AWKにてドキュメントやログの確認

calculate by awk

AWKコマンド

awk

※ AWKにて文字列を集計したり、特定の部分を抜き取ったりする事が可能です。

Web Logの確認

※ログの出力に関しては、Webサーバーの設定に依存するのでawkで選択する列($#)に関しては適宜読み替えて下さい。

  • IP Address
[root@ip-172-30-2-38 httpd]# cat access_log | head -n 3
54.85.94.101 - - [31/Oct/2021:03:16:34 +0000] "POST / HTTP/1.1" 405 55 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
54.85.94.101 - - [31/Oct/2021:03:16:34 +0000] "GET /.env HTTP/1.1" 404 81 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"
51.222.253.3 - - [31/Oct/2021:03:24:54 +0000] "GET /others HTTP/1.1" 200 3724 "-" "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"
[root@ip-172-30-2-38 httpd]# 


[root@ip-172-30-2-38 httpd]# cat access_log | grep "31/Oct/2021:10" | awk {'print$1'} |  sort | uniq -c | sort -nr | head -n 10
      2 216.244.66.227
      2 135.125.246.189
      1 27.220.6.169
      1 209.141.51.171
      1 209.141.41.12
[root@ip-172-30-2-38 httpd]# 
  • 1分間のリクエスト数を確認
[root@ip-172-30-2-38 httpd]# cat access_log | grep "20.113.25.177" | awk '{print $4}' |  sed -e "s/^\([^:]*\):\(.*\)$/\2/"  | head
20:47:33
20:47:33
02:12:34
02:12:35
04:23:06
04:23:06
10:27:37
10:27:37
18:53:22
18:53:22

[root@ip-172-30-2-38 httpd]# cat access_log | grep "20.113.25.177" | awk '{print $4}' |  sed -e "s/^\([^:]*\):\(.*\)$/\2/" | cut -c 1-5 | sort | uniq -c | sort -nr | head -n 10
     67 01:44
     50 18:54
     45 18:53
     14 01:45
     14 01:43
      2 20:47
      2 10:27
      2 04:23
      2 02:12
[root@ip-172-30-2-38 httpd]# 

  • Agent
[root@ip-172-30-2-38 httpd]# cat access_log  | awk {'print$12,$13,$14,$15,$16'} | sort | uniq -c | sort -nr | head -n 10
    515 "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
    213 "Mozilla/5.0 (Windows NT 10.0; Win64;
    199 "python-requests/2.26.0"    
     83 "Mozilla/5.0 (Macintosh; Intel Mac OS
     83 "-"    
     78 "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36
     74 "Go-http-client/1.1"    
     51 "Mozilla/5.0 (X11; Ubuntu; Linux x86_64;
     49 "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)"  
     43 "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)" 
[root@ip-172-30-2-38 httpd]# 
  • Protocol Version
[root@ip-172-30-2-38 httpd]# cat access_log  | awk {'print $8'} |  sort | uniq -c | sort -nr | head -n 10
   1984 HTTP/1.1"
     39 HTTP/1.0"
     30 285
      3 400
[root@ip-172-30-2-38 httpd]# 
  • 特定の文字列を含む列(same as grep)
[root@ip-172-30-2-38 httpd]# cat access_log  | awk '{if ($12 ~ /Mozilla/) print $12}' |  sort | uniq -c | sort -nr 
   1408 "Mozilla/5.0
      3 "Mozilla/5.0"
      3 "Mozilla/4.0
      2 "Mozilla
[root@ip-172-30-2-38 httpd]# 

[root@ip-172-30-2-38 httpd]# cat access_log  | awk '{if ($12 ~ /Mozilla/) print $16,$17,$18,$19,$20}' |  sort | uniq -c | sort -nr | head 
    501 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129
    244 Win64; x64) AppleWebKit/537.36 (KHTML, like
    196     
     68 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183
     64 WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
     42 OS X 10.15; rv:77.0) Gecko/20100101
     34 x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" 
     28 4.4.2; en-US; HM NOTE 1W
     20 OS X 10_15_7) AppleWebKit/537.36 (KHTML,
     20 AppleWebKit/537.36 (KHTML, like Gecko) Mobile
[root@ip-172-30-2-38 httpd]# 

[root@ip-172-30-2-38 httpd]# cat access_log  | awk '$12 ~ /Mozilla/ {print $16,$17,$18,$19,$20}' |  sort | uniq -c | sort -nr | head 
    501 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129
    244 Win64; x64) AppleWebKit/537.36 (KHTML, like
    196     
     68 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183
     64 WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
     42 OS X 10.15; rv:77.0) Gecko/20100101
     34 x86_64; rv:71.0) Gecko/20100101 Firefox/71.0" 
     28 4.4.2; en-US; HM NOTE 1W
     20 OS X 10_15_7) AppleWebKit/537.36 (KHTML,
     20 AppleWebKit/537.36 (KHTML, like Gecko) Mobile
[root@ip-172-30-2-38 httpd]# 

[root@ip-172-30-2-38 httpd]# cat access_log  | awk '/Mozilla/ {print $12}' |  sort | uniq -c | sort -nr | head 
   1410 "Mozilla/5.0
      3 "Mozilla/5.0"
      3 "Mozilla/4.0
      2 "Mozilla
      1 "Linux
[root@ip-172-30-2-38 httpd]# 

文字列をAWKにて処理

shinya@DESKTOP-8BDL7KA:~/note$ cat note.txt|  awk '{print $1}'
1
2
3
4
5
6
7
8
9
10
shinya@DESKTOP-8BDL7KA:~/note$ cat note.txt |  awk '{sum += $1 } END { print sum }'
55
shinya@DESKTOP-8BDL7KA:~/note$ calc
C-style arbitrary precision calculator (version 2.12.7.2)
Calc is open software. For license details type:  help copyright
[Type "exit" to exit, or "help" for help.]

; 1+2+3+4+5+6+7+8+9+10
        55
;

カテゴリー:

最近のコメント

表示できるコメントはありません。