shell日志分析脚本

#!/bin/bash
###########################################
#
#      version:    3.0.0
#         creator:    zenghui       
#         datetime:   05/06/2015
#
###########################################
#判断命令行参数
if [ "$1" = "-f" ] && [ "$2" != "" ]
then
access_log="$2"

#定义输入时间
function feng() {
    read -p "请输入开始时间(10:30:00)秒数不输入默认为00: " a
    read -p "请输入结束时间(10:35:00)秒数不输入默认为00: " b
    if [[ "$a" =~ ^[0-9]{2}:[0-9]{2}:[0-9]{2}$ ]]
    then
        time_qing=`date +'['%d/%b/%Y:`$a
    else
        time_qing=`date +'['%d/%b/%Y:`$a":00"
    fi

    if [[ "$b" =~ ^[0-9]{2}:[0-9]{2}:[0-9]{2}$ ]]
    then    
        time_hou=`date +'['%d/%b/%Y:`$b
    else
        time_hou=`date +'['%d/%b/%Y:`$b":00"
    fi
    awk_value=`awk -v a=$time_qing -v b=$time_hou 'BEGIN{if (a>b) print "yes"}'`
}

#定义主菜单
function menu() {
    clear
    echo -e "****************33[34;7m 日志统计33[0m*********************"
    echo "*            1、全站统计                    *"
    echo "*            2、以时间统计                  *"
    echo "*            3、exit                        *"
    echo "*********************************************"    
}


#定义全站统计共享函数
function cmdquanz() {
        echo "$total"
        read -p "请输入编号显示ip的url记录: " totip
        tot=`echo "$total" | awk -v totip="$totip" '{if ($1 == totip) print $3}'`
    tempfile=`mktemp`
        temp1=`mktemp`
        temp2=`mktemp`
        echo $tempfile' '$temp1' '$temp2
        cat "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $0}'> $tempfile
        awk '{print "33[31m "$7" 33[0m""33[32m "$10/1024/1024"MB 33[0m"}' $tempfile > $temp1
        awk -F'"' '{print "33[34m "$6" 33[0m"}' $tempfile > $temp2
        paste $temp1 $temp2 | sort | uniq -c | sort -nr |more
        #echo $tot
        #cat "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $7}' | sort | uniq -c | sort -nr |more
        read -p "q退出上一级，Enter 继续" i
        if [ "$i" = "q" ];then
                quanz
        else
                clear
                cmdquanz
        fi
}

#iptables函数
function Iptables() {
    echo -e "*******************33[34;7m 功能选择33[0m******************"
    echo "*            1、显示ip的url、agent          *"
    echo "*            2、将ip加入iptables            *"
    echo "*            3、将ip加入nginx黑名单         *"
    echo "*            4、exit                        *"
    echo "*********************************************"
    read -p "请输入您要选择的编号： " Ipt
}

function Ima() {
    echo -e "*****************33[34;7m 功能选择33[0m****************************"
    echo  "*            1、单个ip加入nginx黑名单                *"
    echo  "*            2、全加入nginx黑名单                    *"
    echo  "*            3、回上一级                             *"
    echo  "*            4、exit                                 *"
    echo  "******************************************************"
    read -p "请输入您要选择的编号： " imge
}

#定义访问都是静态文件函数
function Images() {
    read -p "输入你要查询的关键字(jpg,js,html)：" gjz
        feng
        jpg_ip=`cat /var/log/nginx/access_www.log |awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' | awk -v gjz=$gjz '{m[$1]=m[$1]+$10}{ipp[$1]=ipp[$1]+1}{if ($7 ~ gjz){a=1;ip[$1]=ip[$1]+a}}END{for(i in ip) if (ipp[i]==ip[i] && m[i]>1000000) print i,m[i]/1024/1024"MB"}' | sort -k 2 -nr | head -20 | cat -n`
    echo "$jpg_ip"
    Ima
    case $imge in
    1)
    read -p "再输入之前的ip编号(加入黑名单)：" imge_ip
    tot=`echo "$jpg_ip" | awk -v im="$imge_ip" '{if ($1 == im) print $2}'`
    nginx_black
        read -p "Enter 继续"
        shij;;
    2)
    read -p "确定请按Y/y：" ye
    if [ "$ye" = "Y" ] || [ "$ye" = "y" ];then
    shibai=`cat /usr/local/lnmp/nginx/conf/black.list`
    chg=`echo "$jpg_ip" | awk '{print "deny "$2";"}' && cat /usr/local/lnmp/nginx/conf/black.list | sort | uniq | grep -v "58.247.43.226"`
    echo "$chg" >  /usr/local/lnmp/nginx/conf/black.list
         if [ "`/usr/local/lnmp/nginx/sbin/nginx -t > /dev/null 2>&1 && echo $?`" == "0" ];then
                    /usr/local/lnmp/nginx/sbin/nginx -s reload  > /dev/null 2>&1
                    echo "nginx 配置文件重新加载成功"
                else
                    echo "nginx 配置文件重新加载失败"
            echo "$shibai" > /usr/local/lnmp/nginx/conf/black.list
        fi
        fi
    read -p "Enter 继续"
    shij;;
    3)
    shij;;
    *)
    exit;;
    esac
}

＃定义nginx黑名单
function nginx_black() {
    nginx_black=/usr/local/lnmp/nginx/conf/black.list
    if [ "$tot" != "" ];then
        cat /usr/local/lnmp/nginx/conf/black.list | grep "$tot" || echo "deny $tot;">>$nginx_black
       echo "$tot 已加入nginx黑名单"
    if [ "`/usr/local/lnmp/nginx/sbin/nginx -t > /dev/null 2>&1 && echo $?`" == "0" ];then
        /usr/local/lnmp/nginx/sbin/nginx -s reload  > /dev/null 2>&1
        echo "nginx 配置文件重新加载成功"
    else
        echo "nginx 配置文件重新加载失败"
    fi
    fi
}

#定义以时间统计共享函数
function cmdshij() {
        echo "$total"
        read -p "请输入编号: " totip
        tot=`echo "$total" | awk -v totip="$totip" '{if ($1 == totip) print $3}'`   #获取ip
    Iptables
    
    #对ip进行整理输出
    case $Ipt in
    1)
        echo $tot' ptr'`dig -x $tot +short`
    tempfile=`mktemp`
    temp1=`mktemp`
    temp2=`mktemp`
    echo $tempfile' '$temp1' '$temp2
    awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}' "$access_log" | awk -v tot=$tot '{if ($1 == tot) print $0}'> $tempfile
    awk '{print "33[31m "$7" 33[0m""33[32m "$10/1024/1024"MB 33[0m"}' $tempfile > $temp1
    awk -F'"' '{print "33[34m "$6" 33[0m"}' $tempfile > $temp2
    paste $temp1 $temp2 | sort | uniq -c | sort -nr |more
    read -p "q退出上一级，Enter继续" i
    if [ "$i" = "q" ];then
        shij
    else
        clear
        cmdshij
    fi;;
    2)
    if [ "$tot" != "" ];then
        iptables -L -n | grep "$tot" >/dev/null || iptables -I INPUT -s $tot -j DROP
        echo "$tot 已加入iptables"
    fi
    read -p "q退出上一级，Enter继续" i
        if [ "$i" = "q" ];then
                shij
        else
        clear
                cmdshij
        fi;;
    3)
    nginx_black
        read -p "q退出上一级，Enter继续" i
        if [ "$i" = "q" ];then
                shij
        else
                clear
                cmdshij
        fi;;
    *)
    exit;;
    esac

}

#定义全站统计函数
function quanz() {
    clear
    echo -e "****************33[34;7m全站统计33[0m*********************"
    echo "*            1、以流量排序                  *"
    echo "*            2、以ip个数排序                *"
    echo "*            3、回上一级                    *"
    echo "*            5、退出                        *"
    echo "*********************************************"
read -p "请输入编号: " qz
case $qz in 
    1)
    total=`awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' "$access_log" | sort -nr | head -20| cat -n`
    cmdquanz
    quanz;;
    2)
    total=`awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' "$access_log" | sort -k 3 -nr | head -20| cat -n`
    cmdquanz
    quanz;;
    3)
    menu;;
    *)
    exit;;
esac
}

#定义以时间统计函数
function shij() {
    clear
    echo -e "****************33[34;7m以时间统计33[0m*******************"
    echo "*            1、以流量排序                  *"
    echo "*            2、以ip个数排序                *"
    echo "*            3、时间段ip总数                *"
    echo "*            4、时间段全访问jpg or html     *"
    echo "*            5、回上一级                    *"
    echo "*            6、退出                        *"
    echo "*********************************************"
read -p "请输入编号: " sj
case $sj in
    1)
    feng
    if [ ${awk_value:-no} = "yes" ] || [ "$a" = "" ] || [ "$b" = "" ]
    then
        clear
        echo "输入有误,请重新输入"
        shij
    else
        total=`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}'  "$access_log"| awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' | sort -nr | head -20 | grep -v "e-" | cat -n`
        cmdshij
        shij
    fi;;
    2)
        feng
        if [ ${awk_value:-no} = "yes" ] || [ "$a" = "" ] || [ "$b" = "" ]
        then
        clear
            echo "输入有误,请重新输入"
            shij
        else
            total=`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}'  "$access_log"| awk '{a[$1]=a[$1]+$10;++b[$1]}END{for(i in a)print a[i]/1024/1024"MB",i,b[i]}' | sort -k 3 -nr | head -20| cat -n`
        cmdshij
            shij
        fi;;
    3)
    feng
    echo "ip总数: ""`awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}'  "$access_log"| awk '{print $1}' | sort | uniq -c | wc -l`"
    awk -v a=$time_qing -v b=$time_hou '{if ($4>a && $4<b) print $0}'  "$access_log"| awk '{print $1}' | sort | uniq -c | sort -nr |more 
        read -p "Enter 继续"
    shij;;
    4)
    Images;;
    5)
    menu;;
    *)
    exit;;
esac
}

#循环显示
while true
do
menu
read -p "请输入编号： " bh
case $bh in
    1)
    quanz;;
    2)
    shij;;
    *)
    exit;;
esac
done
#初始化变量aa
elif [ "${aa:--h}" = "-h" ]
then
    echo "运行: ./datalog_ip_sort.sh -f 日志文件"
fi