python分析nginx日志根据共性url屏蔽ip

<pre name="code" class="python">#!/usr/local/python/bin/python
# -*- coding: utf-8 -*-
import sys,time,commands,linecache
import subprocess
from urlparse import urlparse
from tailf import tailf
import shutil,struct,socket
def str2int(str):
uint = socket.ntohl(struct.unpack("I",socket.inet_aton(str))[0])
return struct.unpack("i", struct.pack('I', uint))[0]
cur_ip_cache = {}
commands.getstatusoutput("/home/nginx/sbin/nginx -s reload")
time.sleep(5)
fh=open('/home/nginx/conf/v42_deny.conf.python','r')
for  line in  fh.readlines():
if line[0:4] == "deny":
ip_temp = line.split(' ')[1][0:-2].strip().lstrip()
cur_ip_cache[ip_temp] = ip_temp
fh.close()

log_file = "/home/nginx/logs/www.access.log"
for line in tailf(log_file):
cur_time = int(time.strftime("%H%M",time.localtime()))
if cur_time > 2350:
sys.exit(0)
if line.find("vsendbymob") > 0 :
parse_info = line.split(' ')
ip_address = parse_info[0].strip()
log_referer = parse_info[5]
log_url = parse_info[7]
log_time = parse_info[1]+parse_info[2]
log_code = parse_info[10]
if log_code != '500' and log_code != '200' :
#print log_code
continue
if log_url.find("vsendbymob"):
if log_referer=="-" or log_referer.find("ajaxcommons.html")>0:
#print("%s\t\t%s\n%s\n%s" %(log_time,ip_address,log_referer,log_url))
#print("%s\t\t%s" %(log_time,ip_address))
if not cur_ip_cache.has_key(ip_address):
f=open('zhuochong.log','a')
f.write(log_time+"\t\t"+ip_address+"\n")
f.close()
cur_ip_cache[ip_address] = ip_address
f=open('/home/nginx/conf/host_deny.conf.python','a')
f.write("deny \t"+ip_address+";\n")
f.close()
#temp = subprocess.call("/home/nginx/sbin/nginx -s reload", shell=True)
shutil.copyfile("/home/nginx/conf/host_deny.conf.python", "/home/nginx/conf/host_deny.conf")
temp = commands.getstatusoutput("/home/nginx/sbin/nginx -s reload")