AWKコマンド
※ AWKにて文字列を集計したり、特定の部分を抜き取ったりする事が可能です。
Web Logの確認
※ログの出力に関しては、Webサーバーの設定に依存するのでawkで選択する列($#)に関しては適宜読み替えて下さい。
- IP Address
[root@ip-172-30-2-38 httpd]# cat access_log | head -n 3
54.85.94.101 - - [31/Oct/2021:03:16:34 +0000] "POST / HTTP/1.1" 405 55 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
54.85.94.101 - - [31/Oct/2021:03:16:34 +0000] "GET /.env HTTP/1.1" 404 81 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
51.222.253.3 - - [31/Oct/2021:03:24:54 +0000] "GET /others HTTP/1.1" 200 3724 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
[root@ip-172-30-2-38 httpd]#
[root@ip-172-30-2-38 httpd]# cat access_log | grep "31/Oct/2021:10" | awk {'print$1'} | sort | uniq -c | sort -nr | head -n 10
2 216.244.66.227
2 135.125.246.189
1 27.220.6.169
1 209.141.51.171
1 209.141.41.12
[root@ip-172-30-2-38 httpd]#
- 1分間のリクエスト数を確認
[root@ip-172-30-2-38 httpd]# cat access_log | grep "20.113.25.177" | awk '{print $4}' | sed -e "s/^\([^:]*\):\(.*\)$/\2/" | head
20:47:33
20:47:33
02:12:34
02:12:35
04:23:06
04:23:06
10:27:37
10:27:37
18:53:22
18:53:22
[root@ip-172-30-2-38 httpd]# cat access_log | grep "20.113.25.177" | awk '{print $4}' | sed -e "s/^\([^:]*\):\(.*\)$/\2/" | cut -c 1-5 | sort | uniq -c | sort -nr | head -n 10
67 01:44
50 18:54
45 18:53
14 01:45
14 01:43
2 20:47
2 10:27
2 04:23
2 02:12
[root@ip-172-30-2-38 httpd]#
- Agent
[root@ip-172-30-2-38 httpd]# cat access_log | awk {'print$12,$13,$14,$15,$16'} | sort | uniq -c | sort -nr | head -n 10
515 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
213 "Mozilla/5.0 (Windows NT 10.0; Win64;
199 "python-requests/2.26.0"
83 "Mozilla/5.0 (Macintosh; Intel Mac OS
83 "-"
78 "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36
74 "Go-http-client/1.1"
51 "Mozilla/5.0 (X11; Ubuntu; Linux x86_64;
49 "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"
43 "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
[root@ip-172-30-2-38 httpd]#
- Protocol Version
[root@ip-172-30-2-38 httpd]# cat access_log | awk {'print $8'} | sort | uniq -c | sort -nr | head -n 10
1984 HTTP/1.1"
39 HTTP/1.0"
30 285
3 400
[root@ip-172-30-2-38 httpd]#
- 特定の文字列を含む列(same as grep)
[root@ip-172-30-2-38 httpd]# cat access_log | awk '{if ($12 ~ /Mozilla/) print $12}' | sort | uniq -c | sort -nr
1408 "Mozilla/5.0
3 "Mozilla/5.0"
3 "Mozilla/4.0
2 "Mozilla
[root@ip-172-30-2-38 httpd]#
[root@ip-172-30-2-38 httpd]# cat access_log | awk '{if ($12 ~ /Mozilla/) print $16,$17,$18,$19,$20}' | sort | uniq -c | sort -nr | head
501 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129
244 Win64; x64) AppleWebKit/537.36 (KHTML, like
196
68 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183
64 WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
42 OS X 10.15; rv:77.0) Gecko/20100101
34 x86_64; rv:71.0) Gecko/20100101 Firefox/71.0"
28 4.4.2; en-US; HM NOTE 1W
20 OS X 10_15_7) AppleWebKit/537.36 (KHTML,
20 AppleWebKit/537.36 (KHTML, like Gecko) Mobile
[root@ip-172-30-2-38 httpd]#
[root@ip-172-30-2-38 httpd]# cat access_log | awk '$12 ~ /Mozilla/ {print $16,$17,$18,$19,$20}' | sort | uniq -c | sort -nr | head
501 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129
244 Win64; x64) AppleWebKit/537.36 (KHTML, like
196
68 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183
64 WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
42 OS X 10.15; rv:77.0) Gecko/20100101
34 x86_64; rv:71.0) Gecko/20100101 Firefox/71.0"
28 4.4.2; en-US; HM NOTE 1W
20 OS X 10_15_7) AppleWebKit/537.36 (KHTML,
20 AppleWebKit/537.36 (KHTML, like Gecko) Mobile
[root@ip-172-30-2-38 httpd]#
[root@ip-172-30-2-38 httpd]# cat access_log | awk '/Mozilla/ {print $12}' | sort | uniq -c | sort -nr | head
1410 "Mozilla/5.0
3 "Mozilla/5.0"
3 "Mozilla/4.0
2 "Mozilla
1 "Linux
[root@ip-172-30-2-38 httpd]#
文字列をAWKにて処理
shinya@DESKTOP-8BDL7KA:~/note$ cat note.txt| awk '{print $1}'
1
2
3
4
5
6
7
8
9
10
shinya@DESKTOP-8BDL7KA:~/note$ cat note.txt | awk '{sum += $1 } END { print sum }'
55
shinya@DESKTOP-8BDL7KA:~/note$ calc
C-style arbitrary precision calculator (version 2.12.7.2)
Calc is open software. For license details type: help copyright
[Type "exit" to exit, or "help" for help.]
; 1+2+3+4+5+6+7+8+9+10
55
;