线上经常有被扫描的DDoS攻击事件,需要集合日志进行分析,这里有两种方法,分别是通过shell和python的方式.
一、shell
'''<1>shell一句命令分析 http://blog.51cto.com/hellocjq/1902083
cat jyall.access.log.20180407| awk '{ip[$(NF-1)]++}END{for(i in ip){print ip[i],i}}'| sort -rn >> awk_result
'''
二、
#!/usr/bin/env python
# coding=utf-8
#auth:arun
import commands,os
'''
过滤ip地址并进行统计
'''
a={}
with open('/tmp/info_ip', 'r') as file:
for i in file.readlines():
for ip in i.split('
'):
try:
a[ '%s' % ip ] = a[ '%s' % ip ] + 1
except:
a[ '%s' % ip ] = 1
for x,y in a.items():
print "{}:{}".format(x.split("
")[0],y)
'''<2>
cat wg-stargate-web-3-stargate.ele.me.access.log.20180407|awk '{print $(NF-1)}' >> /tmp/info_ip
python /006_eleallproject/004_ele_devops_work/000_git/hacker_minimart/checkip.py >> /tmp/analyallip
sort -nk 2 -t: /tmp/analyallip >> py_result
'''