ÔõÑùʹÓÃLinux¾ÙÐÐÍøÂçÈÕÖ¾ÆÊÎö£¿
ÔõÑùʹÓÃlinux¾ÙÐÐÍøÂçÈÕÖ¾ÆÊÎö£¿
Ëæ×Å»¥ÁªÍøµÄ¿ìËÙÉú³¤£¬ÍøÂçÈÕÖ¾ÆÊÎöÖð½¥³ÉΪÁËÐí¶àÆóÒµºÍ×éÖ¯±Ø²»¿ÉÉÙµÄÒ»ÏîÊÂÇ顣ͨ¹ýÍøÂçÈÕÖ¾ÆÊÎö£¬ÎÒÃÇ¿ÉÒÔÏàʶÓû§µÄÐÐΪ¡¢ÓÅ»¯ÍøÕ¾ÐÔÄÜ¡¢¼ì²âÍøÂç¹¥»÷µÈ¡£ÔÚ Linux ÇéÐÎÏ£¬ÎÒÃÇ¿ÉÒÔʹÓÃһЩǿʢµÄ¹¤¾ßÀ´¾ÙÐÐÍøÂçÈÕÖ¾ÆÊÎö£¬±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃÕâЩ¹¤¾ß¾ÙÐÐÍøÂçÈÕÖ¾ÆÊÎö¡£
×°ÖúÍÉèÖÃÈÕÖ¾ÍøÂ繤¾ß
Ê×ÏÈ£¬ÎÒÃÇÐèҪװÖÃÒ»¸öÈÕÖ¾ÍøÂ繤¾ß£¬ÀýÈç rsyslog »ò syslog-ng¡£ÕâЩ¹¤¾ß¿ÉÒÔ×ÊÖúÎÒÃǽ«ÈÕÖ¾´Ó²î±ðµÄȪԴÍøÂçµ½Ò»ÆäÖÐÑëÈÕ־ЧÀÍÆ÷ÉÏ¡£ÔÚ Ubuntu ϵͳÉÏ£¬¿ÉÒÔʹÓÃÒÔÏÂÏÂÁî×°Öà rsyslog£º
sudo apt-get update sudo apt-get install rsyslog
µÇ¼ºó¸´ÖÆ
×°ÖÃÍê³Éºó£¬ÎÒÃÇÐèÒª¾ÙÐÐÉèÖ᣷¿ª rsyslog µÄÉèÖÃÎļþ /etc/rsyslog.conf£¬Ìí¼ÓÏÂÃæµÄÉèÖãº
# ½«ÐÂÎÅת·¢µ½Ô¶³ÌÈÕ־ЧÀÍÆ÷ *.* @Ô¶³ÌЧÀÍÆ÷IPµØµã:514
µÇ¼ºó¸´ÖÆ
½« “Ô¶³ÌЧÀÍÆ÷IPµØµã” Ì滻ΪÄãµÄÖÐÑëÈÕ־ЧÀÍÆ÷µÄ IP µØµã¡£ÉúÑÄÉèÖÃÎļþºó£¬ÖØÆô rsyslog ЧÀÍ£º
sudo service rsyslog restart
µÇ¼ºó¸´ÖÆ
ÆÊÎöÈÕÖ¾
Ò»µ©ÉèÖúÃÁËÈÕÖ¾ÍøÂ繤¾ß£¬ÎÒÃǾͿÉÒÔ×îÏÈÆÊÎöÈÕÖ¾ÁË¡£ÔÚ Linux ÇéÐÎÏ£¬ÓÐһЩǿʢµÄ¹¤¾ß¿ÉÒÔ×ÊÖúÎÒÃǾÙÐÐÍøÂçÈÕÖ¾ÆÊÎö£¬ÀýÈç grep¡¢awk¡¢sed ºÍ Perl µÈ¡£
2.1 ʹÓà grep ¾ÙÐйýÂË
grep ÊÇÒ»¸öÇ¿Ê¢µÄÎı¾¹ýÂ˹¤¾ß£¬ÎÒÃÇ¿ÉÒÔʹÓÃËüÀ´¹ýÂ˲¢ÌáÈ¡¸ÐÐËȤµÄÈÕÖ¾ÐС£ÒÔÏÂÊÇһЩ³£ÓÃµÄ grep ÏÂÁîʾÀý£º
# ¹ýÂË°üÀ¨Òªº¦×Ö "error" µÄÈÕÖ¾ÐÐ grep "error" /var/log/syslog # ¹ýÂË»á¼ûÈÕÖ¾ÖÐµÄ IP µØµã grep -oE "([0-9]{1,3}.){3}[0-9]{1,3}" /var/log/apache/access.log # ͳ¼Æ°üÀ¨Òªº¦×Ö "GET" µÄÈÕÖ¾ÐÐÊý grep -c "GET" /var/log/apache/access.log
µÇ¼ºó¸´ÖÆ
2.2 ʹÓà awk ¾ÙÐÐÊý¾ÝÌáÈ¡ºÍÆÊÎö
awk ÊÇÒ»ÖÖÇ¿Ê¢µÄÎı¾´¦Àí¹¤¾ß£¬¿ÉÒÔ×ÊÖúÎÒÃǶÔÈÕÖ¾¾ÙÐÐÊý¾ÝÌáÈ¡ºÍÆÊÎö¡£ÒÔÏÂÊÇһЩ³£ÓÃµÄ awk ÏÂÁîʾÀý£º
# ÌáÈ¡»á¼ûÈÕÖ¾ÖеÄÈÕÆÚºÍʱ¼ä awk '{print $4}' /var/log/apache/access.log # ͳ¼Æ»á¼ûÈÕÖ¾ÖÐÿ¸ö IP µÄ»á¼û´ÎÊý awk '{++count[$1]} END {for (ip in count) print ip, count[ip]}' /var/log/apache/access.log
µÇ¼ºó¸´ÖÆ
2.3 ʹÓà sed ¾ÙÐÐÈÕÖ¾Ìæ»»ºÍ±à¼
sed ÊÇÒ»¸öÇ¿Ê¢µÄÁ÷ʽÎı¾±à¼Æ÷£¬¿ÉÒÔ×ÊÖúÎÒÃǶÔÈÕÖ¾¾ÙÐÐÌæ»»ºÍ±à¼¡£ÒÔÏÂÊÇһЩ³£ÓÃµÄ sed ÏÂÁîʾÀý£º
# Ìæ»»»á¼ûÈÕÖ¾ÖÐµÄ IP µØµã sed 's/[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}/IPµØµã/g' /var/log/apache/access.log # ɾ³ý»á¼ûÈÕÖ¾ÖеĿÕȱÐÐ sed '/^s*$/d' /var/log/apache/access.log
µÇ¼ºó¸´ÖÆ
2.4 ʹÓà Perl ¾ÙÐи߼¶Êý¾Ý´¦Àí
Perl ÊÇÒ»ÖÖÇ¿Ê¢µÄ¾ç±¾ÓïÑÔ£¬¿ÉÒÔ×ÊÖúÎÒÃǾÙÐи߼¶µÄÊý¾Ý´¦ÀíºÍÆÊÎö¡£ÒÔÏÂÊÇÒ»¸ö¼òÆ Perl ¾ç±¾Ê¾Àý£¬ÓÃÓÚͳ¼Æ»á¼ûÈÕÖ¾ÖÐÿ¸ö IP µØµãµÄ»á¼û´ÎÊý£º
#!/usr/bin/perl use strict; use warnings; my %count; while (<>) { chomp; my ($ip) = $_ =~ /(d+.d+.d+.d+)/; ++$count{$ip}; } foreach my $ip (keys %count) { print "$ip: $count{$ip} "; }
µÇ¼ºó¸´ÖÆ
ÉúÑÄÉÏÊö¾ç±¾Îª log_analysis.pl£¬È»ºóÔËÐÐÒÔÏÂÏÂÁ
perl log_analysis.pl /var/log/apache/access.log
µÇ¼ºó¸´ÖÆ
ÒÔÉÏÊÇһЩ³£ÓõŤ¾ßºÍÏÂÁîʾÀý£¬×ÊÖúÄã¾ÙÐÐÍøÂçÈÕÖ¾ÆÊÎö¡£ËäÈ»£¬ÕâÖ»ÊÇÍøÂçÈÕÖ¾ÆÊÎöµÄÈëÃż¶ÄÚÈÝ£¬ÉÐÓÐÐí¶à¸ü¸ß¼¶ºÍÖØ´óµÄÆÊÎöÊÖÒպ͹¤¾ßÆÚ´ýÄãȥ̽Ë÷¡£Ï£Íû±¾ÎĶÔÄãÓÐËù×ÊÖú£¬×£ÄãÔÚ Linux ÇéÐÎÏÂÍøÂçÈÕÖ¾ÆÊÎöÊÂÇé˳Ë죡
ÒÔÉϾÍÊÇÔõÑùʹÓÃLinux¾ÙÐÐÍøÂçÈÕÖ¾ÆÊÎö£¿µÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡