统计apache access log中ip的访问数量

在检测某段时间内某个ip的访问量时使用下面方式即可。通过替换cat命令为 tail -n 10000,表示在最近的10000个访问中哪个ip的访问量较高,并最终确定某个ip是否在攻击,并用下面的命令把这个ip拉到黑名单。

#iptables -I INPUT -s 123.45.6.7 -j DROP

一、

统计APACHE ACCESS.LOG IP访问记录

可以根据自己的需要,统计很多,每个IP访问多少个页面等等!cat access.log-20090904 |awk ‘{print $1}’|sort|uniq -c|sort -rn|wc -l

详解:下面是一个例子:

cat 是读取这个文件。

66.249.73.134 – - [18/Sep/2013:01:38:59 +0800] “GET /%E5%9C%A8%E7%BA%BFrfc/ HTTP/1.1″ 200 9987 “-” “Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)” 1639995
66.249.73.129 – - [18/Sep/2013:01:39:19 +0800] “GET /category/opensource/apache/ HTTP/1.1″ 200 9060 “-” “Mediapartners-Google” 1852299
66.249.73.132 – - [18/Sep/2013:01:39:22 +0800] “GET /%E5%9C%A8%E7%BA%BFrfc/ HTTP/1.1″ 200 9987 “-” “Mediapartners-Google” 553305
66.249.73.131 – - [18/Sep/2013:01:39:24 +0800] “GET /page/2/ HTTP/1.1″ 200 8877 “-” “Mediapartners-Google” 1295362

awk ‘{print $1}’ 是了日志的第三个字段

220.139.141.61
61.228.130.169
61.228.135.187
61.228.131.15

[root@localhost~]# cat access.log | awk ‘{print $1}’

66.249.73.136
54.254.118.29
50.16.129.154
54.228.175.121
221.221.254.67
221.221.254.67
221.221.254.67
221.221.254.67
115.47.52.214
221.221.254.67
221.221.254.67
115.47.52.214
115.47.52.214
221.221.254.67
115.47.52.214
115.47.52.214
221.221.254.67
115.47.52.214
66.249.73.135
54.254.118.29
115.47.52.214
50.16.129.154
183.60.214.26
54.228.175.121
221.221.254.67
115.47.52.214
115.47.52.214
221.221.254.67
115.47.52.214

sort是排序,

[root@localhost~]# cat access.log | awk ‘{print $1}’|sort

101.226.166.196
101.226.166.197
101.226.166.198
101.226.166.199
101.226.166.200
101.226.166.201
101.226.166.202
101.226.166.203
101.226.166.204
101.226.166.205
101.226.166.206
101.226.166.208
101.226.166.209
101.226.166.210
101.226.166.211
101.226.166.212

uniq -c    打印每一重复行出现的次数。

[root@localhost~]# cat access.log | awk ‘{print $1}’|sort|uniq -c
6 220.139.141.61
6 61.228.130.169
12 61.228.130.187
6 61.228.131.15
24 61.228.134.106
6 61.228.134.99
6 61.228.135.187

sort -rn    对排序求逆,n为域号,使用此域号开始分类。

[root@localhost~]# cat access.log | awk ‘{print $3}’|sort|uniq -c|sort -rn
24 61.228.134.106
12 61.228.130.187
6 61.228.135.187
6 61.228.134.99
6 61.228.131.15
6 61.228.130.169
6 220.139.141.61
wc -l 统计行数的

[root@localhost~]# cat access.log | awk ‘{print $1}’|sort|uniq -c|sort -rn|wc -l

二、

通过apache 访问日志access.log 统计IP 和每个地址访问的次数,按访问量列出
前10 名。
日志格式样例如下
192.168.1.247 – – [02/Jul/2010:23:44:59 +0800] “GET / HTTP/1.1″ 200 19
答案:
cat access_log | awk ‘{print $1}’ | sort |uniq -c|sort -rn|head -10

发表评论

电子邮件地址不会被公开。 必填项已用 * 标注

您可以使用这些 HTML 标签和属性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>