# nginx.conf 中的日志配置示例
# 访问日志
access_log /var/log/nginx/access.log main;
# 错误日志
error_log /var/log/nginx/error.log warn;log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';# 实时查看访问日志
tail -f /var/log/nginx/access.log
# 实时查看错误日志
tail -f /var/log/nginx/error.log
# 监控特定IP的访问
tail -f access.log | grep "192.168.1.100"# 统计总请求数
wc -l access.log
# 统计独立IP数量
awk '{print $1}' access.log | sort | uniq | wc -l
# 查看最频繁访问的IP
awk '{print $1}' access.log | sort | uniq -c | sort -nr | head -20# 统计HTTP状态码分布
awk '{print $9}' access.log | sort | uniq -c | sort -rn
# 统计请求方法分布
awk '{print $6}' access.log | cut -d'"' -f2 | sort | uniq -c
# 统计最常访问的URL
awk '{print $7}' access.log | sort | uniq -c | sort -rn | head -20
# 统计每个IP的请求数
awk '{a[$1]++} END{for(i in a) print i, a[i]}' access.log | sort -k2 -nr# 查找404错误
grep " 404 " access.log
# 查找POST请求
grep '"POST' access.log
# 查找特定时间段日志
sed -n '/15\/Oct\/2023:10:/,/15\/Oct\/2023:11:/p' access.log
# 查找响应时间超过3秒的请求
awk '$(NF-1) > 3 {print}' access.log# 安装
apt-get install goaccess # Debian/Ubuntu
yum install goaccess # CentOS/RHEL
# 基本使用
goaccess access.log
# 生成HTML报告
goaccess access.log -o report.html --log-format=COMBINED
# 实时分析
tail -f access.log | goaccess - # 配置awstats分析nginx日志
LogFile="/var/log/nginx/access.log"
LogFormat=1
SiteDomain="yourdomain.com"
HostAliases="localhost 127.0.0.1"#!/bin/bash
# analyze_response_time.sh
LOG_FILE=$1
THRESHOLD=${2:-1} # 默认阈值1秒
echo "响应时间超过${THRESHOLD}秒的请求:"
echo "====================================="
awk -v threshold=$THRESHOLD '
{
# 提取响应时间(最后一个字段)
resp_time = $(NF)
if (resp_time > threshold) {
printf "IP: %-15s Time: %s URL: %s Response: %ss\n",
$1, $4, $7, resp_time
}
}' $LOG_FILE | sort -k5 -nr
echo -e "\n统计信息:"
echo "总请求数: $(wc -l < $LOG_FILE)"
echo "慢请求数: $(awk -v t=$THRESHOLD '$(NF) > t {count++} END{print count}' $LOG_FILE)"#!/bin/bash
# error_monitor.sh
LOG_FILE="/var/log/nginx/access.log"
ERROR_LOG="/var/log/nginx/error.log"
REPORT_FILE="/tmp/nginx_error_report_$(date +%Y%m%d).txt"
# 统计5xx错误
echo "=== 5xx错误统计 ===" > $REPORT_FILE
grep -E '" 5[0-9]{2} ' $LOG_FILE | awk '{print $9,$7}' | sort | uniq -c | sort -rn >> $REPORT_FILE
# 统计4xx错误
echo -e "\n=== 4xx错误统计 ===" >> $REPORT_FILE
grep -E '" 4[0-9]{2} ' $LOG_FILE | awk '{print $9,$7}' | sort | uniq -c | sort -rn >> $REPORT_FILE
# 错误日志中的最新错误
echo -e "\n=== 最新错误日志(最近10条)===" >> $REPORT_FILE
tail -n 10 $ERROR_LOG >> $REPORT_FILE
# 发送邮件通知(可选)
# mail -s "Nginx错误报告 $(date)" admin@example.com < $REPORT_FILE# /etc/logrotate.d/nginx
/var/log/nginx/*.log {
daily
missingok
rotate 14
compress
delaycompress
notifempty
create 0640 www-data adm
sharedscripts
postrotate
[ ! -f /var/run/nginx.pid ] || kill -USR1 `cat /var/run/nginx.pid`
endscript
}# 删除30天前的访问日志
find /var/log/nginx -name "access.log.*" -mtime +30 -delete
# 压缩旧日志
find /var/log/nginx -name "*.log" -mtime +7 -exec gzip {} \;# 查找异常User-Agent
grep -E 'bot|crawler|spider|scraper' access.log | \
awk '{print $1,$12}' | sort | uniq -c | sort -rn
# 识别高频扫描IP(每分钟请求>100次)
awk '{print $1, substr($4,14,5)}' access.log | \
sort | uniq -c | awk '$1 > 100 {print $2,$3,$1}' | sort -k3 -nr# 分析特定API端点的响应时间
grep "/api/v1/" access.log | \
awk '{sum+=$(NF); count++} END{print "平均响应时间:", sum/count, "秒"}'
# 按小时统计请求量
awk '{print substr($4,14,2)}' access.log | sort | uniq -c# Filebeat配置示例 (filebeat.yml)
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/nginx/access.log
fields:
type: nginx-access
- type: log
enabled: true
paths:
- /var/log/nginx/error.log
fields:
type: nginx-error
output.elasticsearch:
hosts: ["localhost:9200"]日志分割策略
安全注意事项
性能优化
监控告警设置
| 命令 | 功能描述 |
|---|---|
awk '{print $1}' log \| sort \| uniq -c |
统计IP访问次数 |
grep -c "POST" log |
统计POST请求数 |
awk '$(NF-1) > 5' log |
查找慢请求 |
tail -n 1000 log \| goaccess |
分析最近1000条记录 |
grep "bot" log \| wc -l |
统计爬虫访问量 |
awk '{print $9}' log \| sort \| uniq -c |
统计HTTP状态码 |
通过掌握这些技巧,您可以高效地分析Nginx日志,快速定位问题,优化网站性能,并增强系统安全性。
