Получить последние записи за один час из apache domlog - PullRequest
Новая
       0

Получить последние записи за один час из apache domlog

0 голосов
/ 10 января 2020

Я уже просмотрел некоторые другие результаты поиска, например link1 link2 , но я пока не мог заставить мой работать, просматривая журнал из Apache domlogs за последний час к текущему времени.

Часть журнала: 

54.X.X.X - - [08/Jan/2020:02:59:12 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "Pandalytics/1.0 (https://domainsbot.com/pandalytics/)"
54.X.X.X - - [08/Jan/2020:02:59:12 +0100] "GET / HTTP/1.1" 200 810 "-" "Pandalytics/1.0 (https://domainsbot.com/pandalytics/)"
54.X.X.X - - [08/Jan/2020:20:08:09 +0100] "GET /wp-login.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
54.X.X.X - - [08/Jan/2020:22:33:20 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
54.X.X.X - - [08/Jan/2020:22:33:47 +0100] "GET / HTTP/1.1" 200 810 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
54.X.X.X - - [08/Jan/2020:22:35:22 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
54.X.X.X - - [09/Jan/2020:08:07:10 +0100] "GET / HTTP/1.1" 200 810 "https://www.bing.com" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
54.X.X.X - - [09/Jan/2020:08:08:37 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
54.X.X.X - - [09/Jan/2020:08:08:37 +0100] "GET / HTTP/1.1" 200 810 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
54.X.X.X - - [09/Jan/2020:19:12:56 +0100] "GET /wp-login.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
54.X.X.X - - [09/Jan/2020:19:13:34 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
54.X.X.X - - [10/Jan/2020:03:25:25 +0100] "GET /.git/config HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

Шаблон даты и времени в журнале: 

# date +%d/%b/%Y:%H:%M:%S
10/Jan/2020:15:11:43

и за последний час : 

# date -d -1hour +%d/%b/%Y:%H:%M:%S
10/Jan/2020:14:11:13

Я пробовал что-то вроде: 

d1=$(date -d -1hour +%d/%b/%Y:%H:%M:%S)
d2=$(date +%d/%b/%Y:%H:%M:%S)
awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' domlog.log

Но ничего не возвращает. Я также попробовал несколько других способов.

В то же время, тот же подход работает нормально для системного журнала / var / log / messages

Пример его шаблона: 

# d1=$(date -d -1hour +%b" "%d" "%H:%M:%S);d2=$(date  +%b" "%d" "%H:%M:%S);awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' /var/log/messages
Jan 10 14:15:01 cpanel systemd: Started Session 11085 of user root.
Jan 10 14:15:01 cpanel systemd: Started Session 11086 of user root.
Jan 10 14:15:08 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:15:08 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:15:08 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:20:01 cpanel systemd: Started Session 11087 of user root.
Jan 10 14:20:01 cpanel systemd: Started Session 11088 of user root.
Jan 10 14:20:01 cpanel systemd: Started Session 11089 of user root.
Jan 10 14:20:10 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:20:10 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:20:10 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:25:01 cpanel systemd: Started Session 11090 of user root.
Jan 10 14:25:01 cpanel systemd: Started Session 11091 of user root.
Jan 10 14:28:01 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:28:01 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:28:01 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:29:01 cpanel systemd: Started Session 11092 of user root.
Jan 10 14:30:01 cpanel systemd: Started Session 11093 of user root.
Jan 10 14:30:01 cpanel systemd: Started Session 11094 of user root.
Jan 10 14:33:04 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:33:04 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:33:04 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:35:02 cpanel systemd: Started Session 11095 of user root.
Jan 10 14:35:02 cpanel systemd: Started Session 11096 of user root.
Jan 10 14:35:02 cpanel systemd: Started Session 11097 of user root.
Jan 10 14:38:06 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:38:06 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:38:06 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:39:01 cpanel systemd: Started Session 11098 of user root.
Jan 10 14:40:01 cpanel systemd: Started Session 11099 of user root.
Jan 10 14:40:01 cpanel systemd: Started Session 11100 of user root.
Jan 10 14:40:57 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:00 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:04 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:07 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:11 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:14 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:21 cpanel PAM-hulk[24110]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:43:09 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:43:09 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:43:09 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:44:01 cpanel systemd: Started Session 11101 of user root.
Jan 10 14:45:01 cpanel systemd: Started Session 11102 of user root.
Jan 10 14:48:12 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:48:12 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:48:12 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:50:01 cpanel systemd: Started Session 11103 of user root.
Jan 10 14:50:01 cpanel systemd: Started Session 11105 of user root.
Jan 10 14:50:01 cpanel systemd: Started Session 11104 of user root.
Jan 10 14:53:14 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:53:14 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:53:14 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:55:01 cpanel systemd: Started Session 11106 of user root.
Jan 10 14:55:12 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:17 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:21 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:25 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:29 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:33 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:42 cpanel PAM-hulk[24510]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:58:17 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 14:58:17 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:58:17 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 14:59:01 cpanel systemd: Started Session 11107 of user root.
Jan 10 15:00:01 cpanel systemd: Started Session 11108 of user root.
Jan 10 15:00:01 cpanel systemd: Started Session 11109 of user root.
Jan 10 15:01:01 cpanel systemd: Started Session 11110 of user root.
Jan 10 15:05:01 cpanel systemd: Started Session 11111 of user root.
Jan 10 15:05:01 cpanel systemd: Started Session 11112 of user root.
Jan 10 15:07:04 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 15:07:04 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 15:07:04 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 15:09:01 cpanel systemd: Started Session 11113 of user root.
Jan 10 15:10:01 cpanel systemd: Started Session 11115 of user root.
Jan 10 15:10:01 cpanel systemd: Started Session 11114 of user root.
Jan 10 15:12:06 cpanel pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
Jan 10 15:12:06 cpanel pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 15:12:06 cpanel pure-ftpd: (__cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse@127.0.0.1) [INFO] Logout.
Jan 10 15:14:01 cpanel systemd: Started Session 11116 of user root.

Для этого системного журнала:

Формат даты и времени: 

# date -d -1hour +%b" "%d" "%H:%M:%S
Jan 10 14:16:03

В течение одного часа go: 

# date  +%b" "%d" "%H:%M:%S
Jan 10 15:16:20

Что я здесь не хватает?

1 Ответ

1 голос
/ 11 января 2020

Вы должны найти соответствие в 4-м поле в журнале, и вам нужно убрать начальный "[" из столбца. 

awk -v d1="$d1" -v d2="$d2" 'substr($4,2) > d1 && substr($4,2) < d2 || substr($4,2) ~ d2' apache.log
Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.

Нет похожих вопросов

...