根据 nginx 日志统计 ip 访问量
根据 nginx 日志统计 ip 访问量,由浅入深,逐步讲解。涉及命令 awk、sort、uniq
nginx access.log 日志内容截图如下:
nginx access.log 日志统计第一列 ip
[root@izbp1845cet96se1qmb5ekz logs]# ls
access.log error.log nginx.pid
[root@izbp1845cet96se1qmb5ekz logs]# awk '{print $1}' access.log
......
222.189.209.114
222.189.209.114
222.189.209.114
222.189.209.114
222.189.209.114
101.132.109.130
101.201.116.105
121.199.160.108
193.106.29.66
106.15.189.219
159.203.201.156
210.13.80.220
210.13.80.220
198.108.67.48
198.108.67.48
101.200.172.6
......
nginx access.log 日志统计第一列 ip , 排序 , 排序不加 - n , 则是按 ANSIC 码进行排序
[root@izbp1845cet96se1qmb5ekz logs]# awk '{print $1}' access.log |sort
47.99.192.167
47.99.192.167
47.99.192.167
49.144.46.163
5.101.40.82
5.101.40.82
5.101.40.82
5.39.217.107
5.39.217.107
58.144.150.145
58.38.86.89
58.38.86.89
58.38.86.89
58.38.86.89
58.49.32.154
59.110.18.205
59.173.153.120
59.173.153.120
59.36.132.222
59.36.132.222
60.191.38.78
60.191.38.78
60.191.38.78
nginx access.log 日志统计第一列 ip , 排序 sort 后 加 -n ,会认为第一个. 前面是第一个数字,和不加 - n 排序结果是不一样的
[root@izbp1845cet96se1qmb5ekz logs]# awk '{print $1}' access.log |sort -n
1.30.9.78
1.31.114.163
1.31.114.163
1.31.114.163
1.31.114.163
1.31.114.163
1.31.114.163
1.80.144.35
1.80.144.35
5.101.40.82
5.101.40.82
5.101.40.82
5.39.217.107
5.39.217.107
23.102.51.95
23.102.51.95
37.139.6.161
37.157.255.148
37.157.255.148
39.107.14.208
39.107.14.208
......
nginx access.log 日志统计第一列 ip , 排序 sort, 并去重 uniq -c ,去重后,根据访问次数重新排序 sort -n , 实现 top 排行,看哪个 ip 访问量是最大的
uniq 参数 -c 或 --count 在每列旁边显示该行重复出现的次数
sort -n 依照数值的大小排序
sort -n -r 依照数值的大小,以相反的顺序进行排序
[root@izbp1845cet96se1qmb5ekz logs]# awk '{print $1}' access.log |sort | uniq -c | sort -n
1 101.132.100.6
1 101.132.101.26
1 101.132.106.40
1 101.132.109.130
1 101.132.188.111
1 101.132.70.61
1 101.200.0.10
1 101.201.116.10
1 101.201.124.1
1 101.201.140.152
1 101.201.140.157
1 101.201.148.26
1 101.201.196.112
1 101.201.220.111
1 101.249.54.213
1 101.37.160.156
1 101.37.252.1
1 101.68.140.12
1 106.14.115.254
......
78 176.32.33.145
84 172.105.218.208
84 218.91.49.122
93 116.232.144.95
104 80.82.78.50
182 223.104.146.132
186 116.233.29.18
393 47.101.50.252
sort -n -r 加上 -r 实现倒序排序
[root@izbp1845cet96se1qmb5ekz logs]# awk '{print $1}' access.log |sort | uniq -c | sort -n -r
393 47.101.50.252
186 116.233.29.18
182 223.104.146.132
104 80.82.78.50
93 116.232.144.95
84 218.91.49.122
84 172.105.218.208
78 176.32.33.145
69 198.108.67.48
55 222.189.209.114
52 115.172.95.54
51 218.91.149.186
51 211.161.248.135
33 60.191.38.78
27 115.174.4.85
25 120.78.231.236
23 77.247.108.71
23 47.96.254.10
23 47.100.64.9
23 118.31.244.58
23 106.15.76.85
22 106.15.76.92
......
对上面结果,在命令行窗口实现上下翻页查看效果 可以通过管道加 less
[root@izbp1845cet96se1qmb5ekz logs]# awk '{print $1}' access.log |sort | uniq -c | sort -n -r | less
393 47.101.50.252
186 116.233.29.18
182 223.104.146.132
104 80.82.78.50
93 116.232.144.95
84 218.91.49.122
84 172.105.218.208
78 176.32.33.145
69 198.108.67.48
55 222.189.209.114
52 115.172.95.54
51 218.91.149.186
51 211.161.248.135
:
使用 上下箭头 PgUp 和 PgDn 进行翻页查看
根据 nginx 日志统计 ip 访问量 ,最终命令:
[root@izbp1845cet96se1qmb5ekz logs]# awk '{print $1}' access.log |sort | uniq -c | sort -n -r
393 47.101.50.252
186 116.233.29.18
182 223.104.146.132
104 80.82.78.50
93 116.232.144.95
84 218.91.49.122
84 172.105.218.208
78 176.32.33.145
69 198.108.67.48
55 222.189.209.114
52 115.172.95.54
51 218.91.149.186
51 211.161.248.135
33 60.191.38.78
27 115.174.4.85
25 120.78.231.236
23 77.247.108.71
23 47.96.254.10
23 47.100.64.9
23 118.31.244.58
23 106.15.76.85
22 106.15.76.92
......