shell日志分析脚本

  1 #!/bin/bash
  2 ###########################################
  3 #
  4 #      version:    3.0.0
  5 #         creator:    zenghui       
  6 #         datetime:   05/06/2015
  7 #
  8 ###########################################
  9 #判断命令行参数
 10 if [ "$1" = "-f" ] && [ "$2" != "" ]
 11 then
 12 access_log="$2"
 13 
 14 #定义输入时间
 15 function feng() {
 16     read -p "请输入开始时间(10:30:00)秒数不输入默认为00: " a
 17     read -p "请输入结束时间(10:35:00)秒数不输入默认为00: " b
 18     if [[ "$a" =~ ^[0-9]{2}:[0-9]{2}:[0-9]{2}$ ]]
 19     then
 20         time_qing=`date +'['%d/%b/%Y:`$a
 21     else
 22         time_qing=`date +'['%d/%b/%Y:`$a":00"
 23     fi
 24 
 25     if [[ "$b" =~ ^[0-9]{2}:[0-9]{2}:[0-9]{2}$ ]]
 26     then    
 27         time_hou=`date +'['%d/%b/%Y:`$b
 28     else
 29         time_hou=`date +'['%d/%b/%Y:`$b":00"
 30     fi
 31     awk_value=`awk -v a=$time_qing -v b=$time_hou 'BEGIN{if (a>b) print "yes"}'`
 32 }
 33 
 34 #定义主菜单
 35 function menu() {
 36     clear
 37     echo -e "****************33[34;7m 日志统计33[0m*********************"
 38     echo "*            1、全站统计                    *"
 39     echo "*            2、以时间统计                  *"
 40     echo "*            3、exit                        *"
 41     echo "*********************************************"    
 42 }
 43 
 44 
 45 #定义全站统计共享函数
 46 function cmdquanz() {
 47         echo "$total"
 48         read -p "请输入编号显示ip的url记录: " totip
 49         tot=`echo "$total" | awk -v totip="$totip" '{if ($1 == totip) print $3}'`
 50     tempfile=`mktemp`
 51         temp1=`mktemp`
 52         temp2=`mktemp`
 53         echo $tempfile' '$temp1' '$temp2
 54         cat "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $0}'> $tempfile
 55         awk '{print "33[31m "$7" 33[0m""33[32m "$10/1024/1024"MB 33[0m"}' $tempfile > $temp1
 56         awk -F'"' '{print "33[34m "$6" 33[0m"}' $tempfile > $temp2
 57         paste $temp1 $temp2 | sort | uniq -c | sort -nr |more
 58         #echo $tot
 59         #cat "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $7}' | sort | uniq -c | sort -nr |more
 60         read -p "q退出上一级，Enter 继续" i
 61         if [ "$i" = "q" ];then
 62                 quanz
 63         else
 64                 clear
 65                 cmdquanz
 66         fi
 67 }
 68 
 69 #iptables函数
 70 function Iptables() {
 71     echo -e "*******************33[34;7m 功能选择33[0m******************"
 72     echo "*            1、显示ip的url、agent          *"
 73     echo "*            2、将ip加入iptables            *"
 74     echo "*            3、将ip加入nginx黑名单         *"
 75     echo "*            4、exit                        *"
 76     echo "*********************************************"
 77     read -p "请输入您要选择的编号： " Ipt
 78 }
 79 
 80 function Ima() {
 81     echo -e "*****************33[34;7m 功能选择33[0m****************************"
 82     echo  "*            1、单个ip加入nginx黑名单                *"
 83     echo  "*            2、全加入nginx黑名单                    *"
 84     echo  "*            3、回上一级                             *"
 85     echo  "*            4、exit                                 *"
 86     echo  "******************************************************"
 87     read -p "请输入您要选择的编号： " imge
 88 }
 89 
 90 #定义访问都是静态文件函数
 91 function Images() {
 92     read -p "输入你要查询的关键字(jpg,js,html)：" gjz
 93         feng
 94         jpg_ip=`cat /var/log/nginx/access_www.log |awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' | awk -v gjz=$gjz '{m[$1]=m[$1]+$10}{ipp[$1]=ipp[$1]+1}{if ($7 ~ gjz){a=1;ip[$1]=ip[$1]+a}}END{for(i in ip) if (ipp[i]==ip[i] && m[i]>1000000) print i,m[i]/1024/1024"MB"}' | sort -k 2 -nr | head -20 | cat -n`
 95     echo "$jpg_ip"
 96     Ima
 97     case $imge in
 98     1)
 99     read -p "再输入之前的ip编号(加入黑名单)：" imge_ip
100     tot=`echo "$jpg_ip" | awk -v im="$imge_ip" '{if ($1 == im) print $2}'`
101     nginx_black
102         read -p "Enter 继续"
103         shij;;
104     2)
105     read -p "确定请按Y/y：" ye
106     if [ "$ye" = "Y" ] || [ "$ye" = "y" ];then
107     shibai=`cat /usr/local/lnmp/nginx/conf/black.list`
108     chg=`echo "$jpg_ip" | awk '{print "deny "$2";"}' && cat /usr/local/lnmp/nginx/conf/black.list | sort | uniq | grep -v "58.247.43.226"`
109     echo "$chg" >  /usr/local/lnmp/nginx/conf/black.list
110          if [ "`/usr/local/lnmp/nginx/sbin/nginx -t > /dev/null 2>&1 && echo $?`" == "0" ];then
111                     /usr/local/lnmp/nginx/sbin/nginx -s reload  > /dev/null 2>&1
112                     echo "nginx 配置文件重新加载成功"
113                 else
114                     echo "nginx 配置文件重新加载失败"
115             echo "$shibai" > /usr/local/lnmp/nginx/conf/black.list
116         fi
117         fi
118     read -p "Enter 继续"
119     shij;;
120     3)
121     shij;;
122     *)
123     exit;;
124     esac
125 }
126 
127 ＃定义nginx黑名单
128 function nginx_black() {
129     nginx_black=/usr/local/lnmp/nginx/conf/black.list
130     if [ "$tot" != "" ];then
131         cat /usr/local/lnmp/nginx/conf/black.list | grep "$tot" || echo "deny $tot;">>$nginx_black
132        echo "$tot 已加入nginx黑名单"
133     if [ "`/usr/local/lnmp/nginx/sbin/nginx -t > /dev/null 2>&1 && echo $?`" == "0" ];then
134         /usr/local/lnmp/nginx/sbin/nginx -s reload  > /dev/null 2>&1
135         echo "nginx 配置文件重新加载成功"
136     else
137         echo "nginx 配置文件重新加载失败"
138     fi
139     fi
140 }
141 
142 #定义以时间统计共享函数
143 function cmdshij() {
144         echo "$total"
145         read -p "请输入编号: " totip
146         tot=`echo "$total" | awk -v totip="$totip" '{if ($1 == totip) print $3}'`   #获取ip
147     Iptables
148     
149     #对ip进行整理输出
150     case $Ipt in
151     1)
152         echo $tot' ptr'`dig -x $tot +short`
153     tempfile=`mktemp`
154     temp1=`mktemp`
155     temp2=`mktemp`
156     echo $tempfile' '$temp1' '$temp2
157     awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $0}'> $tempfile
158     awk '{print "33[31m "$7" 33[0m""33[32m "$10/1024/1024"MB 33[0m"}' $tempfile > $temp1
159     awk -F'"' '{print "33[34m "$6" 33[0m"}' $tempfile > $temp2
160     paste $temp1 $temp2 | sort | uniq -c | sort -nr |more
161     read -p "q退出上一级，Enter继续" i
162     if [ "$i" = "q" ];then
163         shij
164     else
165         clear
166         cmdshij
167     fi;;
168     2)
169     if [ "$tot" != "" ];then
170         iptables -L -n | grep "$tot" >/dev/null || iptables -I INPUT -s $tot -j DROP
171         echo "$tot 已加入iptables"
172     fi
173     read -p "q退出上一级，Enter继续" i
174         if [ "$i" = "q" ];then
175                 shij
176         else
177         clear
178                 cmdshij
179         fi;;
180     3)
181     nginx_black
182         read -p "q退出上一级，Enter继续" i
183         if [ "$i" = "q" ];then
184                 shij
185         else
186                 clear
187                 cmdshij
188         fi;;
189     *)
190     exit;;
191     esac
192 
193 }
194 
195 #定义全站统计函数
196 function quanz() {
197     clear
198     echo -e "****************33[34;7m全站统计33[0m*********************"
199     echo "*            1、以流量排序                  *"
200     echo "*            2、以ip个数排序                *"
201     echo "*            3、回上一级                    *"
202     echo "*            5、退出                        *"
203     echo "*********************************************"
204 read -p "请输入编号: " qz
205 case $qz in 
206     1)
207     total=`awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' "$access_log" | sort -nr | head -20| cat -n`
208     cmdquanz
209     quanz;;
210     2)
211     total=`awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' "$access_log" | sort -k 3 -nr | head -20| cat -n`
212     cmdquanz
213     quanz;;
214     3)
215     menu;;
216     *)
217     exit;;
218 esac
219 }
220 
221 #定义以时间统计函数
222 function shij() {
223     clear
224     echo -e "****************33[34;7m以时间统计33[0m*******************"
225     echo "*            1、以流量排序                  *"
226     echo "*            2、以ip个数排序                *"
227     echo "*            3、时间段ip总数                *"
228     echo "*            4、时间段全访问jpg or html     *"
229     echo "*            5、回上一级                    *"
230     echo "*            6、退出                        *"
231     echo "*********************************************"
232 read -p "请输入编号: " sj
233 case $sj in
234     1)
235     feng
236     if [ ${awk_value:-no} = "yes" ] || [ "$a" = "" ] || [ "$b" = "" ]
237     then
238         clear
239         echo "输入有误,请重新输入"
240         shij
241     else
242         total=`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}'  "$access_log"| awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' | sort -nr | head -20 | grep -v "e-" | cat -n`
243         cmdshij
244         shij
245     fi;;
246     2)
247         feng
248         if [ ${awk_value:-no} = "yes" ] || [ "$a" = "" ] || [ "$b" = "" ]
249         then
250         clear
251             echo "输入有误,请重新输入"
252             shij
253         else
254             total=`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}'  "$access_log"| awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' | sort -k 3 -nr | head -20| cat -n`
255         cmdshij
256             shij
257         fi;;
258     3)
259     feng
260     echo "ip总数: ""`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}'  "$access_log"| awk '{print $1}' | sort | uniq -c | wc -l`"
261     awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}'  "$access_log"| awk '{print $1}' | sort | uniq -c | sort -nr |more 
262         read -p "Enter 继续"
263     shij;;
264     4)
265     Images;;
266     5)
267     menu;;
268     *)
269     exit;;
270 esac
271 }
272 
273 #循环显示
274 while true
275 do
276 menu
277 read -p "请输入编号： " bh
278 case $bh in
279     1)
280     quanz;;
281     2)
282     shij;;
283     *)
284     exit;;
285 esac
286 done
287 #初始化变量aa
288 elif [ "${aa:--h}" = "-h" ]
289 then
290     echo "运行: ./datalog_ip_sort.sh -f 日志文件"
291 fi