shell脚本分析nginx日志

shell脚本分析nginx日志：

name=`awk -F ',' '{print $13":"$32}' $file | awk -F ':' '{print $4}'`
echo "name=$name"

awk -F
http://www.cnblogs.com/ggjucheng/archive/2013/01/13/2858470.html
抽取nginx日志access.log中的状态码，然后统计状态码中大于等于200小于300的数量

grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log | awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}}END{print i?i:0}'

grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log| awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}else if($2>=300&&$2<400){j++}}END{print i?i:0,j?j:0}'

采用慕课网上的案例：



得不出结果，经过调试发现在CentOS6.5下，if语句和上一个括号之间在同一行就好了：

脚本上用到了数组，grep，awk

#!/bin/sh
# Nginx's log analysis

#控制终端的输出格式
resettem=$(tput sgr0)
#定义日志的路径
Logfile_path='/data/nginx/logs/access.log'
#i=0
#j=1
#grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log| awk -F "[ ]+" 'BEGIN{i=0;print "[start]i=0;"}{if($2>=200&&$2<300){i++}else if($2>=300&&$2<400){j++}}END{print i?i:0,j?j:0}'

echo "$Logfile_path"

#拿到日志中所有的包含HTTP状态码的部分，拿出第二段来判断，并将结果分配到数组中
grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" $Logfile_path | awk -F "[ ]+" 'BEGIN{i=0;j=0;k=0;n=0;p=0;}{ if($2>=100&&$2<200) 
{i++}
else if($2>=200&&$2<300)
{j++}
else if($2>=300&&$2<400)
{k++}
else if($2>=400&&$2<500)
{n++}
else if($2>=500)
{p++}
}END{
print i?i:0,j?j:0,k?k:0,n?n:0,p?p:0,i+j+k+n+p
}'

Check_http_status()
{
#grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" access.log

#拿到日志中所有的包含HTTP状态码的部分，拿出第二段来判断，并将结果分配到数组中

Http_status_codes=(`grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" $Logfile_path | awk -F"[ ]+" 'BEGIN{i=0;j=0;k=0;n=0;p=0;}{ if($2>=100&&$2<200)  {i++} else if($2>=200&&$2<300) {j++} else if($2>=300&&$2<400) {k++} else if($2>=400&&$2<500) {n++} else if($2>=500) {p++} }END{ print i?i:0,j?j:0,k?k:0,n?n:0,p?p:0,i+j+k+n+p }'`)  echo "---------" echo -e '\E[33m'"The number of http status[100+]:" ${resettem} ${Http_status_codes[0]} echo -e '\E[33m'"The number of http status[200+]:" ${resettem} ${Http_status_codes[1]} echo -e '\E[33m'"The number of http status[300+]:" ${resettem} ${Http_status_codes[2]} echo -e '\E[33m'"The number of http status[400+]:" ${resettem} ${Http_status_codes[3]} echo -e '\E[33m'"The number of http status[500+]:" ${resettem} ${Http_status_codes[4]} echo -e '\E[33m'"The number of http all status:" ${resettem} ${Http_status_codes[5]} } Check_http_status

查看具体的状态码，比如403的状态码

grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" /data/nginx/logs/access.log | awk -F "[ ]+"

'BEGIN{total=0;}{if($2!=""){code[$2]++;total++}else{exit}}END{print code[404]?code[404]:0,code[403]?code[403]:0,total?total:0}'

具体脚本：

Check_http_code()
{
#grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" access.log
Http_Code=(`grep -ioE "HTTP\/1\.[1|0]\"[[:blank:]][0-9]{3}" $Logfile_path | awk -F "[ ]+" 'BEGIN{total=0;}{ if($2!="")
{code[$2]++;total++}
else
{exit}
}END{
print code[404]?code[404]:0,code[403]?code[403]:0,total}'`)
echo "---------"
echo -e '\E[33m'"The number of http code[404]:" ${resettem} ${Http_Code[0]}
echo -e '\E[33m'"The number of http code[403]:" ${resettem} ${Http_Code[1]}
echo -e '\E[33m'"The number of http all status:" ${resettem} ${Http_Code[2]}
}
Check_http_code

查看IP来源记录：

nginx默认配置：

log_format  main  '$remote_addr - $remote_user [$time_local] $request '
'"$status" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" $request_time';

access_log  /var/log/nginx/access.log  main buffer=32k;