当前位置:   article > 正文

awk分析httpd的access_log )获取访问前10位的ip地址_访问前十的ip地址

访问前十的ip地址

1. access_log日志文件在/etc/httpd/logs目录下

cd /etc/httpd/logs

2.查看access_log日志文件

  1. cat access_log
  2. # 内容如下:
  3. ..........
  4. 192.168.178.1 - - [04/Feb/2023:10:29:09 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  5. 192.168.178.1 - - [04/Feb/2023:10:29:10 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  6. 192.168.178.1 - - [04/Feb/2023:10:29:10 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  7. 192.168.178.1 - - [04/Feb/2023:10:29:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  8. 192.168.178.1 - - [04/Feb/2023:10:29:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  9. 192.168.178.1 - - [04/Feb/2023:10:29:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  10. 192.168.178.1 - - [04/Feb/2023:10:29:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  11. 192.168.178.1 - - [04/Feb/2023:10:29:11 +0800] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36"
  12. 192.168.178.1 - - [04/Feb/2023:10:29:56 +0800] "-" 408 - "-" "-"
  13. 192.168.178.151 - - [04/Feb/2023:10:43:40 +0800] "GET / HTTP/1.1" 200 20 "-" "curl/7.61.1"
  14. 192.168.178.151 - - [04/Feb/2023:10:43:43 +0800] "GET / HTTP/1.1" 200 20 "-" "curl/7.61.1"
  15. 192.168.178.151 - - [04/Feb/2023:10:43:46 +0800] "GET / HTTP/1.1" 200 20 "-" "curl/7.61.1"

3.awk获取访问前10位的ip地址

  1. awk '{nums[$1]+=1;} END{for(i in nums){print nums[i],i}}' access_log | sort | tail
  2. # {nums[$1]+=1} 将第一列的值作为数组的下标,数组的内容存储IP地址出现的次数
  3. # END{for(i in nums){print nums[i],i}} END在主代码块和数据读取之后执行,循环数组的下标,输出数组的值和下标
  4. # sort 排序
  5. # tail 输出内容的前10

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/黑客灵魂/article/detail/938259
推荐阅读
相关标签
  

闽ICP备14008679号