从apache domlog中获取最近一小时的条目

问题描述 投票:0回答:1

[我已经查看了其他一些搜索结果,例如link1 link2,但由于从过去一小时到当前时间的Apache domlog中看到的日志,我还无法使我的工作正常。

部分日志为:

54.X.X.X - - [08/Jan/2020:02:59:12 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "Pandalytics/1.0 (https://domainsbot.com/pandalytics/)"
54.X.X.X - - [08/Jan/2020:02:59:12 +0100] "GET / HTTP/1.1" 200 810 "-" "Pandalytics/1.0 (https://domainsbot.com/pandalytics/)"
54.X.X.X - - [08/Jan/2020:20:08:09 +0100] "GET /wp-login.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
54.X.X.X - - [08/Jan/2020:22:33:20 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
54.X.X.X - - [08/Jan/2020:22:33:47 +0100] "GET / HTTP/1.1" 200 810 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
54.X.X.X - - [08/Jan/2020:22:35:22 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "msnbot/2.0b (+http://search.msn.com/msnbot.htm)"
54.X.X.X - - [09/Jan/2020:08:07:10 +0100] "GET / HTTP/1.1" 200 810 "https://www.bing.com" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
54.X.X.X - - [09/Jan/2020:08:08:37 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
54.X.X.X - - [09/Jan/2020:08:08:37 +0100] "GET / HTTP/1.1" 200 810 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
54.X.X.X - - [09/Jan/2020:19:12:56 +0100] "GET /wp-login.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
54.X.X.X - - [09/Jan/2020:19:13:34 +0100] "GET /robots.txt HTTP/1.1" 404 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36"
54.X.X.X - - [10/Jan/2020:03:25:25 +0100] "GET /.git/config HTTP/1.1" 404 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

其在日志中的日期和时间模式是:

# date +%d/%b/%Y:%H:%M:%S
10/Jan/2020:15:11:43

以及最近一个小时:

# date -d -1hour +%d/%b/%Y:%H:%M:%S
10/Jan/2020:14:11:13

我尝试过类似的事情:

d1=$(date -d -1hour +%d/%b/%Y:%H:%M:%S)
d2=$(date +%d/%b/%Y:%H:%M:%S)
awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' domlog.log

但是什么也不返回。我也尝试了其他几种方法。

同时,对于系统日志/ var / log / messages,相同的方法也可以正常工作

其模式示例:

# d1=$(date -d -1hour +%b" "%d" "%H:%M:%S);d2=$(date  +%b" "%d" "%H:%M:%S);awk -v d1="$d1" -v d2="$d2" '$0 > d1 && $0 < d2 || $0 ~ d2' /var/log/messages
Jan 10 14:15:01 cpanel systemd: Started Session 11085 of user root.
Jan 10 14:15:01 cpanel systemd: Started Session 11086 of user root.
Jan 10 14:15:08 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:15:08 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:15:08 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:20:01 cpanel systemd: Started Session 11087 of user root.
Jan 10 14:20:01 cpanel systemd: Started Session 11088 of user root.
Jan 10 14:20:01 cpanel systemd: Started Session 11089 of user root.
Jan 10 14:20:10 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:20:10 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:20:10 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:25:01 cpanel systemd: Started Session 11090 of user root.
Jan 10 14:25:01 cpanel systemd: Started Session 11091 of user root.
Jan 10 14:28:01 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:28:01 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:28:01 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:29:01 cpanel systemd: Started Session 11092 of user root.
Jan 10 14:30:01 cpanel systemd: Started Session 11093 of user root.
Jan 10 14:30:01 cpanel systemd: Started Session 11094 of user root.
Jan 10 14:33:04 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:33:04 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:33:04 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:35:02 cpanel systemd: Started Session 11095 of user root.
Jan 10 14:35:02 cpanel systemd: Started Session 11096 of user root.
Jan 10 14:35:02 cpanel systemd: Started Session 11097 of user root.
Jan 10 14:38:06 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:38:06 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:38:06 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:39:01 cpanel systemd: Started Session 11098 of user root.
Jan 10 14:40:01 cpanel systemd: Started Session 11099 of user root.
Jan 10 14:40:01 cpanel systemd: Started Session 11100 of user root.
Jan 10 14:40:57 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:00 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:04 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:07 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:11 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:14 cpanel PAM-hulk[24100]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:41:21 cpanel PAM-hulk[24110]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:43:09 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:43:09 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:43:09 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:44:01 cpanel systemd: Started Session 11101 of user root.
Jan 10 14:45:01 cpanel systemd: Started Session 11102 of user root.
Jan 10 14:48:12 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:48:12 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:48:12 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:50:01 cpanel systemd: Started Session 11103 of user root.
Jan 10 14:50:01 cpanel systemd: Started Session 11105 of user root.
Jan 10 14:50:01 cpanel systemd: Started Session 11104 of user root.
Jan 10 14:53:14 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:53:14 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:53:14 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:55:01 cpanel systemd: Started Session 11106 of user root.
Jan 10 14:55:12 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:17 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:21 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:25 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:29 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:33 cpanel PAM-hulk[24494]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:55:42 cpanel PAM-hulk[24510]: Brute force detection active: 550 LOGIN DENIED -- TOO MANY FAILURES
Jan 10 14:58:17 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 14:58:17 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 14:58:17 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 14:59:01 cpanel systemd: Started Session 11107 of user root.
Jan 10 15:00:01 cpanel systemd: Started Session 11108 of user root.
Jan 10 15:00:01 cpanel systemd: Started Session 11109 of user root.
Jan 10 15:01:01 cpanel systemd: Started Session 11110 of user root.
Jan 10 15:05:01 cpanel systemd: Started Session 11111 of user root.
Jan 10 15:05:01 cpanel systemd: Started Session 11112 of user root.
Jan 10 15:07:04 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 15:07:04 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 15:07:04 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 15:09:01 cpanel systemd: Started Session 11113 of user root.
Jan 10 15:10:01 cpanel systemd: Started Session 11115 of user root.
Jan 10 15:10:01 cpanel systemd: Started Session 11114 of user root.
Jan 10 15:12:06 cpanel pure-ftpd: ([email protected]) [INFO] New connection from 127.0.0.1
Jan 10 15:12:06 cpanel pure-ftpd: ([email protected]) [INFO] __cpanel__service__auth__ftpd__ZkeSALFUGDi7xNse is now logged in
Jan 10 15:12:06 cpanel pure-ftpd: ([email protected]) [INFO] Logout.
Jan 10 15:14:01 cpanel systemd: Started Session 11116 of user root.

对于该系统日志:

日期和时间格式为:

# date -d -1hour +%b" "%d" "%H:%M:%S
Jan 10 14:16:03

一个小时前:

# date  +%b" "%d" "%H:%M:%S
Jan 10 15:16:20

我在这里想念什么?。

bash
1个回答
0
投票

您应该在日志的第四个字段上进行匹配,并且需要从该列中删除前导“ [”。

awk -v d1="$d1" -v d2="$d2" 'substr($4,2) > d1 && substr($4,2) < d2 || substr($4,2) ~ d2' apache.log
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.