例如要过滤 nginx 的 access 日志,access 日志大概长这样:
89.248.165.21 - - [19/Nov/2022:22:25:44 +0800] "\x03\x00\x00\x13\x0E\xE0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x02\x00\x00\x00" 400 157 "-" "-" "-"
141.255.166.2 - - [19/Nov/2022:22:27:16 +0800] "GET / HTTP/1.1" 502 157 "-" "Hello World" "-"
通过下面的 awk 命令来统计IP 出现的次数和最后的访问时间
head -n 30 access.log-20221108 | awk -F '[][ ]' '
{
iptime[$1] = $5;
ipcnt[$1] = ipcnt[$1] + 1
}
END{
for (k in iptime) {
print iptime[k], "\t", ipcnt[k], "\t", k
}
}' | sort -n -k 2 -r
07/Nov/2022:17:58:14 3 167.94.138.120
07/Nov/2022:16:31:11 3 113.219.249.245
07/Nov/2022:18:44:45 2 8.219.119.144
07/Nov/2022:17:58:24 2 116.213.38.106
07/Nov/2022:17:39:50 2 185.122.204.30
07/Nov/2022:17:22:46 2 51.159.164.227
07/Nov/2022:16:31:01 2 211.95.50.8
07/Nov/2022:16:31:01 2 125.124.63.167
07/Nov/2022:16:31:00 2 101.227.1.199
07/Nov/2022:16:27:24 2 109.237.97.180
07/Nov/2022:17:44:29 1 60.217.75.70
07/Nov/2022:16:48:43 1 92.118.39.78
07/Nov/2022:16:45:26 1 43.246.208.2
07/Nov/2022:16:42:53 1 220.196.160.144
07/Nov/2022:16:34:35 1 183.103.226.212
07/Nov/2022:16:31:04 1 101.227.1.198
07/Nov/2022:16:30:49 1 94.102.61.10
07/Nov/2022:16:30:48 1 111.7.96.150
参考:https://unix.stackexchange.com/questions/183279/how-to-view-all-the-content-in-an-awk-array