 > _befor && $2 < _now{print $0}' /var/log/nginx//access.log
tomcat日志统计访问url排名
cat /var/lb/logs/la?/hall/localhost_access_log.2019-03-12.txt | awk -F '\\[|\\]' '$2 > "12/Mar/2019:13:00:00" && $2 < "12/Mar/2019:13:59:59" && $0 !~ /health/{gsub("\?.*$", "");print} ' | awk '{print $6,$7}' | sort | uniq -c | sort -n | tail -20