1 #!/bin/bash
2 ###########################################
3 #
4 # version: 3.0.0
5 # creator: zenghui
6 # datetime: 05/06/2015
7 #
8 ###########################################
9 #判断命令行参数
10 if [ "$1" = "-f" ] && [ "$2" != "" ]
11 then
12 access_log="$2"
13
14 #定义输入时间
15 function feng() {
16 read -p "请输入开始时间(10:30:00)秒数不输入默认为00: " a
17 read -p "请输入结束时间(10:35:00)秒数不输入默认为00: " b
18 if [[ "$a" =~ ^[0-9]{2}:[0-9]{2}:[0-9]{2}$ ]]
19 then
20 time_qing=`date +'['%d/%b/%Y:`$a
21 else
22 time_qing=`date +'['%d/%b/%Y:`$a":00"
23 fi
24
25 if [[ "$b" =~ ^[0-9]{2}:[0-9]{2}:[0-9]{2}$ ]]
26 then
27 time_hou=`date +'['%d/%b/%Y:`$b
28 else
29 time_hou=`date +'['%d/%b/%Y:`$b":00"
30 fi
31 awk_value=`awk -v a=$time_qing -v b=$time_hou 'BEGIN{if (a>b) print "yes"}'`
32 }
33
34 #定义主菜单
35 function menu() {
36 clear
37 echo -e "****************33[34;7m 日志统计33[0m*********************"
38 echo "* 1、全站统计 *"
39 echo "* 2、以时间统计 *"
40 echo "* 3、exit *"
41 echo "*********************************************"
42 }
43
44
45 #定义全站统计共享函数
46 function cmdquanz() {
47 echo "$total"
48 read -p "请输入编号显示ip的url记录: " totip
49 tot=`echo "$total" | awk -v totip="$totip" '{if ($1 == totip) print $3}'`
50 tempfile=`mktemp`
51 temp1=`mktemp`
52 temp2=`mktemp`
53 echo $tempfile' '$temp1' '$temp2
54 cat "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $0}'> $tempfile
55 awk '{print "33[31m "$7" 33[0m""33[32m "$10/1024/1024"MB 33[0m"}' $tempfile > $temp1
56 awk -F'"' '{print "33[34m "$6" 33[0m"}' $tempfile > $temp2
57 paste $temp1 $temp2 | sort | uniq -c | sort -nr |more
58 #echo $tot
59 #cat "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $7}' | sort | uniq -c | sort -nr |more
60 read -p "q退出上一级,Enter 继续" i
61 if [ "$i" = "q" ];then
62 quanz
63 else
64 clear
65 cmdquanz
66 fi
67 }
68
69 #iptables函数
70 function Iptables() {
71 echo -e "*******************33[34;7m 功能选择33[0m******************"
72 echo "* 1、显示ip的url、agent *"
73 echo "* 2、将ip加入iptables *"
74 echo "* 3、将ip加入nginx黑名单 *"
75 echo "* 4、exit *"
76 echo "*********************************************"
77 read -p "请输入您要选择的编号: " Ipt
78 }
79
80 function Ima() {
81 echo -e "*****************33[34;7m 功能选择33[0m****************************"
82 echo "* 1、单个ip加入nginx黑名单 *"
83 echo "* 2、全加入nginx黑名单 *"
84 echo "* 3、回上一级 *"
85 echo "* 4、exit *"
86 echo "******************************************************"
87 read -p "请输入您要选择的编号: " imge
88 }
89
90 #定义访问都是静态文件函数
91 function Images() {
92 read -p "输入你要查询的关键字(jpg,js,html):" gjz
93 feng
94 jpg_ip=`cat /var/log/nginx/access_www.log |awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' | awk -v gjz=$gjz '{m[$1]=m[$1]+$10}{ipp[$1]=ipp[$1]+1}{if ($7 ~ gjz){a=1;ip[$1]=ip[$1]+a}}END{for(i in ip) if (ipp[i]==ip[i] && m[i]>1000000) print i,m[i]/1024/1024"MB"}' | sort -k 2 -nr | head -20 | cat -n`
95 echo "$jpg_ip"
96 Ima
97 case $imge in
98 1)
99 read -p "再输入之前的ip编号(加入黑名单):" imge_ip
100 tot=`echo "$jpg_ip" | awk -v im="$imge_ip" '{if ($1 == im) print $2}'`
101 nginx_black
102 read -p "Enter 继续"
103 shij;;
104 2)
105 read -p "确定请按Y/y:" ye
106 if [ "$ye" = "Y" ] || [ "$ye" = "y" ];then
107 shibai=`cat /usr/local/lnmp/nginx/conf/black.list`
108 chg=`echo "$jpg_ip" | awk '{print "deny "$2";"}' && cat /usr/local/lnmp/nginx/conf/black.list | sort | uniq | grep -v "58.247.43.226"`
109 echo "$chg" > /usr/local/lnmp/nginx/conf/black.list
110 if [ "`/usr/local/lnmp/nginx/sbin/nginx -t > /dev/null 2>&1 && echo $?`" == "0" ];then
111 /usr/local/lnmp/nginx/sbin/nginx -s reload > /dev/null 2>&1
112 echo "nginx 配置文件重新加载成功"
113 else
114 echo "nginx 配置文件重新加载失败"
115 echo "$shibai" > /usr/local/lnmp/nginx/conf/black.list
116 fi
117 fi
118 read -p "Enter 继续"
119 shij;;
120 3)
121 shij;;
122 *)
123 exit;;
124 esac
125 }
126
127 #定义nginx黑名单
128 function nginx_black() {
129 nginx_black=/usr/local/lnmp/nginx/conf/black.list
130 if [ "$tot" != "" ];then
131 cat /usr/local/lnmp/nginx/conf/black.list | grep "$tot" || echo "deny $tot;">>$nginx_black
132 echo "$tot 已加入nginx黑名单"
133 if [ "`/usr/local/lnmp/nginx/sbin/nginx -t > /dev/null 2>&1 && echo $?`" == "0" ];then
134 /usr/local/lnmp/nginx/sbin/nginx -s reload > /dev/null 2>&1
135 echo "nginx 配置文件重新加载成功"
136 else
137 echo "nginx 配置文件重新加载失败"
138 fi
139 fi
140 }
141
142 #定义以时间统计共享函数
143 function cmdshij() {
144 echo "$total"
145 read -p "请输入编号: " totip
146 tot=`echo "$total" | awk -v totip="$totip" '{if ($1 == totip) print $3}'` #获取ip
147 Iptables
148
149 #对ip进行整理输出
150 case $Ipt in
151 1)
152 echo $tot' ptr'`dig -x $tot +short`
153 tempfile=`mktemp`
154 temp1=`mktemp`
155 temp2=`mktemp`
156 echo $tempfile' '$temp1' '$temp2
157 awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $0}'> $tempfile
158 awk '{print "33[31m "$7" 33[0m""33[32m "$10/1024/1024"MB 33[0m"}' $tempfile > $temp1
159 awk -F'"' '{print "33[34m "$6" 33[0m"}' $tempfile > $temp2
160 paste $temp1 $temp2 | sort | uniq -c | sort -nr |more
161 read -p "q退出上一级,Enter继续" i
162 if [ "$i" = "q" ];then
163 shij
164 else
165 clear
166 cmdshij
167 fi;;
168 2)
169 if [ "$tot" != "" ];then
170 iptables -L -n | grep "$tot" >/dev/null || iptables -I INPUT -s $tot -j DROP
171 echo "$tot 已加入iptables"
172 fi
173 read -p "q退出上一级,Enter继续" i
174 if [ "$i" = "q" ];then
175 shij
176 else
177 clear
178 cmdshij
179 fi;;
180 3)
181 nginx_black
182 read -p "q退出上一级,Enter继续" i
183 if [ "$i" = "q" ];then
184 shij
185 else
186 clear
187 cmdshij
188 fi;;
189 *)
190 exit;;
191 esac
192
193 }
194
195 #定义全站统计函数
196 function quanz() {
197 clear
198 echo -e "****************33[34;7m全站统计33[0m*********************"
199 echo "* 1、以流量排序 *"
200 echo "* 2、以ip个数排序 *"
201 echo "* 3、回上一级 *"
202 echo "* 5、退出 *"
203 echo "*********************************************"
204 read -p "请输入编号: " qz
205 case $qz in
206 1)
207 total=`awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' "$access_log" | sort -nr | head -20| cat -n`
208 cmdquanz
209 quanz;;
210 2)
211 total=`awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' "$access_log" | sort -k 3 -nr | head -20| cat -n`
212 cmdquanz
213 quanz;;
214 3)
215 menu;;
216 *)
217 exit;;
218 esac
219 }
220
221 #定义以时间统计函数
222 function shij() {
223 clear
224 echo -e "****************33[34;7m以时间统计33[0m*******************"
225 echo "* 1、以流量排序 *"
226 echo "* 2、以ip个数排序 *"
227 echo "* 3、时间段ip总数 *"
228 echo "* 4、时间段全访问jpg or html *"
229 echo "* 5、回上一级 *"
230 echo "* 6、退出 *"
231 echo "*********************************************"
232 read -p "请输入编号: " sj
233 case $sj in
234 1)
235 feng
236 if [ ${awk_value:-no} = "yes" ] || [ "$a" = "" ] || [ "$b" = "" ]
237 then
238 clear
239 echo "输入有误,请重新输入"
240 shij
241 else
242 total=`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' "$access_log"| awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' | sort -nr | head -20 | grep -v "e-" | cat -n`
243 cmdshij
244 shij
245 fi;;
246 2)
247 feng
248 if [ ${awk_value:-no} = "yes" ] || [ "$a" = "" ] || [ "$b" = "" ]
249 then
250 clear
251 echo "输入有误,请重新输入"
252 shij
253 else
254 total=`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' "$access_log"| awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' | sort -k 3 -nr | head -20| cat -n`
255 cmdshij
256 shij
257 fi;;
258 3)
259 feng
260 echo "ip总数: ""`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' "$access_log"| awk '{print $1}' | sort | uniq -c | wc -l`"
261 awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' "$access_log"| awk '{print $1}' | sort | uniq -c | sort -nr |more
262 read -p "Enter 继续"
263 shij;;
264 4)
265 Images;;
266 5)
267 menu;;
268 *)
269 exit;;
270 esac
271 }
272
273 #循环显示
274 while true
275 do
276 menu
277 read -p "请输入编号: " bh
278 case $bh in
279 1)
280 quanz;;
281 2)
282 shij;;
283 *)
284 exit;;
285 esac
286 done
287 #初始化变量aa
288 elif [ "${aa:--h}" = "-h" ]
289 then
290 echo "运行: ./datalog_ip_sort.sh -f 日志文件"
291 fi
