线上经常有被扫描的DDoS攻击事件,需要集合日志进行分析,这里有两种方法,分别是通过shell和python的方式.

一、shell

'''<1>shell一句命令分析 http://blog.51cto.com/hellocjq/1902083cat jyall.access.log.20180407| awk '{ip[$(NF-1)]++}END{for(i in ip){print ip[i],i}}'| sort -rn >> awk_result'''

二、

#!/usr/bin/env python# coding=utf-8#auth:arunimport commands,os'''过滤ip地址并进行统计'''a={}with open('/tmp/info_ip', 'r') as file:    for i in file.readlines():        for ip in i.split('\r'):            try:                a[ '%s' % ip ] = a[ '%s' % ip ] + 1            except:                a[ '%s' % ip ] = 1for x,y in a.items():    print "{}:{}".format(x.split("\n")[0],y)'''<2>cat wg-stargate-web-3-stargate.ele.me.access.log.20180407|awk '{print $(NF-1)}' >> /tmp/info_ippython /006_eleallproject/004_ele_devops_work/000_git/hacker_minimart/checkip.py >> /tmp/analyallipsort -nk 2 -t: /tmp/analyallip >> py_result'''