shell脚本分析nginx日志

shell脚本分析nginx日志：

name=`awk -F ',' '{print $13":"$32}' $file | awk -F ':' '{print $4}'`
echo "name=$name"

awk -F

http://www.cnblogs.com/ggjucheng/archive/2013/01/13/2858470.html

抽取nginx日志access.log中的状态码，然后统计状态码中大于等于200小于300的数量

grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log | awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}}END{print i?i:0}'

grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log| awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}else if($2>=300&&$2<400){j++}}END{print i?i:0,j?j:0}'

采用慕课网上的案例：

得不出结果，经过调试发现在CentOS6.5下，if语句和上一个括号之间在同一行就好了：

脚本上用到了数组，grep，awk

#!/bin/sh
# Nginx's log analysis

#控制终端的输出格式
resettem=$(tput sgr0)
#定义日志的路径
Logfile_path='/data/nginx/logs/access.log'
#i=
#j=
#grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log| awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}else if($2>=300&&$2<400){j++}}END{print i?i:0,j?j:0}'

echo "$Logfile_path"

#拿到日志中所有的包含HTTP状态码的部分，拿出第二段来判断，并将结果分配到数组中
grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" $Logfile_path | awk -F "[ ]+" 'BEGIN{i=0;j=0;k=0;n=0;p=0;}{ if($2>=100&&$2<200) 
                  {i++}
           else if($>=&&$<)
                  {j++}
           else if($>=&&$<)
                  {k++}
           else if($>=&&$<)
                  {n++}
           else if($>=)
                 {p++}
         }END{
              print i?i:,j?j:,k?k:,n?n:,p?p:,i+j+k+n+p
         }'

Check_http_status()
{
#grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" access.log

#拿到日志中所有的包含HTTP状态码的部分，拿出第二段来判断，并将结果分配到数组中

Http_status_codes=(`grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" $Logfile_path | awk -F"[ ]+" 'BEGIN{i=0;j=0;k=0;n=0;p=0;}{ if($2>=100&&$2<200)  {i++} else if($>=&&$<) {j++} else if($>=&&$<) {k++} else if($>=&&$<) {n++} else if($>=) {p++} }END{ print i?i:,j?j:,k?k:,n?n:,p?p:,i+j+k+n+p }'`)  echo "---------" echo -e '\E[33m'"The number of http status[100+]:" ${resettem} ${Http_status_codes[]} echo -e '\E[33m'"The number of http status[200+]:" ${resettem} ${Http_status_codes[]} echo -e '\E[33m'"The number of http status[300+]:" ${resettem} ${Http_status_codes[]} echo -e '\E[33m'"The number of http status[400+]:" ${resettem} ${Http_status_codes[]} echo -e '\E[33m'"The number of http status[500+]:" ${resettem} ${Http_status_codes[]} echo -e '\E[33m'"The number of http all status:" ${resettem} ${Http_status_codes[]} } Check_http_status

查看具体的状态码，比如403的状态码

grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log | awk -F "[ ]+"  

'BEGIN{total=0;}{if($2!=""){code[$2]++;total++}else{exit}}END{print code[404]?code[404]:0,code[403]?code[403]:0,total?total:0}'

具体脚本：

Check_http_code()
{
#grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" access.log
Http_Code=(`grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" $Logfile_path | awk -F "[ ]+" 'BEGIN{total=0;}{ if($2!="")
            {code[$]++;total++}
        else
            {exit}
    }END{
        print code[]?code[]:,code[]?code[]:,total}'`)
echo "---------"
echo -e '\E[33m'"The number of http code[404]:" ${resettem} ${Http_Code[]}
echo -e '\E[33m'"The number of http code[403]:" ${resettem} ${Http_Code[]}
echo -e '\E[33m'"The number of http all status:" ${resettem} ${Http_Code[]}
}
Check_http_code

查看IP来源记录：

nginx默认配置：

log_format  main  '$remote_addr - $remote_user [$time_local] $request '
                      '"$status" $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" $request_time';

    access_log  /var/log/nginx/access.log  main buffer=32k;