查询一个时间,哪些ip访问量最多
grep '05/Apr/2017:14:27' /home/logs/nginx/access_main.log|awk '{print $NF}'| sort | uniq -c | sort -nr | head -n 10
查询ip在干吗
grep '201.161.174.64' /home/logs/nginx/access_main.log |more
如果这个ip不正确
到/home/shell/fw.sh里面,把这个ip屏蔽掉。
/sbin/iptables -I INPUT -s 201.161.174.64 -j DROP
然后重启防火墙
/home/shell/fw.sh
nginx的log_format一般这样写
- log_format main '$remote_addr - $remote_user [$time_local] "$request" '
- '$status $body_bytes_sent "$http_referer" '
- '"responsetime":$request_time '
- '"upstreamtime":"$upstream_response_time" '
- '"$http_user_agent" $http_x_forwarded_for $remote_addr';