{"id":1704,"date":"2023-04-20T17:36:39","date_gmt":"2023-04-20T09:36:39","guid":{"rendered":"https:\/\/www.siediyer.cn\/?p=1704"},"modified":"2023-04-20T17:36:39","modified_gmt":"2023-04-20T09:36:39","slug":"accesslog%e6%88%96%e8%80%85cookielog%e7%9a%84shell%e5%b8%b8%e7%94%a8%e5%88%86%e6%9e%90%e8%84%9a%e6%9c%ac","status":"publish","type":"post","link":"https:\/\/www.siediyer.cn\/?p=1704","title":{"rendered":"accesslog\u6216\u8005cookie&#8217;log\u7684shell\u5e38\u7528\u5206\u6790\u811a\u672c"},"content":{"rendered":"<pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\">#\u7edf\u8ba1\u63a5\u53e3\u5730\u5740\u8bbf\u95ee\u91cf\r\ngrep \/test access.log | wc -l\r\n\r\n#PV\u7edf\u8ba1\r\nawk '{print $6}' access.log | wc -l\r\n\r\nUV\u7edf\u8ba1\r\nawk '{print $13}' access.log | sort -r |uniq -c |wc -l\r\n\r\n\u72ec\u7acbIP\u7edf\u8ba1\r\nawk '{print $1}' access.log | sort -r |uniq -c | wc -l\r\n\r\n#\u7edf\u8ba1apache cookie log\u4e2d\u8bbf\u95ee\u9891\u7387\u6700\u9ad8\u768420\u4e2aip\u548c\u8bbf\u95ee\u6b21\u6570  \r\ncat cookielog | awk '{ a[$1] += 1; } END { for(i in a) printf(\"%d, %s\\n\", a[i], i ); }' | sort -n | tail -20  \r\n  \r\n#\u7edf\u8ba1apache cookie log\u4e2d\u8fd4\u56de404\u7684url\u5217\u8868  \r\nawk '$11 == 404 {print $8}' access_log | uniq -c | sort -rn | head  \r\n  \r\n#\u7edf\u8ba1\u4e00\u4e2aip\u8bbf\u95ee\u8d85\u8fc720\u6b21\u7684ip\u548c\u8bbf\u95ee\u6b21\u6570\u5217\u8868\uff0c\u628a$1\u6539\u4e3aurl\u5bf9\u5e94\u7684$9,\u5219\u53ef\u4ee5\u7edf\u8ba1\u6bcf\u4e2aurl\u7684\u8bbf\u95ee\u6b21\u6570  \r\ncat access_log | awk '{print $1}' | sort | uniq -c | sort -n | awk '{ if ($1 &gt; 20)print $1,$2}'  \r\n  \r\n#\u7edf\u8ba1\u6bcf\u4e2aurl\u7684\u5e73\u5747\u8bbf\u95ee\u65f6\u95f4  \r\ncat cookielog | awk '{ a[$6] += 1; b[$6] += $11; } END { for(i in a) printf(\"%d, %d, %s\\n\", a[i],a[i]\/b[i] i ); }' | sort -n | tail -20  \r\n  \r\n  \r\n#\u6253\u5370\u8bbf\u95eeapache\u7684\u65b0ip\u5217\u8868  \r\ntail -f access.log | awk -W interactive '!x[$1]++ {print $1}'  \r\n  \r\n#\u901a\u8fc7\u65e5\u5fd7\u67e5\u770b\u5f53\u5929\u6307\u5b9aip\u8bbf\u95ee\u6b21\u6570\u8fc7\u7684url\u548c\u8bbf\u95ee\u6b21\u6570:  \r\ncat access.log | grep \"10.0.21.17\" | awk '{print $7}' | sort | uniq -c | sort \u2013nr  \r\n  \r\n  \r\n#\u901a\u8fc7\u65e5\u5fd7\u67e5\u770b\u5f53\u5929\u8bbf\u95ee\u6b21\u6570\u6700\u591a\u7684\u65f6\u95f4\u6bb5  \r\nawk '{print $4}' access.log | grep \"26\/Mar\/2012\" |cut -c 20-50|sort|uniq -c|sort -nr|head  \r\n  \r\n#\u67e5\u770b\u67d0\u4e00\u5929\u7684\u8bbf\u95ee\u91cf  \r\ncat access_log|grep '12\/Nov\/2012'|grep \"******.htm\"|wc|awk '{print $1}'|uniq   \r\n  \r\n#\u67e5\u770b\u8bbf\u95ee\u65f6\u95f4\u8d85\u8fc730ms\u7684url\u5217\u8868  \r\ncat access_log|awk \u2018($NF &gt; 30){print $7}\u2019|sort -n|uniq -c|sort -nr|head -20   \r\n  \r\n#\u5217\u51fa\u54cd\u5e94\u65f6\u95f4\u8d85\u8fc760m\u7684url\u5217\u8868\u5e76\u7edf\u8ba1\u51fa\u73b0\u6b21\u6570  \r\ncat access_log |awk \u2018($NF &gt; 60 &amp;&amp; $7~\/\\.php\/){print $7}\u2019|sort -n|uniq -c|sort -nr|head -100   \r\n  \r\n#\u6392\u9664\u641c\u7d22\u5f15\u64ce\u540e\u7684url\u8bbf\u95ee\u6b21\u6570  \r\nsed \"\/Baiduspider\/d;\/Googlebot\/d;\/Sogou web spider\/d;\" xxx.log|awk -F' ' '{print $7}'|sort | uniq -c | sort -k1,2 -nr   \r\n  \r\n#\u7edf\u8ba1\/index.html\u9875\u9762\u7684\u8bbf\u95eeuv  \r\ngrep \"\/index.html\" access.log | cut \u2013d \u201c \u201d \u2013f 4| sort | uniq | wc \u2013l<\/pre>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>#\u7edf\u8ba1\u63a5\u53e3\u5730\u5740\u8bbf\u95ee\u91cf grep \/test access.log | wc -l #PV\u7edf\u8ba1 awk &#8216;{pr [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1704","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/posts\/1704","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1704"}],"version-history":[{"count":1,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/posts\/1704\/revisions"}],"predecessor-version":[{"id":1705,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=\/wp\/v2\/posts\/1704\/revisions\/1705"}],"wp:attachment":[{"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1704"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1704"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.siediyer.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1704"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}