#!/usr/bin/python
#coding=utf8
log_file = "/usr/local/nginx/logs/access.log"
with open(log_file) as f:
contexts = f.readlines()
# define ip dict###
ip = {} # key為ip資訊,value為ip數量(若重複則只增加數量)
flow = {} # key為ip資訊,value為流量總和
sum = 0
for line in contexts:
# count row size of flow
size = line.split()[9]
# print ip
ip_attr = line.split()[0]
# count total size of flow
sum = int(size) + sum
if ip_attr in ip.keys(): # if ip repeated,如果ip重複就將ip數量加一,而流量繼續疊加
# count of ip plus 1
ip[ip_attr] = ip[ip_attr] + 1
# size of flow plus size
flow[ip_attr] = flow[ip_attr] + int(size)
else:
# if ip not repeated
# define initial values of count of ip and size of flow
ip[ip_attr] = 1
flow[ip_attr] = int(size)
print(ip)
print(flow)
print(sum/1024/1024)
現在有nginx的訪問日誌:
[root@weblogic ~]# cat access.log 192.168.223.1 - - [18/Jul/2017:10:21:25 +0800] "GET /favicon.ico HTTP/1.1" 192.168.223.136:8080 404 24 "http://192.168.223.136:8080/proxy_path/index.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [17/Jul/2017:17:06:44 +0800] "GET /index.html HTTP/1.0" "192.168.223.136" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" "192.168.223.1" 192.168.223.1 - - [18/Jul/2017:10:30:12 +0800] "GET /proxy_path/index.html HTTP/1.1" 192.168.223.136:8080 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [18/Jul/2017:10:30:12 +0800] "GET /index.html HTTP/1.0" "192.168.223.137" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "192.168.223.1" 192.168.223.1 - - [18/Jul/2017:10:38:38 +0800] "GET /proxy_path/index.html HTTP/1.1" 192.168.223.136:8080 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [18/Jul/2017:10:38:38 +0800] "GET /index.html HTTP/1.0" "192.168.223.136:80" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "192.168.223.1" 192.168.223.1 - - [18/Jul/2017:10:45:07 +0800] "GET /proxy_path/index.html HTTP/1.1" 192.168.223.136:8080 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [18/Jul/2017:10:45:07 +0800] "GET /index.html HTTP/1.0" "192.168.223.136:80" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "192.168.223.1" 192.168.223.1 - - [18/Jul/2017:10:51:25 +0800] "GET /proxy_path/index.html HTTP/1.1" 192.168.223.136:8080 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [18/Jul/2017:10:51:25 +0800] "GET /index.html HTTP/1.0" "192.168.223.136:80" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "192.168.223.1"
利用python將nginx的ip進行統計
思路:將檔案內容一行一行都出來,然後進行字串strip().split(),得到一個列表,列表的第一個元素就是ip的內容
初始化一個空字典,用key表示ip內容,value表示該ip的個數,如果ip重複了,則將value進行增加:
[root@weblogic ~]# cat nginx.py #!/usr/bin/python #coding=utf8 log_file = "/root/access.log" ip = {} with open(log_file) as f: for i in f.readlines(): print i.strip().split()[0] ip_attr = i.strip().split()[0] if ip_attr in ip.keys(): # 如果ip存在於字典中,則將該ip的value也就是個數進行增加 ip[ip_attr] = ip[ip_attr] + 1 else: ip[ip_attr] = 1 print ip
獲取執行結果:
[root@weblogic ~]# python nginx.py 192.168.223.1 192.168.223.136 192.168.223.1 192.168.223.136 192.168.223.1 192.168.223.136 192.168.223.1 192.168.223.136 192.168.223.1 192.168.223.136 {'192.168.223.1': 5, '192.168.223.136': 5}