nginx是比较常用的web服务器器,网站架设成功后,某天访问量激增。将日志文件下载下来,分析访问来源等情况。记录分析过程。
nginx配置
多级代理获取用户真实IP地址
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
#新增内容
set_real_ip_from 100.64.0.0/10; //阿里保留地址段
set_real_ip_from 101.89.27.156; //腾讯cdn
set_real_ip_from 101.89.27.209;
set_real_ip_from 101.89.32.18;
set_real_ip_from 101.89.34.154;
set_real_ip_from 101.89.34.203;
set_real_ip_from 101.89.34.214;
set_real_ip_from 101.89.34.219;
set_real_ip_from 101.89.34.223;
set_real_ip_from 101.89.34.225;
set_real_ip_from 101.89.34.226;
set_real_ip_from 101.89.34.231;
set_real_ip_from 101.89.34.239;
set_real_ip_from 101.89.34.241;
set_real_ip_from 101.89.34.243;
set_real_ip_from 101.89.34.244;
set_real_ip_from 101.89.34.55;
set_real_ip_from 101.91.24.25;
set_real_ip_from 101.91.24.37;
set_real_ip_from 116.128.128.87;
set_real_ip_from 116.128.128.91;
set_real_ip_from 116.128.128.92;
set_real_ip_from 123.151.144.103;
set_real_ip_from 123.151.144.107;
set_real_ip_from 123.151.144.114;
set_real_ip_from 123.151.144.18;
set_real_ip_from 220.194.88.144;
set_real_ip_from 220.194.88.217;
set_real_ip_from 220.194.88.252;
set_real_ip_from 220.194.88.254;
set_real_ip_from 223.166.151.125;
set_real_ip_from 58.251.121.72;
set_real_ip_from 58.251.121.81;
set_real_ip_from 58.251.121.90;
set_real_ip_from 58.251.121.93;
set_real_ip_from 59.36.117.183;
set_real_ip_from 59.36.119.251;
set_real_ip_from 59.36.120.102;
set_real_ip_from 59.36.120.233;
set_real_ip_from 59.36.95.43;
set_real_ip_from 59.36.95.48;
set_real_ip_from 61.151.164.124;
set_real_ip_from 61.151.164.190;
set_real_ip_from 61.151.164.217;
set_real_ip_from 61.151.164.218;
set_real_ip_from 61.151.164.63;
set_real_ip_from 127.0.0.1;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
手动分析
提取日志
cat access.log | grep '29/Mar/2022' > /tmp/n.log
总请求数
cat /tmp/n.log | wc -l
按IP请求分布
cat /tmp/n.log | awk '{ print $1 }' | sort -k 1 | uniq -c | sort -rnk 1
每小时访问情况分布
cat /tmp/n.log | awk -F'[' '{print $2}' |awk -F':' '{print $1":"$2}'| sort -k 1 | uniq -c | sort -rnk 1
按访问状态码统计
cat /tmp/n.log | awk '{print $9}' | sort -k 1 | uniq -c | sort -rnk 1
按接口请求分布
cat /tmp/n.log | awk '{print $7}' | sort -k 1 | uniq -c | sort -rnk 1
利用goaccess分析
安装
yum install goaccess
修改配置文件
vim /etc/goaccess/goaccess.conf
log-format %h %^[%d:%t %^] "%r" %s %b "%R" "%u"
date-format %d/%b/%Y
time-format %H:%M:%S
分析日志
goaccess -f /tmp/n.log -p /etc/goaccess/goaccess.conf
分析日志并生成html文件
goaccess -f /tmp/n.log -p /etc/goaccess/goaccess.conf -o /opt/project/myblog/app/typecho/log.html
通过浏览器访问查看
https://itbunan.xyz/log.html
结果图见文章头部