搜索到
99
篇与
的结果
-
网站被攻击时的应急响应脚本 #!/bin/bash # 应急响应脚本 echo "=== 安全事件分析 ===" # 查找异常IP echo "可疑IP (请求量 > 1000):" awk '{print $1}' /var/log/nginx/access.log | \ sort | uniq -c | \ awk '$1 > 1000 {print $2, $1}' | \ sort -k2 -nr # 查找SQL注入尝试 echo "SQL注入尝试:" grep -i "union\|select\|drop\|insert" /var/log/nginx/access.log | \ awk '{print $1, $7}' | \ sort | uniq -c | \ sort -nr # 查找文件包含攻击 echo "文件包含攻击:" grep -E "\.\./|etc/passwd|proc/self" /var/log/nginx/access.log | \ awk '{print $1, $7}' | head -20 -
实用系统监控脚本 #!/bin/bash # 系统资源监控脚本 THRESHOLD_CPU=80 THRESHOLD_MEM=85 THRESHOLD_DISK=90 check_system() { echo "=== 系统监控报告 $(date) ===" # CPU检查 local cpu_usage=$(top -bn1 | grep "Cpu(s)" | awk '{print $2}' | sed 's/%us,//') echo "CPU使用率: ${cpu_usage}%" if (( $(echo "$cpu_usage > $THRESHOLD_CPU" | bc -l) )); then echo "CPU使用率超过阈值 ($THRESHOLD_CPU%)" echo "TOP 5 CPU消耗进程:" ps aux | awk 'NR>1 {print $11, $3, $2}' | sort -k2 -nr | head -5 | \ awk '{printf "%-20s CPU: %6.2f%% PID: %s\n", $1, $2, $3}' fi # 内存检查 local mem_info=$(free | awk 'NR==2{printf "%.2f %.2f %.2f", $3*100/$2, $3, $2}') local mem_usage=$(echo $mem_info | awk '{print $1}') local mem_used=$(echo $mem_info | awk '{print $2}') local mem_total=$(echo $mem_info | awk '{print $3}') echo "内存使用率: ${mem_usage}% ($(echo "scale=1; $mem_used/1024/1024" | bc)G/$(echo "scale=1; $mem_total/1024/1024" | bc)G)" if (( $(echo "$mem_usage > $THRESHOLD_MEM" | bc -l) )); then echo "内存使用率超过阈值 ($THRESHOLD_MEM%)" echo "TOP 5 内存消耗进程:" ps aux | awk 'NR>1 {print $11, $4, $2}' | sort -k2 -nr | head -5 | \ awk '{printf "%-20s MEM: %6.2f%% PID: %s\n", $1, $2, $3}' fi # 磁盘检查 echo "磁盘使用情况:" df -h | awk 'NR>1 && $1 !~ /tmpfs|devtmpfs/ { usage = $5 gsub(/%/, "", usage) printf "%-20s %8s/%8s (%s)\n", $1, $3, $2, $5 if (usage > '$THRESHOLD_DISK') { printf " %s 使用率超过阈值 ('$THRESHOLD_DISK'%%)\n", $1 } }' # 网络连接检查 local tcp_connections=$(ss -t | wc -l) local established=$(ss -t state established | wc -l) echo "网络连接: TCP总数 $tcp_connections, 已建立 $established" # 负载检查 local load_avg=$(uptime | awk -F'load average:' '{print $2}' | awk '{print $1}' | sed 's/,//') echo "系统负载: $load_avg" # 检查是否有僵尸进程 local zombie_count=$(ps aux | awk '$8 ~ /^Z/ {count++} END {print count+0}') if [ $zombie_count -gt 0 ]; then echo "发现 $zombie_count 个僵尸进程" fi } check_system
-
实用日志轮转清理脚本 #!/bin/bash # 智能日志清理脚本 LOG_DIRS=("/var/log/nginx" "/var/log/apache2" "/var/log/myapp") KEEP_DAYS=30 COMPRESS_DAYS=7 cleanup_logs() { local log_dir=$1 if [ ! -d "$log_dir" ]; then echo "目录不存在: $log_dir" return fi echo "清理目录: $log_dir" # 压缩7天前的日志 find "$log_dir" -name "*.log" -mtime +$COMPRESS_DAYS -not -name "*.gz" | while read logfile; do echo "压缩: $logfile" gzip "$logfile" done # 删除30天前的压缩日志 local deleted_count=$(find "$log_dir" -name "*.log.gz" -mtime +$KEEP_DAYS -delete -print | wc -l) if [ $deleted_count -gt 0 ]; then echo "删除了 $deleted_count 个过期日志文件" fi # 清理空的日志文件 find "$log_dir" -name "*.log" -size 0 -delete # 统计清理后的情况 local total_size=$(du -sh "$log_dir" 2>/dev/null | awk '{print $1}') local file_count=$(find "$log_dir" -name "*.log*" | wc -l) echo "清理后: $file_count 个文件, 总大小 $total_size" } # 主程序 echo "=== 日志清理开始 $(date) ===" for dir in "${LOG_DIRS[@]}"; do cleanup_logs "$dir" echo "---" done # 清理系统日志 echo "清理系统日志..." journalctl --vacuum-time=30d --vacuum-size=1G echo "=== 日志清理完成 $(date) ==="
-
awk\grep\sed调优、常见错误及解决方法 性能调试# 测试命令执行时间 time grep "pattern" large_file.log # 查看命令的系统调用 strace -c grep "pattern" file.log # 监控内存使用 /usr/bin/time -v awk '{sum += $1} END {print sum}' numbers.txt内存使用优化# 避免将整个文件加载到内存 awk 'BEGIN {while ((getline line < "huge_file.log") > 0) print line}' /dev/null # 使用管道减少临时文件 grep "pattern" file.log | awk '{print $1}' | sort | uniq -c > result.txt # 分块处理大文件 split -l 100000 huge_file.log chunk_ for chunk in chunk_*; do awk '{sum += $10} END {print FILENAME, sum}' "$chunk" done | awk '{total += $2} END {print "Total:", total}'常见错误# 1. 正则表达式不匹配 # 错误示例 grep "192\.168\.1\.1" file.log # 转义过度 # 正确写法 grep "192.168.1.1" file.log # 基本正则不需要转义点号 # 2. awk字段分隔符问题 # 处理CSV文件 awk -F',' '{print $2}' data.csv # 处理多种分隔符 awk -F'[,:]' '{print $1, $3}' mixed.txt # 3. sed替换路径问题 # 错误示例 sed 's//old/path//new/path/g' file.txt # 分隔符冲突 # 正确写法 sed 's|/old/path|/new/path|g' file.txt # 使用不同分隔符高级技巧和最佳实践处理特殊字符 find . -name "*.log" -print0 | xargs -0 grep "pattern" # 处理二进制文件 grep -a "text" binary_file # 强制当作文本处理 # 处理不同编码的文件 iconv -f gbk -t utf-8 chinese.log | grep "关键词"组合命令# 复杂的日志分析流水线 tail -f access.log | \ grep --line-buffered "POST" | \ awk '{print strftime("%H:%M:%S"), $1, $7}' | \ while read time ip url; do echo "[$time] $ip 访问了 $url" done # 实时监控错误日志 tail -f error.log | \ grep --line-buffered -E "(ERROR|FATAL)" | \ sed -u 's/^/[ALERT] /' | \ tee -a alert.log脚本化和自动化analyze_nginx_log() { local logfile=$1 local pattern=${2:-""} if [ -n "$pattern" ]; then grep "$pattern" "$logfile" | awk '{print $1}' | sort | uniq -c | sort -nr else awk '{print $1}' "$logfile" | sort | uniq -c | sort -nr fi } # 使用函数 analyze_nginx_log "/var/log/nginx/access.log" "404"
-
实用nginx日志分析脚本 #!/bin/bash # 通用日志分析脚本 LOG_FILE=${1:-"/var/log/nginx/access.log"} TIME_RANGE=${2:-"$(date '+%d/%b/%Y')"} analyze_log() { local logfile=$1 local timerange=$2 echo "=== 分析 $logfile 中 $timerange 的数据 ===" # 基础统计 local total_requests=$(grep "$timerange" "$logfile" | wc -l) echo "总请求数: $total_requests" if [ $total_requests -eq 0 ]; then echo "没有找到匹配的日志记录" return fi # IP统计 echo "TOP 10 访问IP:" grep "$timerange" "$logfile" | \ awk '{print $1}' | \ sort | uniq -c | \ sort -nr | head -10 | \ awk '{printf "%-15s %8d 次\n", $2, $1}' # 状态码统计 echo "状态码分布:" grep "$timerange" "$logfile" | \ awk '{status[$9]++} END { for (code in status) { printf "%-5s %8d 次 (%.2f%%)\n", code, status[code], status[code]*100/NR } }' | sort -k2 -nr # 错误分析 local error_count=$(grep "$timerange" "$logfile" | grep -cE " (4[0-9]{2}|5[0-9]{2}) ") if [ $error_count -gt 0 ]; then echo "错误请求分析 (总计: $error_count):" grep "$timerange" "$logfile" | \ grep -E " (4[0-9]{2}|5[0-9]{2}) " | \ awk '{print $1, $7, $9}' | \ sort | uniq -c | \ sort -nr | head -10 | \ awk '{printf "%-15s %-30s %s (%d次)\n", $2, $3, $4, $1}' fi # 流量统计 echo "流量统计:" grep "$timerange" "$logfile" | \ awk '{ bytes += $10 if ($10 > max_bytes) { max_bytes = $10 max_url = $7 } } END { printf "总流量: %.2f MB\n", bytes/1024/1024 printf "平均请求大小: %.2f KB\n", bytes/1024/NR printf "最大请求: %s (%.2f MB)\n", max_url, max_bytes/1024/1024 }' } analyze_log "$LOG_FILE" "$TIME_RANGE"
