日志格式:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\""
实时查看:
tail -f access_log | awk -F"[" ‘{print $2}’ | awk -F"]" ‘{print $1}’ | uniq -c
结果显示每秒的访问量,如果只关心某个接口,添加grep就行了
按天统计:
cat access_log.20090401 | php -R ‘preg_match("/(GET|POST){1} (\/[^? ]+)/",$argn, $matches);$arr[$matches[2]]++; $sum++;’ -E ‘foreach($arr as $key=>$val) echo $val . "\t" . $val/$sum*100 ."%\t". $key ."\n"; echo "total\t$sum";’ |sort -nr
统计查询字符串里面的某个参数:
cat access_log.20090401 | php -R ‘preg_match("/(GET|POST) [^\"]*entry=([^& ]*)[&
]?/",$argn,$matches);echo $matches[2]."\n";’ | sort -n | uniq -c | sort -rn
匹配2009-08-27~29 三天的日志,用户名以 _[0-9a-z]{5} 结尾:
grep space /data2/ssologs/login/200908/*2[7-9] | grep "| LoginFlow |" | grep "| 2 |" | grep credentail | awk -F "|" –posix ‘$6 ~ / [^_]+_[0-9a-z]{5} $/’
注意: 这里的 {} 属于posix的正则,需要选项 –posix