Linux Log Analysis

1, statistics log in to access up to 10 IP?

The first step: conduct records sorted by IP.

Step Two: IP according to weight, and display the number of repetitions

The third step: the number arranged in ascending

Step Four: first 10 lines of

[root@ chenc01 log]# cat /var/log/httpd/access_log|awk -F" " '{print $1}' |sort|uniq -c|sort -nrt " "|awk -F" " '{print $2}' |head -10

2, the statistics log access more than 100 times the IP?

# 方法一：
[root@ chenc01 ~]# cat /var/log/httpd/access_log | cut -d ' ' -f 7 | sort |uniq -c | awk '{if ($1 > 100) print $0}'
# 方法二：
[root@ chenc01 ~]# awk '{a[$1]++;if(a[$1]>100){b[$1]++}}END{for(i in b){print i,a[i]}}' /var/log/httpd/access_log

3, the statistics most visited in one day 2020 January 9 10 IP?

# 方法一：
[root@ chenc01 ~]# grep '09/Jan/2020' /var/log/httpd/access_log | awk '{ips[$(NF-1)]++}END{for (i in ips){print i,ips[i]}}' | sort -k2 -rn | head -n10
# 方法二：
[root@ chenc01 ~]# sed -n '/\[9\/Apr\/2016:00:00:01/,/\[9\/Apr\/2016:23:59:59/p' /var/log/httpd/access_log |sort |uniq -c |sort -k1 -nr |head -n10

4, access to statistics in the current time of one minute?

# 方法一：
[root@ chenc01 ~]# grep -c $(date -d '-1 minute' +09/Jan/2020:11:26) /var/log/httpd/access_log
# 方法二：
[root@ chenc01 ~]# date=$(date -d '-1 minute' +09/Jan/2020:11:26);awk -vdate=$date '$0~date{c++}END{print c}' /var/log/httpd/access_log

5, the statistics of the top ten most visited pages?

# 方法一：
[root@ chenc01 ~]# cat /var/log/httpd/access_log |cut -d ' ' -f 1 |sort |uniq -c | sort -nr | awk '{print $0 }' | head -n 10
# 方法二：
[root@ chenc01 ~]# cat /var/log/httpd/access_log |awk '{a[$7]++}END{for(i in a)print a[i],i|"sort -k1 -nr|head -n10"}'

6, the total size of the statistics for each URL to access the content?

# 方法一：
[root@ chenc01 ~]# grep '09/Jan/2020' /var/log/httpd/access_log |awk '{urls[$7]++;size[$7]+=$10}END{for(i in urls){print urls[i],size[i],i}}' |sort -k1 -nr
# 方法二：
[root@ chenc01 ~]# awk '{a[$7]++;size[$7]+=$10}END{for(i in a)print a[i],size[i],i}' /var/log/httpd/access_log

7, count the number of the status of each IP access?

[root@ chenc01 ~]# awk '{a[$1" "$9]++}END{for(i in a)print i,a[i]}' /var/log/httpd/access_log

8, the state statistical access code is 404 and the number of occurrences of IP

# 方法一：
[root@ chenc01 ~]# grep '09/Jan/2020' /var/log/httpd/access_log |awk '{if($9="404"){ips[$1]++}}END{for(i in ips){print i,ips[i]}}' |sort -k2 -nr
# 方法一：
[root@ chenc01 ~]# awk '{if($9~/404/)a[$1" "$9]++}END{for(i in a)print i,a[i]}' /var/log/httpd/access_log