Last Updated: February 25, 2016

·

8.357K

· pmaoui

AWK to explore your access log files

Global usage

Line that match a particular word :

awk '/foo1/' foo.txt

Print only specific field (splitted by whitespace character) :

awk '{print $2,$4,$NF;}' file.txt

NF is the total number of fields in a record

Print only specific field (splitted by ":") :

awk -F : '{print $2,$4;}' file.txt

access.log of apache2

Display IP address for a specific resource :

"http://www.url.com/foo1" access.log.log|awk '{print $1;}'

To count unique access to a specific resource:

awk -F'[ "]+' '$7 == "/foo1/image.jpg" { ipcount[$1]++ }
    END { for (i in ipcount) {
        printf "%15s - %d\n", i, ipcount[i] } }' /var/log/apache2/access.log
    }
}

To detect flooded paths (count how much one ip try to request)

head -500 access.log | sed 's/[0-9]*//g' | awk '{url[$1$8]++} END{for (i in url) {print url[i], i}}' | sort -nr

tail -5000 access.log | sed 's/[0-9]*//g' | awk '{url[$1$8]++} END{for (i in url) {print url[i], i}}' | sort -n

Written by pmaoui

Related protips

Remote Access to IPython Notebooks via SSH

302.5K

24

Find all the IP ranges on an ASN

229K

0

$#, $@ & $?: Bash Built-in variables

199.9K

2

Have a fresh tip? Share with Coderwall community!

Best #Linux Authors

302.5K

258K

201.7K

198K

projectcleverweb

166.4K

Related Tags

#native_company#

Filed Under

Awesome Job

Post a job for only $299

Thanks to our sponsor

#native_title# #native_desc#