#!/usr/bin/python #coding=utf8 log_file = "/usr/local/nginx/logs/access.log" with open(log_file) as f: contexts = f.readlines() # define ip dict### ip = {} # key為ip資訊,value為ip數量(若重複則只增加數量) flow = {} # key為ip資訊,value為流量總和 sum = 0 for line in contexts: # count row size of flow size = line.split()[9] # print ip ip_attr = line.split()[0] # count total size of flow sum = int(size) + sum if ip_attr in ip.keys(): # if ip repeated,如果ip重複就將ip數量加一,而流量繼續疊加 # count of ip plus 1 ip[ip_attr] = ip[ip_attr] + 1 # size of flow plus size flow[ip_attr] = flow[ip_attr] + int(size) else: # if ip not repeated # define initial values of count of ip and size of flow ip[ip_attr] = 1 flow[ip_attr] = int(size) print(ip) print(flow) print(sum/1024/1024)
現在有nginx的訪問日誌:
[root@weblogic ~]# cat access.log 192.168.223.1 - - [18/Jul/2017:10:21:25 +0800] "GET /favicon.ico HTTP/1.1" 192.168.223.136:8080 404 24 "http://192.168.223.136:8080/proxy_path/index.html" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [17/Jul/2017:17:06:44 +0800] "GET /index.html HTTP/1.0" "192.168.223.136" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" "192.168.223.1" 192.168.223.1 - - [18/Jul/2017:10:30:12 +0800] "GET /proxy_path/index.html HTTP/1.1" 192.168.223.136:8080 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [18/Jul/2017:10:30:12 +0800] "GET /index.html HTTP/1.0" "192.168.223.137" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "192.168.223.1" 192.168.223.1 - - [18/Jul/2017:10:38:38 +0800] "GET /proxy_path/index.html HTTP/1.1" 192.168.223.136:8080 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [18/Jul/2017:10:38:38 +0800] "GET /index.html HTTP/1.0" "192.168.223.136:80" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "192.168.223.1" 192.168.223.1 - - [18/Jul/2017:10:45:07 +0800] "GET /proxy_path/index.html HTTP/1.1" 192.168.223.136:8080 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [18/Jul/2017:10:45:07 +0800] "GET /index.html HTTP/1.0" "192.168.223.136:80" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "192.168.223.1" 192.168.223.1 - - [18/Jul/2017:10:51:25 +0800] "GET /proxy_path/index.html HTTP/1.1" 192.168.223.136:8080 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "-" 192.168.223.136 "192.168.223.1" - - [18/Jul/2017:10:51:25 +0800] "GET /index.html HTTP/1.0" "192.168.223.136:80" 304 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36" "192.168.223.1"
利用python將nginx的ip進行統計
思路:將檔案內容一行一行都出來,然後進行字串strip().split(),得到一個列表,列表的第一個元素就是ip的內容
初始化一個空字典,用key表示ip內容,value表示該ip的個數,如果ip重複了,則將value進行增加:
[root@weblogic ~]# cat nginx.py #!/usr/bin/python #coding=utf8 log_file = "/root/access.log" ip = {} with open(log_file) as f: for i in f.readlines(): print i.strip().split()[0] ip_attr = i.strip().split()[0] if ip_attr in ip.keys(): # 如果ip存在於字典中,則將該ip的value也就是個數進行增加 ip[ip_attr] = ip[ip_attr] + 1 else: ip[ip_attr] = 1 print ip
獲取執行結果:
[root@weblogic ~]# python nginx.py 192.168.223.1 192.168.223.136 192.168.223.1 192.168.223.136 192.168.223.1 192.168.223.136 192.168.223.1 192.168.223.136 192.168.223.1 192.168.223.136 {'192.168.223.1': 5, '192.168.223.136': 5}