Nginx access.log日誌分析shell命令
APP最近訪問流量增加,需要跟蹤使用者資訊,分析使用者行為。
日誌格式:
116.231.160.223 - - [19/Dec/2016:15:31:37 +0800] "POST /api/order/newOrderAndRefund HTTP/1.1" 200 142 token=ideqsq2bq84s3pu8mehjvq9v1f "-" "xgj/2.3.4 (iPhone; iOS 10.1.1; Scale/2.00)" "-" 116.231.160.223 - - [19/Dec/2016:15:31:37 +0800] "POST /api/order/newOrderAndRefund HTTP/1.1" 200 142 token=ideqsq2bq84s3pu8mehjvq9v1f "-" "xgj/2.3.4 (iPhone; iOS 10.1.1; Scale/2.00)" "-" 116.231.160.223 - - [19/Dec/2016:15:31:37 +0800] "POST /api/teacher/home HTTP/1.1" 200 3218 teacherId=9623&token=ideqsq2bq84s3pu8mehjvq9v1f "-" "xgj/2.3.4 (iPhone; iOS 10.1.1; Scale/2.00)" "-" 116.231.160.223 - - [19/Dec/2016:15:31:40 +0800] "POST /api/student/getCalTable HTTP/1.1" 200 97 fromTime=2010-01-01%2010%3A01%3A00&toTime=2030-01-20%2010%3A00%3A00&token=ideqsq2bq84s3pu8mehjvq9v1f "-" "xgj/2.3.4 (iPhone; iOS 10.1.1; Scale/2.00)" "-" 116.231.160.223 - - [19/Dec/2016:15:31:43 +0800] "POST /api/user/updateJpush HTTP/1.1" 200 99 alias=9623&token=ideqsq2bq84s3pu8mehjvq9v1f "-" "xgj/2.3.4 (iPhone; iOS 10.1.1; Scale/2.00)" "-" 116.231.160.223 - - [19/Dec/2016:15:31:53 +0800] "POST /api/student/getCalTable HTTP/1.1" 200 97 fromTime=2010-01-01%2010%3A01%3A00&toTime=2030-01-20%2010%3A00%3A00&token=ideqsq2bq84s3pu8mehjvq9v1f "-" "xgj/2.3.4 (iPhone; iOS 10.1.1; Scale/2.00)" "-"
通過日誌檢視當天訪問頁面排前10的url:
#>cat access.log | grep "19/Dec/2016" | awk '{print $7}' | sort | uniq -c | sort -nr | head -n 10
通過日誌檢視當天ip連線數,統計ip地址的總連線數
#>cat access.log | grep "19/Dec/2016" | awk '{print $1}' | sort | uniq -c | sort -nr
通過日誌檢視當天訪問次數最多的10個IP ,只需要在上一個命令後加上head命令
#>cat access.log | grep "19/Dec/2016" |awk '{print $1}'|sort |uniq -c|sort -nr|head –n 10
統計安卓或iPhone訪問次數
#>cat access.log | grep "19/Dec/2016"|grep iPhone |awk '{print $1}'|sort |uniq -c|sort -nr
#>cat access.log | grep "19/Dec/2016"|grep Android|awk '{print $1}'|sort |uniq -c|sort -nr
通過日誌檢視當天訪問次數最多的10個IP
#>awk '{print $1}' access.log |sort |uniq -c|sort -nr|head
通過日誌檢視當天指定ip訪問次數過的url和訪問次數:
#>cat access.log | grep "10.0.21.17" | awk '{print $7}' | sort | uniq -c | sort -nr
通過日誌檢視當天訪問次數最多的時間段
#>awk '{print $4}' access.log | grep "19/Dec/2016" |cut -c 14-18|sort|uniq -c|sort -nr|head