Displaying httpd log file entries per minute
$ sed -n 's/.*20[0-9][0-9]:\(.*\):.. +0.00.*/\1/p' "$@" | uniq -c
tail -fon the access log file and entries are whizzing up the screen, so it certainly seems to be doing something right.
bindirectory, do the following:
$ mkdir -p ~/bin
$ cat > ~/bin/apache.byminute
sed -n 's/.*20[0-9][0-9]:\(.*\):.. +0.00.*/\1/p' "$@" | uniq -c
$ chmod +x ~/bin/apache.byminute
$ export PATH=$PATH:~/bin
bashshell script file called
apache.byminuteand made it available as a command on your command line.
~/.bash_profileif it’s not already there, then it will be available to you next time you log in.
$ apache.byminute /var/log/httpd/access_log
grepto get only the patterns that are of interest.
$ grep 'GET /wp-admin/admin.php' /var/log/httpd/apache_access.log | apache.byminute
grepcommand is looking for the pattern
/wp-admin/admin.phpin the file
apache_access.log. Only lines containing that pattern will be in the output of
grep. Lines recording the GETting of jpegs, css, js, etc will not be counted.
sedcommand is looking for the pattern
\(.*\)“, the backslash-escaped parentheses mark a part of the pattern for later use in the second part of the sed expression. The substitution pattern “
\1” is then used to output only the part of the string matching the pattern within the backlash-escaped parentheses
uniq. But not just any old
uniqhas the option
-c, which means “display each duplicated line only once with a count of duplicate lines before the line”
/wp-admin/admin.phpwas fetched 317 times in the minute beginning at 20:57, 221 times at 20:58, only 4 times at 20:59 and 244 times at 21:00.
sed‘s regular expression to display just hours, or hours, minutes and seconds, or even hours, minutes and tens of seconds; the ideal pattern depends on the busy-ness of your server.
grep, you can issue commands to get any patterns that are of interest to you. You have massive flexibility to search for different things in a very short space of time. You can see what’s happening in real time if you use
tail -fto get the output of the log file as it appears and pipe it through the command:
$ tail -f access_log | apache.byminute
sedwith an appropriate regular expression to cut out the pattern that is of immediate interest
uniq -cto count the occurrences of those patterns
Popcorn, Nachos und Code!
Hamburg 29. und 30. September 2016 – code.talks