Agnus Dei (jackal) wrote,
Agnus Dei
jackal

parse_httpd_logs bash script

#!/bin/bash
#
# Usage
# ./parse_httpd_logs type (logfile)
# Eg: 
# parse_httpd_logs url(-summary)
#   will find top URLs in the access log entries
# parse_httpd_logs ip(-summary)
#   will find top IPs in the access log entries
# parse_httpd_logs agent(-summary)
#   will find top user agents in the log entries
# parse_httpd_logs stutus(-summary)
#   will find server status codes in the log entries

if [ $# -eq 0 ] ; then
        echo "Usage: $0 type count (logfile)"
        echo ""
        echo "Example: $0 ip"
        echo "Example: $0 ip-summary"
        echo "Example: $0 url"
        echo "Example: $0 url-summary"
        echo "Example: $0 agent"
        echo "Example: $0 agent-summary "
        echo "Example: $0 status"
        echo "Example: $0 status-epoch "
        echo "Example: $0 status-summary "
        exit
fi


type=$1

if [ "$2" == "" ]; then
  log_file="/var/log/httpd/access_log"
else
  # Sets the log file to be the second argument passed
  log_file="$2"
fi

# decide if it's cat or zcat
EXTENSION=`echo $log_file|rev | cut -d. -f1 | rev`
if [ "$EXTENSION" == "gz" ]; then
        cat_command="/bin/zcat"
else
        cat_command="/bin/cat"
fi


if [ "$type" = "ip" ]; then
  $cat_command $log_file | awk '{print $1}' | grep -o "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" 
elif [ "$type" = "ip-summary" ]; then
  $cat_command $log_file | awk '{print $1}' | grep -o "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" | sort -n | uniq -c | sort -rn
elif [ "$type" = "agent" ]; then
  $cat_command $log_file | awk -F\" '{print $6}'
elif [ "$type" = "agent-summary" ]; then
  $cat_command $log_file | awk -F\" '{print $6}'| sort -n | uniq -c | sort -rn
elif [ "$type" = "url" ]; then
  $cat_command $log_file | awk -F\" '{print $2}'
elif [ "$type" = "url-summary" ]; then
  $cat_command $log_file | awk -F\" '{print $2}'| sort -n | uniq -c | sort -rn
elif [ "$type" = "status" ]; then
  $cat_command $log_file | awk -F\" '{print $3}' | awk '{print $1}' 
elif [ "$type" = "status-summary" ]; then
  $cat_command $log_file | awk -F\" '{print $3}' | awk '{print $1}' | sort -n | uniq -c | sort -rn
elif [ "$type" = "status-epoch" ]; then
  $cat_command $log_file | /bin/awk 'BEGIN{
        m=split("Jan|Feb|Mar|Apr|May|Jun|Jul|Aug|Sep|Oct|Nov|Dec",d,"|")
        for(o=1;o<=m;o++){
        date[d[o]]=sprintf("%02d",o)
        }
        }
        {
        gsub(/\[/,"",$4); gsub(":","/",$4); gsub(/\]/,"",$5)
        n=split($4, DATE,"/")
        day=DATE[1]
        mth=DATE[2]
        year=DATE[3]
        hr=DATE[4]
        min=DATE[5]
        sec=DATE[6]
        MKTIME= mktime(year" "date[mth]" "day" "hr" "min" "sec)
        print MKTIME,$9
        }' 

fi


Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

  • 0 comments