在Debian系统下分析Nginx日志可以通过多种方法和工具进行,以下是一些常用的方法:
sudo apt-get install goaccess
/usr/local/etc/goaccess/goaccess.conf 文件,根据你的Nginx日志格式配置时间格式、日期格式和日志格式。例如:time-format %h:%m:%s
date-format %d/%b/%y
log-format %h - %^ [%d:%t %^] "%r" %s %b "%r" "%u"
goaccess /path/to/nginx/access.log -a
#!/bin/bash
LOG_FILE=$1
# 统计访问最多的10个IP
echo "统计访问最多的10个IP"
awk '{a[$1]++}END{print "UV:",length(a);for(v in a)print v,a[v]}' "$LOG_FILE" |sort -k2 -nr |head -10
# 统计时间段访问最多的IP
echo "----------------------"
echo "统计时间段访问最多的IP"
awk '$4>="[01/Dec/2020:13:20:25" && $4<="[27/Nov/2018:16:20:49"{a[$1]++}END{for(v in a)print v,a[v]}' "$LOG_FILE" |sort -k2 -nr|head -10
# 统计访问最多的10个页面
echo "----------------------"
echo "统计访问最多的10个页面"
awk '{a[$7]++}END{print "PV:",length(a);for(v in a){if(a[v]>10)print v,a[v]}}' "$LOG_FILE" |sort -k2 -nr
# 统计访问页面状态码数量
echo "----------------------"
echo "统计访问页面状态码数量"
awk '{a[$7" "$9]++}END{for(v in a){if(a[v]>5)print v,a[v]}}' "$LOG_FILE" |sort -k3 -nr
chmod +x nginx_log_analysis.sh
./nginx_log_analysis.sh /path/to/nginx/access.log
journalctl 命令可以查看Nginx的日志,例如查看最近的系统启动日志:journalctl -b
journalctl -u nginx
journalctl --since "2023-01-01" --until "2023-01-31"
nano、vim、emacs 等)打开并编辑日志文件,例如:sudo nano /var/log/nginx/access.log
log_format access_json ' {"@timestamp":"$time_iso8601",'' "host":"$server_addr",'' "clientip":"$remote_addr",'' "size":$body_bytes_sent,'' "responsetime":$request_time,'' "upstreamtime":"$upstream_response_time",'' "upstreamhost":"$upstream_addr",'' "request":"$request",'' "uri":"$uri",'' "domain":"$host",'' "x_forwarded_for":"$http_x_forwarded_for",'' "referer":"$http_referer",'' "tcp_xff":"$proxy_protocol_addr",'' "http_user_agent":"$http_user_agent",'' "status":"$status"}' ;
access_log /var/log/nginx/access.log access_json;
通过上述方法,可以对Debian系统上的Nginx日志进行详细的分析,帮助识别潜在的问题和性能瓶颈。