有人能帮我用一个 shell 脚本找出指定时间范围内访问日志中 500 个 HTTP 响应条目的数量吗?
答案1
您可以使用awk在指定的时间范围内进行过滤:
# awk '$9 == "500" && $4 <= to && $4 >= from { print $0 }' from="[02/Aug/2011:14:30:00 +0700]" to="[02/Aug/2011:14:32:00 +0700]" /path/to/your/access_log | wc -l
状态代码和时间戳字段的顺序可能不同。还请将from和更改to为您正在使用的相应格式。
答案2
好的。您可以转换为纪元时间来进行比较:
#!/bin/bash
from=$(date -d "$(echo "$1" | awk 'BEGIN { FS = "[/:]"; } { print $1" "$2" "$3" "$4":"$5":"$6 }')" +%s)
to=$(date -d "$(echo "$2" | awk 'BEGIN { FS = "[/:]"; } { print $1" "$2" "$3" "$4":"$5":"$6 }')" +%s)
while read line
do
date=$(echo $line | awk '{ print substr($4, 2, length($4)-1) }' | awk 'BEGIN { FS = "[/:]"; } { print $1" "$2" "$3" "$4":"$5":"$6 }')
date=$(date -d "$date" +%s)
[[ $date -ge $from && $date -le $to ]] && echo $line
done < $3
并使用如下方式调用它:
./log_filtering.sh 30/Jul/2011:15:55:44 02/Aug/2011:01:00:00 access_log
我正尝试用一行来写。
处理awk:
#!/bin/awk -f
function toEpoch(t, a) {
split(t, a, "[/:]")
split("Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec", monthname, " ")
for (i=1; i<=12; i++) month[monthname[i]] = i
a[2] = month[a[2]]
return(mktime(a[3]" "a[2]" "a[1]" "a[4]" "a[5]" "a[6]))
}
BEGIN {
start = toEpoch(starttime)
end = toEpoch(endtime)
}
{ date = toEpoch(substr($4, 2, length($4)-1)) }
( date >= start ) && ( date <= end )
并传递以下参数-v:
gawk -f log_filtering.awk -v starttime=30/Jul/2011:04:12:24 -v endtime=02/Aug/2011:04:12:27 access_log