1.根据访问IP统计UV
awk '{print $1}' access.log|sort | uniq -c |wc -l
2.统计访问URL统计PV
awk '{print $7}' access.log|wc -l
3.查询访问最频繁的URL
awk '{print $7}' access.log|sort | uniq -c |sort -n -k 1 -r|more
4.查询访问最频繁的IP
awk '{print $1}' access.log|sort | uniq -c |sort -n -k 1 -r|more
5.根据时间段统计查看日志
cat access.log| sed -n '/14\/Mar\/2015:21/,/14\/Mar\/2015:22/p'|more
6.awk分割信息后获取最后一列
cat $(ll /home/sdzw/tcf/20110914_001/|awk '{print $NF}')|grep "abc"
7.访问最多
awk '{print $1}' 日志地址 | sort | uniq -c | sort -n -k 1 -r | head -n 100
8.输出日志
awk -F' ' '{print "\n["NR-1"]\nmd5="$1"\nurl= >111.ini
9.统计排除
cat xxx.xxx.com.access.log-20160616|grep -i -v -E "bing|baidu|google|sougou"|awk '{print $1}'|sort | uniq -c | sort -n -k 1 -r | head -n 20
#!/bin/sh
LOG_FILE=/usr/local/nginx/logs/xxx.xxx.com.access.log #访问日志
IP_FILE=/etc/black #存放需要禁止的ip文件
NUMBER=2000 #非法访问量的值
wan0=eth0 #网卡
BACKIP=`cat $IP_FILE` #每次操作先清空之前的ip
`cat /dev/null > $IP_FILE`
Denyip=`cat $LOG_FILE|grep -i -v -E "bing|baidu|google|sougou"|awk '{print $1}'|sort | uniq -c | sort -n -k 1 -r | head -n 1000000|awk '{if($1>'$NUMBER')print $2}'`
echo $Denyip > $IP_FILE
if [ "$BACKIP" != "" ];then
for X in $BACKIP
do
echo $X ---deny
iptables -A INPUT -i $wan0 -s $X -p all -j DROP
done
fi