您好,登录后才能下订单哦!
@[toc]
前言:
apache配置剖析
日志文件如何产生
管理日志的工具学习
备注:使用not禁止访问时要将其置于<RequireAll></RequireAll>容器中并在容器中指定相应的限制策略
[root@localhost html]# vim /etc/httpd/conf/extra/vhost.conf
<VirtualHost 192.168.247.150:80>
DocumentRoot "/var/www/html/kgc"
ServerName www.kgc.com
Errorlog "logs/www.kgc.com.error_log"
Customlog "logs/www.kgc.comaccess_log" common
<Directory "/var/www/html">
<RequireAll>
Require not ip 192.168.247.157
Require all granted
</RequireAll>
</Directory>
</VirtualHost>
[root@localhost html]# systemctl restart httpd
选项 -c ,代表新建用户认证数据库,若是想向现有数据库写入用户数据,不需要加-c,即可写入
[root@localhost named]# htpasswd -c /etc/httpd/conf/httppasswd zhangsan
New password:
Re-type new password:
Adding password for user zhangsan
[root@localhost named]# cat /etc/httpd/conf/httppasswd
zhangsan:$apr1$IivUd6IL$J8zc5KAHgsQsoqSkPI1EP.
[root@localhost named]# htpasswd /etc/httpd/conf/httppasswd lisi
New password:
Re-type new password:
Adding password for user lisi
[root@localhost named]# cat /etc/httpd/conf/httppasswd
zhangsan:$apr1$IivUd6IL$J8zc5KAHgsQsoqSkPI1EP.
lisi:$apr1$FRyBVvZl$FBdIus.U9PpGVvmEgyAIK0
[root@localhost named]# htpasswd -c /etc/httpd/conf/httppasswd wangermazi
New password:
Re-type new password:
Adding password for user wangermazi
[root@localhost named]# cat /etc/httpd/conf/httppasswd
wangermazi:$apr1$WwVYzzto$/ydcv1CaajW6e4Qi87D7u.
以上次配置的虚拟web主机之一为例
<VirtualHost 192.168.247.150:80>
DocumentRoot "/var/www/html/accp"
ServerName www.accp.com
Errorlog "logs/www.accp.com.error_log"
Customlog "logs/www.accp.comaccess_log" common
<Directory "/var/www/html">
authname "documentroot"
authtype basic
authuserfile /etc/httpd/conf/httppasswd
require valid-user
</Directory>
</VirtualHost>
AuthName "DocumentRoot" ————制定受保护的领域名称,就是web站点目录
AuthType Basic ————认证类型
AuthUserFile /etc/httpd/conf/httppasswd ————用户认证帐号文件,也就是刚才创建的用户认证数据库
Require valid-user ————要求通过认证才能访问
[root@localhost extra]# systemctl restart httpd
ErrorLog "| /usr/sbin/rotatelogs -l logs/error_%Y%m%d.log 86400"
CustomLog "| /usr/sbin/rotatelogs -l logs/access_%Y%m%d.log 86400" combined
备注:在实际生产环境中,一个服务器绝大多数对应N个子域名站点,为了方便同意管理,可以用虚拟主机的方式进行配置,并用网站名标识日志文件
例如:ErrorLog “| rotatelogs(命令的绝对路径) -l 日志文件路径/网站名-error_%Y%m%d.log 86400”
恢复快照,开始配置
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# setenforce 0
[root@localhost ~]#
[root@localhost ~]# yum install httpd -y
[root@localhost ~]# cd /etc/httpd/logs
[root@localhost logs]# ls
[root@localhost logs]# cd ..
[root@localhost httpd]# ls -l
total 0
drwxr-xr-x. 2 root root 37 Dec 12 20:07 conf
drwxr-xr-x. 2 root root 82 Dec 12 20:07 conf.d
drwxr-xr-x. 2 root root 146 Dec 12 20:07 conf.modules.d
lrwxrwxrwx. 1 root root 19 Dec 12 20:07 logs -> ../../var/log/httpd
lrwxrwxrwx. 1 root root 29 Dec 12 20:07 modules -> ../../usr/lib64/httpd/modules
lrwxrwxrwx. 1 root root 10 Dec 12 20:07 run -> /run/httpd
[root@localhost httpd]# systemctl start httpd
[root@localhost httpd]# ls logs
access_log error_log
[root@localhost httpd]# which rotatelogs
/usr/sbin/rotatelogs
[root@localhost httpd]# vim /etc/httpd/conf/httpd.conf
ErrorLog "| /usr/sbin/rotatelogs -l logs/error_%Y%m%d.log 86400"
CustomLog "| /usr/sbin/rotatelogs -l logs/access_%Y%m%d.log 86400" combined
[root@localhost httpd]# systemctl restart httpd
[root@localhost httpd]# ls logs
access_log error_20191212.log error_log
[root@localhost httpd]#
访问一次
access日志文件也出现了
[root@localhost httpd]# ls logs
access_20191212.log access_log error_20191212.log error_log
重新安装thppd
[root@localhost ~]# mount.cifs //192.168.254.10/linuxs /abc
Password for root@//192.168.254.10/linuxs:
[root@localhost ~]# cd /abc
[root@localhost abc]# ls
cronolog-1.6.2-14.el7.x86_64.rpm LAMP-php5.6.txt 修改网卡为静态IP地址.txt
dhcp.txt MAC 记录与端口扫描脚本.txt 开发系统监控脚本.txt
extundelete-0.2.4.tar.bz2 pxe.txt 引导系统脚本.txt
httpd2.4.2版本 pxe速成秘籍.txt 测试网段是否存活,测试存活网段的21端口.txt
john-1.8.0.tar.gz qqq.html 监控系统内存cpu磁盘容量1.0.txt
LAMP-C7 vsftpd添加虚拟用户脚本.TXT
LAMP-C7.rar 不同域名创建虚拟主机.TXT
[root@localhost abc]# cp -p cronolog-1.6.2-14.el7.x86_64.rpm /opt
-bash: ls/opt: No such file or directory
[root@localhost abc]# cd /opt
[root@localhost opt]# ls
cronolog-1.6.2-14.el7.x86_64.rpm rh
[root@localhost opt]# rpm -ivh cronolog-1.6.2-14.el7.x86_64.rpm
warning: cronolog-1.6.2-14.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Preparing... ################################# [100%]
Updating / installing...
1:cronolog-1.6.2-14.el7 ################################# [100%]
[root@localhost opt]# cron
crond cronolog cronosplit crontab
[root@localhost opt]# which cronolog
/usr/sbin/cronolog
[root@localhost opt]# systemctl stop firewalld.service
[root@localhost opt]# setenforce 0
[root@localhost opt]# vim /etc//httpd/conf/httpd.conf
ErrorLog "| /usr/sbin/cronolog logs/error_%Y%m%d.log"
CustomLog "| /usr/sbin/cronolog logs/access_%Y%m%d.log" combined
[root@localhost opt]# systemctl start httpd
[root@localhost logs]# ls
error_20191213.log
[root@localhost logs]# ls
access_20191213.log error_20191213.log
[root@localhost logs]# date -s 2019-12-31
Tue Dec 31 00:00:00 CST 2019
[root@localhost logs]# ls
access_20191213.log error_20191213.log
[root@localhost logs]# systemctl restart httpd
[root@localhost logs]# ls -l
total 12
-rw-r--r--. 1 root root 1546 Dec 13 09:11 access_20191213.log
-rw-r--r--. 1 root root 888 Dec 13 09:11 error_20191213.log
-rw-r--r--. 1 root root 750 Dec 31 00:00 error_20191231.log
[root@localhost ~]# mount.cifs //192.168.254.10/linuxs /opt
Password for root@//192.168.254.10/linuxs:
[root@localhost ~]# cd /opt
[root@localhost opt]# ls
12.17 LAMP-php5.6.txt
8.tar.gz MAC 记录与端口扫描脚本.txt
awstats-7.6.tar.gz pxe.txt
[root@localhost opt]# tar -xzf awstats-7.6.tar.gz -C /mnt
[root@localhost opt]# cd /mnt
[root@localhost mnt]# ls
12.17 awstats-7.6
[root@localhost mnt]# umount /opt
[root@localhost mnt]# ls /opt
rh
[root@localhost mnt]# mv awstats-7.6 /usr/local/awstats
awstats内的文件
[root@localhost mnt]# cd /usr/local/awstats/
[root@localhost awstats]# ls
docs README.md tools wwwroot
[root@localhost awstats]# cd tools/
[root@localhost tools]# ls
awstats_buildstaticpages.pl awstats_updateall.pl httpd_conf nginx xslt
awstats_configure.pl dolibarr logresolvemerge.pl urlaliasbuilder.pl
awstats_exportlib.pl geoip_generator.pl maillogconvert.pl webmin
备注:此时可以也配置bind和httpd进行实操演练
[root@localhost ~]# yum install bind httpd -y
Installed:
bind.x86_64 32:9.11.4-9.P2.el7 httpd.x86_64 0:2.4.6-90.el7.centos
[root@localhost tools]# vim /etc/named.conf
12 options {
13 listen-on port 53 { any; };
14 listen-on-v6 port 53 { ::1; };
15 directory "/var/named";
16 dump-file "/var/named/data/cache_dump.db";
17 statistics-file "/var/named/data/named_stats.txt";
18 memstatistics-file "/var/named/data/named_mem_stats.txt";
19 recursing-file "/var/named/data/named.recursing";
20 secroots-file "/var/named/data/named.secroots";
21 allow-query { any; };
[root@localhost tools]# vim /etc/named.rfc1912.zones
zone "kgc.com" IN {
type master;
file "kgc.com.zone";
allow-update { none; };
};
[root@localhost tools]# cp -p /var/named/named.localhost kgc.com.zone
[root@localhost tools]# vim kgc.com.zone
A 192.168.247.149
www IN A 192.168.247.149
[root@localhost named]# systemctl start named
[root@localhost named]# netstat -natp | grep named
tcp 0 0 192.168.247.149:53 0.0.0.0:* LISTEN 37654/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 37654/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 37654/named
tcp6 0 0 ::1:53 :::* LISTEN 37654/named
tcp6 0 0 ::1:953 :::* LISTEN 37654/named
[root@localhost named]# systemctl stop firewalld.service
[root@localhost named]# setenforce 0
配置httpd
[root@localhost named]# vim /etc/httpd/conf/httpd.conf
41 Listen 192.168.247.149:80
42 #Listen 80
95 ServerName www.kgc.com:80
[root@localhost named]# cd /usr/local/awstats/
[root@localhost awstats]# ls
docs README.md tools wwwroot
[root@localhost awstats]# cd tools/
[root@localhost tools]# ls
awstats_buildstaticpages.pl dolibarr logresolvemerge.pl webmin
awstats_configure.pl geoip_generator.pl maillogconvert.pl xslt
awstats_exportlib.pl httpd_conf nginx
awstats_updateall.pl kgc.com.zone urlaliasbuilder.pl
pl为结尾的是脚本文件,若是不可执行,需要额外给其增加执行权限
[root@localhost tools]# ./awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 20140126) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
-----> Running OS detected: Linux, BSD or Unix
-----> Check for web server install
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
-----------------------------------------输入配置文件路径-------------------------------------------------
> /etc/httpd/conf/httpd.conf
-----> Check and complete web server config file '/etc/httpd/conf/httpd.conf'
Add 'Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"'
Add 'Alias /awstatscss "/usr/local/awstats/wwwroot/css/"'
Add 'Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"'
Add 'ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"'
Add '<Directory>' directive
AWStats directives added to Apache config file.
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
File awstats.model.conf updated.
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
---------------------------------------------同意----------------------------------------------------
file (required if first install) [y/N] ? y
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
----------------------------------------------输入域名--------------------------------------------------
> www.kgc.com
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
--------------------------------------------默认即可,回车-------------------------------------------------
>
-----> Create config file '/etc/awstats/awstats.www.kgc.com.conf'
Config file /etc/awstats/awstats.www.kgc.com.conf created.
-----> Restart Web server with '/sbin/service httpd restart'
Redirecting to /bin/systemctl restart httpd.service
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.kgc.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
--------------------------------------------回车----------------------------------------------------
A SIMPLE config file has been created: /etc/awstats/awstats.www.kgc.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'www.kgc.com' with command:
> perl awstats.pl -update -config=www.kgc.com
You can also read your statistics for 'www.kgc.com' with URL:
> http://localhost/awstats/awstats.pl?config=www.kgc.com
//http://localhost/awstats/awstats.pl?config=www.kgc.com这个路径是登陆awstats的站点
Press ENTER to finish...
-------------------------------------------回车完成--------------------------------------------------------------------
[root@localhost tools]#
下面是awstats写入的数据
#
# Directives to allow use of AWStats as a CGI
#
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
Order allow,deny
Allow from all
</Directory>
对其进行修改
[root@localhost tools]# vim /etc/httpd/conf/httpd.conf
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
# Order allow,deny
# Allow from all
Require all granted
</Directory>
[root@localhost tools]# vim /etc/awstats/awstats.www.kgc.com.conf
50 LogFile="/var/log/httpd/access_log"
220 DirData="/var/lib/awstats"
dirdata 数据存储目录,因为这个目录不存在,所以创建这个目录
[root@localhost tools]# mkdir /var/lib/awstats
[root@localhost tools]# systemctl restart httpd
[root@localhost tools]#
备注:http://localhost/awstats/awstats.pl?config=www.kgc.com中的localhost修改为域名
[root@localhost tools]# ./awstats_updateall.pl now
Running '"/usr/local/awstats/wwwroot/cgi-bin/awstats.pl" -update -config=www.kgc.com -configdir="/etc/awstats"' to update config www.kgc.com
Create/Update database for config "/etc/awstats/awstats.www.kgc.com.conf" by AWStats version 7.6 (build 20161204)
From data in log file "/var/log/httpd/access_log"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 250
Found 0 dropped records,
Found 0 comments,
Found 0 blank records,
Found 1 corrupted records,
Found 0 old records,
Found 249 new qualified records.
[root@localhost tools]# pwd
/usr/local/awstats/tools
[root@localhost tools]# ls
awstats_buildstaticpages.pl awstats_updateall.pl httpd_conf nginx xslt
awstats_configure.pl dolibarr logresolvemerge.pl urlaliasbuilder.pl
awstats_exportlib.pl geoip_generator.pl maillogconvert.pl webmin
[root@localhost tools]#
[root@localhost tools]# crontab -e
*/5 * * * * /usr/local/awstats/tools/awstats_updateall.pl now
[root@localhost tools]# crontab -l
*/5 * * * * /usr/local/awstats/tools/awstats_updateall.pl now
[root@localhost tools]# systemctl start crond
[root@localhost tools]# systemctl enable crond
[root@localhost tools]# cd /var
[root@localhost var]# ls
account cache db games kerberos local log named opt run target www
adm crash empty gopher lib lock mail nis preserve spool tmp yp
[root@localhost var]# cd www/
[root@localhost www]# ls
cgi-bin html
[root@localhost www]# cd html/
[root@localhost html]# ls
[root@localhost html]# vim aws.html
<html>
<head>
<meta http-equiv=refresh content="0;url=http://www.kgc.com/awstats/awstats.pl?config=www.kgc.com">
</head>
<body></body>
</html>
[root@localhost html]# systemctl restart httpd
总结
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。