Log日志分析

hao0089

1：获得awstats工具
   1）：可以从http://awstats.sourceforge.net/网站下载。##awstats的官网
   2）：在服务器上直接下载的方法
   [root@nagios ~]# wget http://sourceforge.net/projects/awstats/files/AWStats/7.0/awstats-7.0.tar.gz/download
#########################################################################
2:awstats的安装
[root@nagios ~]# tar zxvf awstats-7.0.tar.gz

[root@nagios ~]# mv awstats-7.0/ /usr/local/awstats


[root@nagios ~]# cd /usr/local/awstats/tools/


运行配置脚本生成awstats的配置文件
[root@nagios tools]# perl awstats_configure.pl

----- AWStats awstats_configure 1.0 (build 1.9) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).

-----> Running OS detected: Linux, BSD or Unix

-----> Check for web server install
  Found Web server Apache config file '/usr/local/apache2/conf/httpd.conf'

-----> Check and complete web server config file '/usr/local/apache2/conf/httpd.conf'
Warning: You Apache config file contains directives to write 'common' log files
This means that some features can't work (os, browsers and keywords detection).
Do you want me to setup Apache to write 'combined' log files [y/N] ? y
  Add 'Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"'
  Add 'Alias /awstatscss "/usr/local/awstats/wwwroot/css/"'
  Add 'Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"'
  Add 'ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"'
  Add '' directive
  AWStats directives added to Apache config file.

-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
  File awstats.model.conf updated.

-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y

-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
> www.51auto.com

-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>

-----> Create config file '/etc/awstats/awstats.www.51auto.com.conf'
Config file /etc/awstats/awstats.www.51auto.com.conf created.

-----> Restart Web server with '/sbin/service httpd restart'
Stopping httpd: [  OK  ]
Starting httpd: [  OK  ]

-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.51auto.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...


A SIMPLE config file has been created: /etc/awstats/awstats.www.51auto.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'www.51auto.com' with command:
> perl awstats.pl -update -config=www.51auto.com
You can also read your statistics for 'www.51auto.com' with URL:
> http://localhost/awstats/awstats.pl?config=www.51auto.com

Press ENTER to finish...

################################################################
3：配置/etc/awstats/awstats.www.51auto.com.conf
  1):设置web server 的日志文件的位置 LogFile，必选根据实际分析的日志位置来设置。LogFile="/tmp/333.log" 这个就是你想分析的日志位置，可能在此服务器上分析其它服务器的日志呢。

  2):设置LogType 位分析的服务器日志类型；w表示web日志
  3):设置日志格式LogFormat；1表示采用NCSA apache combined/ELF/XLF log format

    4):设置所需要分析的网站域名 SiteDomain
    5):设置awstats的数据库存放的目录 DirData=“/usr/local/awstats/data”
文件中基本信息已配置好了，只要更改LogFile和DirData就Ok了。


[root@nagios ~]# mkdir /usr/local/awstats/data
[root@nagios ~]# chmod -R 755 /usr/local/awstats/data/
[root@nagios ~]# chmod 755 /usr/local/awstats/wwwroot/cgi-bin/*.pl
注1：一定要进行相关文件（夹）的授权，否则访问页面权限会不够。
注2： 注：rpm安装包里面的*.pl都具有执行权限，tar包里面的*.pl却没有。
4：修改httpd.conf文件
[root@nagios tools]# less httpd_conf
#
# Content of this file, with correct values, can be automatically added to
# your Apache server by using the AWStats configure.pl tool.
#


# If using Windows and Perl ActiveStat, this is to enable Perl script as CGI.
#ScriptInterpreterSource registry


#
# Directives to add to your Apache conf file to allow use of AWStats as a CGI.
# Note that path "/usr/local/awstats/" must reflect your AWStats install path.
#
Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"
Alias /awstatscss "/usr/local/awstats/wwwroot/css/"
Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"
ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"


#
# This is to permit URL access to scripts/files in AWStats directory.
#

    Options None
    AllowOverride None
    Order allow,deny
    Allow from all

###将此文件的内容加入到/usr/local/apache2/conf/httpd.conf文件中
###如果在配置生成awstats.www.51auto.com.conf文件时，选择apache默认配置文件就是/usr/local/apache2/conf/httpd.conf，那么就不用加软件自身就加进去了。


5：生成数据

[root@nagios tools]# /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.51auto.com
##因为程序是通过分析日志来进行流量统计的，如果你的日志很大的话会很耗系统资源的。

6：在浏览器中输入：http://172.31.2.250:8980/awstats/awstats.pl?config=www.51auto.com
就可以很清晰的看到你想要的结果。









#################################################
###################################################
利用awstats来分析maillog

邮件日志分析：
[root@analyse ~]# cd/usr/local/awstats/tools/
[root@analyse tools]# perlmaillogconvert.pl standard maillog >>/tmp/maillogexplain.log
#awk '{print $3}'/tmp/mailstreamline.log |grep  -E"51auto.com|51auto.cn|carking001.
Com”|sort|uniq –c
#awk '{if($1 >= 100) print $1 "  " $2}' /tmp/2car.log


列出目前在 Mail Queue 中的邮件

mailq

刪除所有在 Queue 中的邮件

postsuper -d ALL




OK Done！！！！