Fix skripte: nginx log + group by user-agent + count + sort desc @ Slo-Tech

Forum » Programiranje »
Fix skripte: nginx log + group by user-agent + count + sort desc

Fix skripte: nginx log + group by user-agent + count + sort desc

HotBurek :: 3. sep 2019, 14:12

Evo, iz interneta skripta, ki v prvem koraku iz default nginx log fajla pobere ven vse user-agent stringe, v drugem pa naredi uniq, sort po dolžini in asc.

Če kdo pozna te kul tool-e (cut, cat, awk, sort, ...) in bi znal zadevo pomodificirat tako, da bi output bil sum po user-agent stringu, ter order by count in desc. Se pravi, da bi videl, koliko request-ov je naredil posamičen user-agent, razverščeno podajoče po skupnem številu?

cut -f 6 -d'"' /var/log/nginx/access.log > /home/user1/useragent/ualist.txt
cat /home/user1/useragent/ualist.txt | awk '{ print length, $0 }' | sort -n -s | cut -d" " -f2- | uniq > /home/user1/useragent/out-list.txt

root@debian:/# iptraf-ng
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window

poskusilo klonirati: HotBurek (3. sep 2019 ob 14:12)

joggi79 :: 3. sep 2019, 14:27

Daj par vrstic access.log da vidim kako izgleda, ker na podlagi tega je odvisno katere stolpce cutas itd.

HotBurek :: 3. sep 2019, 14:37

Tole je iz nginx.conf

log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

Tole pa sample log file:

1.2.3.4 - - [01/Aug/2019:15:02:03 +0200] "GET / HTTP/1.1" 404 146 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0"
1.2.3.4 - - [01/Aug/2019:15:02:03 +0200] "GET /favicon.ico HTTP/1.1" 404 146 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0"
1.2.3.4 - - [01/Aug/2019:15:02:20 +0200] "GET / HTTP/1.1" 200 9 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0"
1.2.3.4 - - [01/Aug/2019:15:02:51 +0200] "GET / HTTP/1.1" 200 9 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"
1.2.3.4 - - [01/Aug/2019:15:02:54 +0200] "GET /?SSL_Labs_Renegotiation_Test=User_Agent_May_Not_Show HTTP/1.0" 400 0 "-" "SSL Labs (https://www.ssllabs.com/about/assessmen...
1.2.3.4 - - [01/Aug/2019:15:18:03 +0200] "GET / HTTP/1.1" 403 146 "-" "-"
1.2.3.4 - - [01/Aug/2019:15:24:49 +0200] "GET / HTTP/1.1" 200 9 "-" "Mozilla/5.1 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0"
1.2.3.4 - - [01/Aug/2019:17:14:40 +0200] "GET / HTTP/1.1" 200 9 "-" "Mozilla/5.1 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0"
1.2.3.4 - - [01/Aug/2019:19:02:13 +0200] "GET / HTTP/1.1" 403 146 "-" "-"

root@debian:/# iptraf-ng
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window

joggi79 :: 3. sep 2019, 15:17

cut -f 6 -d'"' /var/log/nginx/access.log > /home/user1/useragent/ualist.txt
cat /home/user1/useragent/ualist.txt | awk '{ print length, $0 }' | cut -d" " -f2- | uniq -c | sort -n -r > /home/user1/useragent/out-list.txt

bo?

HotBurek :: 3. sep 2019, 15:31

Kul, sem dodal še manjši fix. Če prvi ukaz ostane, kot je, dela "group by" dokler se isti ponavljajo. Vsaj tako izgleda in output je potem takle:

567 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
375 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
299 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
294 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
229 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
227 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
181 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
178 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
151 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
148 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0
138 Mozilla/5.0 (X11; Linux x86_64; rv:66.0) Gecko/20100101 Firefox/66.0

Če pa je prvi ukaz takole:

cut -f 6 -d'"' /var/log/nginx/access.log | sort -n -r > /home/user1/useragent/ualist.txt

Potem pa je output res group by in se ne ponavlja.

S tem se da pogledat, približno kdo in koliko delal requeste na web strežnik. Naprimer koliko % ima posamičen browser in OS. To bi lahko potem uvozil v bazo in delal SQL stavke.

Thank u.

root@debian:/# iptraf-ng
fatal: This program requires a screen size of at least 80 columns by 24 lines
Please resize your window

Zgodovina sprememb…

spremenilo: HotBurek (3. sep 2019 ob 15:33)

Invictus :: 3. sep 2019, 16:09

Inštaliraj logstash, butni v bazo, in delaj pol tam sumarizacijo.

Pa resno briši bazo, po možnosti razbij bazo na dnevne particije, ki jih potem zbrišeš.

Več kot en teden logov večinoma ne rabiš.

"Life is hard; it's even harder when you're stupid."

http://goo.gl/2YuS2x

Vredno ogleda ...

	Tema	Sporočila	Ogledi	Zadnje sporočilo
	Tema	Sporočila	Ogledi	Zadnje sporočilo
»	Skripta za Bolho. 111111111111 Oddelek: Programiranje	30	4217 (1629)	planina91 2. apr 2020 11:37:47
»	"Port scan" stanje na IPv4 omrežju (strani: 1 2 ) HotBurek Oddelek: Omrežja in internet	55	8016 (6936)	AštiriL 7. okt 2019 20:10:19
»	Fake traffic generator poweroff Oddelek: Omrežja in internet	19	2054 (1250)	HotBurek 12. okt 2017 15:11:55
»	Enolično prepoznavanje brez piškotkov in naslova IP McHusch Oddelek: Novice / Zasebnost	28	7124 (4897)	Horejšio 17. jan 2017 21:10:04
»	Mozilla po 10 letih sodelovanja z Googlom podpisala z Yahoojem, ki bo nov privzet isk (strani: 1 2 ) McHusch Oddelek: Novice / Brskalniki	53	19971 (16795)	johnnyyy 21. nov 2014 08:46:59

Več podobnih tem

Zadnje novice

Zadnji članki

Išči:

Forum » Programiranje »
Fix skripte: nginx log + group by user-agent + count + sort desc

Fix skripte: nginx log + group by user-agent + count + sort desc