Linux 日志分析核心命令速查表
一、IP 与访问量分析
- 统计访问 IP 总数
bash
awk '{print $1}' log_file | sort | uniq | wc -l
- 查看单个 IP 访问的页面
bash
grep ^111.111.111.111 log_file | awk '{print $1,$7}'
- 按 IP 统计访问页数
bash
awk '{++S[$1]} END {for (a in S) print a,S[a]}' log_file | sort -n -t ' ' -k 2
- IP 访问量排序(从小到大)
bash
awk '{++S[$1]} END {for (a in S) print S[a],a}' log_file | sort -n
- Top 10 访问 IP
bash
cat access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -10
二、页面访问分析
- 单个页面访问次数
bash
grep "/index.php" log_file | wc -l
- Top 10 访问页面
bash
cat log_file | awk '{print $11}' | sort | uniq -c | sort -nr | head -10
- 按子域名统计访问量
bash
cat access.log | awk '{print $11}' | sed -e 's/http:\/\///' -e 's/\/.*//' | sort | uniq -c | sort -rn | head -20
- 过滤搜索引擎访问
bash
awk '{print $12,$1}' log_file | grep ^\"Mozilla | awk '{print $2}' | sort | uniq | wc -l
三、时间维度分析
- 指定小时段 IP 访问量
bash
awk '{print $4,$1}' log_file | grep 16/Aug/2015:14 | awk '{print $2}' | sort | uniq | wc -l
- 日期段内页面访问排名
bash
cat access.log | grep '04/May/2012' | awk '{print $11}' | sort | uniq -c | sort -nr | head -20
- 小时级访问高峰时段
bash
awk -vFS="[:]" '{gsub("-.*","",$1);num[$2" "$1]++}END{for(i in num)print i,num[i]}' log_file | sort -n -k 3 -r | head -10
- 分钟级访问峰值
bash
awk '{print $1}' access.log | grep "20/Mar/2011" | cut -c 14-18 | sort | uniq -c | sort -nr | head
四、性能与传输分析
- 大文件传输记录(>200KB)
bash
cat www.access.log | awk '($10 > 200000 && $7~/\.php/){print $7}' | sort -n | uniq -c | sort -nr | head -100
- 耗时页面排名(>60 秒)
bash
cat www.access.log | awk '($NF > 60 && $7~/\.php/){print $7}' | sort -n | uniq -c | sort -nr | head -100
- 网站总流量统计(GB)
bash
cat access.log | awk '{sum+=$10} END {print sum/1024/1024/1024}'
- PHP 页面传输时间排序
bash
cat log_file | awk '($7~/\.php/){print $NF " " $1 " " $4 " " $7}' | sort -nr | head -100
五、网络连接分析
- Apache 并发连接数
bash
netstat -an | grep ESTABLISHED | wc -l
- 80 端口总连接数
bash
netstat -nat | grep -i "80" | wc -l
- IP 连接数与状态统计
bash
netstat -n | awk '/^tcp/ {n=split($(NF-1),array,":");if(n<=2)++S[array[(1)]];else++S[array[(4)]];++s[$NF];++N} END {for(a in S){printf("%-20s %s\n", a, S[a]);++I}printf("%-20s %s\n","TOTAL_IP",I);for(a in s) printf("%-20s %s\n",a, s[a]);printf("%-20s %s\n","TOTAL_LINK",N);}'
- 每秒并发请求监控
bash
watch "awk '{if($9~/200|30|404/)COUNT[$4]++}END{for( a in COUNT) print a,COUNT[a]}' log_file | sort -k 2 -nr | head -n10"
六、错误与状态分析
- 404 错误统计
bash
awk '($9 ~/404/)' access.log | awk '{print $9,$7}' | sort
- HTTP 状态码分布
bash
cat access.log | awk '{counts[$(9)]+=1}; END {for(code in counts) print code, counts[code]}'
- 状态码出现次数排序
bash
cat access.log | awk '{print $9}' | sort | uniq -c | sort -rn
七、进程与资源分析
- 进程运行数量排序
bash
ps -ef | awk -F ' ' '{print $8 " " $9}' | sort | uniq -c | sort -nr | head -20
- httpd 进程数统计
bash
ps -ef | grep httpd | wc -l
- GET 请求计数
bash
cat apache.log | awk '{if($7~/GET/) count++}END{print "client_request="count}'
八、高级筛选示例
- 特定时间段 URL 访问排名
bash
cat access.log | grep '04/May/2012' | awk '{print $11}' | sort | uniq -c | sort -nr | head -20
- 含特定域名的访问 IP
bash
cat access_log | awk '($11~/\www.abc.com/){print $1}' | sort | uniq -c | sort -nr
- 指定页面的 IP 访问记录(时间段)
bash
cat log_file | egrep '15/Aug/2015|16/Aug/2015' | awk '{if($7 == "/index.php?g=Member&m=Public&a=sendValidCode") print $1,$7}' | sort | uniq -c | sort -nr