Apache服務的日誌分割與日誌分析
日誌分割
-
隨着網站的訪問量增長,默認狀況下Apache的單個日誌文件也會愈來愈大css
-
日誌文件佔用磁盤空間很大html
- 查看相關信息不方便
兩種日誌分割工具
-
Apache自帶rotatelogs分割工具實現nginx
- 第三方工具cronolog分割
rotatelogs分割工具實驗
(1)安裝httpd服務。web
[root@localhost ~]# yum install httpd -y ........省略安裝過程
(2)安裝完畢後,咱們能夠查看,日誌文件存放目錄「/var/log/httpd/」能夠看到並無日誌文件。當咱們開啓服務後再次查看,日誌文件生成。apache
[root@localhost ~]# ls /var/log/httpd/ //查看目錄 [root@localhost ~]# systemctl start httpd //開啓服務 [root@localhost ~]# ls /var/log/httpd/ //查看目錄 access_log error_log //日誌文件 [root@localhost ~]# systemctl stop firewalld.service //關閉防火牆 [root@localhost ~]# setenforce 0 //關閉加強性安全功能 [root@localhost ~]#
(3)查看IP地址。vim
[root@localhost ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.52.133 netmask 255.255.255.0 broadcast 192.168.52.255
inet6 fe80::3e1d:31ba:f66a:6f80 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:27:1c:3f txqueuelen 1000 (Ethernet)
RX packets 11004 bytes 14155417 (13.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5374 bytes 360388 (351.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(4)對配置文件進行修改(能夠用「 / 」來查詢關鍵字修改)。windows
[root@localhost ~]# vim /etc/httpd/conf/httpd.conf Listen 192.168.52.133:80 //開啓IPv4監聽 #Listen 80 //註釋IPv6監聽 ServerName www.abc.com:80 //設置域名 #ErrorLog "logs/error_log" ErrorLog "| /usr/sbin/rotatelogs -l logs/www.abc.com.error_%Y%m%dlog 86400" //錯誤日誌配置 # CustomLog "logs/access_log" combined CustomLog "| /usr/sbin/rotatelogs -l logs/www.abc.com.access_%Y%m%dlog 86400" combined //訪問日誌配置 [root@localhost ~]# systemctl restart httpd //重啓服務 [root@localhost ~]#
(5)咱們先查看日誌文件目錄,此時只有錯誤日誌。當咱們用win10主機訪問網站後再查看,就生成了訪問日誌。瀏覽器
[root@localhost ~]# [root@localhost ~]# cd /var/log/httpd/ //進入日誌文件存放目錄 [root@localhost httpd]# ls //查看 access_log error_log www.abc.com.error_20191025log //只有錯誤日誌 [root@localhost httpd]# ls //用win10主機訪問後再次查看 access_log error_log www.abc.com.access_20191025log www.abc.com.error_20191025log //訪問日誌生成 [root@localhost httpd]#
(6)咱們用「date -s」命令,將系統日期向後修改一天後,重啓服務再次查看目錄,又生成了新的一天的日誌文件。安全
[root@localhost httpd]# date -s 10/26/19 2019年 10月 26日 星期六 00:00:00 CST [root@localhost httpd]# [root@localhost httpd]# ls access_log error_log www.abc.com.access_20191025log www.abc.com.error_20191025log [root@localhost httpd]# systemctl restart httpd [root@localhost httpd]# ls access_log error_log www.abc.com.access_20191025log www.abc.com.error_20191025log www.abc.com.error_20191026log [root@localhost httpd]#
第三方工具cronolog實驗
(1)咱們先安裝httpd服務。服務器
[root@localhost ~]# yum install httpd -y ......//省略安裝過程 [root@localhost ~]#
(2)經過Samba服務將cronolog工具的安裝包從宿主機掛載到Linux系統。
[root@localhost ~]# mkdir /mnt/tools //建立掛載目錄
[root@localhost ~]# smbclient -L //192.168.100.50/ //檢查共享
Enter SAMBA\root's password:
OS=[Windows 10 Enterprise LTSC 2019 17763] Server=[Windows 10 Enterprise LTSC 2019 6.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC 遠程 IPC
share Disk
tools Disk
Users Disk
Connection to 192.168.100.50 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
NetBIOS over TCP disabled -- no workgroup available
[root@localhost ~]# mount.cifs //192.168.100.50/tools /mnt/tools //掛載
Password for root@//192.168.100.50/tools:
[root@localhost ~]# ls /mnt/tools/ //查看
awstats-7.6.tar.gz fiddler.exe john-1.8.0.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm intellijideahahau2018.rar LAMP-C7
extundelete-0.2.4.tar.bz2 jdk-8u191-windows-x64.zip
[root@localhost ~]#
(3)用「rpm」命令直接安裝cronolog工具。
[root@localhost ~]# cd /mnt/tools //切換目錄 [root@localhost tools]# ls //查看 awstats-7.6.tar.gz fiddler.exe john-1.8.0.tar.gz cronolog-1.6.2-14.el7.x86_64.rpm intellijideahahau2018.rar LAMP-C7 extundelete-0.2.4.tar.bz2 jdk-8u191-windows-x64.zip [root@localhost tools]# rpm -ivh cronolog-1.6.2-14.el7.x86_64.rpm //安裝 警告:cronolog-1.6.2-14.el7.x86_64.rpm: 頭V3 RSA/SHA256 Signature, 密鑰 ID 352c64e5: NOKEY 準備中... ################################# [100%] 正在升級/安裝... 1:cronolog-1.6.2-14.el7 ################################# [100%] [root@localhost tools]#
(4) 查看命令文件存放目錄。
[root@localhost tools]# which cronolog //查看命令文件存放目錄 /usr/sbin/cronolog [root@localhost tools]#
(5)對httpd服務的配置文件進行修改。
[root@localhost tools]# vim /etc/httpd/conf/httpd.conf
Listen 192.168.52.133:80 //開啓IPv4監聽
#Listen 80 //註釋IPv6監聽
ServerName www.abc.com:80 //設置域名
#ErrorLog "logs/error_log"
ErrorLog "| /usr/sbin/cronolog logs/www.abc.com.error_%Y%m%d.log" //配置錯誤日誌
#CustomLog "logs/access_log" combined
CustomLog "| /usr/sbin/cronolog logs/www.abc.com.access_%Y%m%d.log" combined //配置訪問日誌
(6)實驗結果測試。
[root@localhost tools]# systemctl start httpd //開啓httpd服務 [root@localhost tools]# systemctl stop firewalld.service //關閉防火牆 [root@localhost tools]# setenforce 0 //關閉加強性安全功能 [root@localhost tools]# ls /var/log/httpd/ //查看日誌存放目錄 www.abc.com.error_20191025.log //只有錯誤日誌 [root@localhost tools]# ls /var/log/httpd/ //用win10主機訪問後再查看 www.abc.com.access_20191025.log www.abc.com.error_20191025.log //訪問日誌生成 [root@localhost tools]# [root@localhost tools]# date -s 10/26/19 //更改系統時間 2019年 10月 26日 星期六 00:00:00 CST [root@localhost tools]# systemctl restart httpd //重啓服務 [root@localhost tools]# ls /var/log/httpd/ //再次查看日誌存放目錄 www.abc.com.access_20191025.log www.abc.com.error_20191025.log www.abc.com.error_20191026.log //生成新日誌文件 [root@localhost tools]#
AWStats日誌分析系統介紹
AWStats 日誌分析系統
-
Per語言開發的一款開源日誌分析系統
- 可用來分析Apache、Samba、 Vsftpd、 IIS等服務器的訪問日誌信息結合crond等計劃任務服務,可對日誌內容按期進行分析
部署AWStats日誌分析系統實驗
(1)安裝httpd服務和bind(named)服務。
[root@localhost ~]# yum install bind httpd -y ......//省略安裝過程
(2)對named服務的主配置文件進行修改。
[root@localhost ~]# vim /etc/named.conf
options {
listen-on port 53 { any; }; //127.0.0.1改成any
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursing-file "/var/named/data/named.recursing";
secroots-file "/var/named/data/named.secroots";
allow-query { any; }; //localhost改成any
(3)對named服務的區域配置文件進行修改。
[root@localhost ~]# vim /etc/named.rfc1912.zones
zone "abc.com" IN { //添加一個域名信息
type master;
file "abc.com.zone";
allow-update { none; };
};
(4)查看一下IP地址。
[root@localhost named]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.52.133 netmask 255.255.255.0 broadcast 192.168.52.255
inet6 fe80::3e1d:31ba:f66a:6f80 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:27:1c:3f txqueuelen 1000 (Ethernet)
RX packets 14532 bytes 20210558 (19.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 6054 bytes 399142 (389.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
(5)保留權限複製一份named服務的區域數據配置文件,進行修改。
[root@localhost ~]# cd /var/named/ //切換目錄
[root@localhost named]# ls //查看
data dynamic named.ca named.empty named.localhost named.loopback slaves
[root@localhost named]# cp -p named.localhost abc.com.zone //複製
[root@localhost named]# vim abc.com.zone
$TTL 1D
@ IN SOA @ rname.invalid. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS @
A 127.0.0.1
www IN A 192.168.52.133 //添加IPv4的域名解析
(6)開啓named服務。
[root@localhost named]# systemctl start named //開啓服務 [root@localhost named]# systemctl stop firewalld.service //關閉防火牆 [root@localhost named]# setenforce 0 //關閉加強性安全功能 [root@localhost named]#
(7)對httpd服務的配置文件進行修改。
[root@localhost named]# cd /etc/httpd/ [root@localhost httpd]# ls conf conf.d conf.modules.d logs modules run [root@localhost httpd]# vim conf/httpd.conf Listen 192.168.52.133:80 //開啓IPv4監聽 #Listen 80 //註銷IPv6監聽 # ServerName www.abc.com:80 //配置域名
(8)開啓服務,查看日誌文件存放目錄
[root@localhost httpd]# systemctl start httpd.service //開啓服務 [root@localhost httpd]# [root@localhost httpd]# ls /var/log/httpd/ //查看 access_log error_log //訪問日誌和錯誤日誌文件 [root@localhost httpd]#
(9)用Samba服務將工具壓縮包,從宿主機掛載到Linux系統。
[root@localhost httpd]# mkdir /mnt/abc //建立掛載目錄
[root@localhost httpd]# smbclient -L //192.168.100.50/ //查看共享
Enter SAMBA\root's password:
OS=[Windows 10 Enterprise LTSC 2019 17763] Server=[Windows 10 Enterprise LTSC 2019 6.3]
Sharename Type Comment
--------- ---- -------
IPC$ IPC 遠程 IPC
share Disk
tools Disk
Users Disk
Connection to 192.168.100.50 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
NetBIOS over TCP disabled -- no workgroup available
[root@localhost httpd]# mount.cifs //192.168.100.50/tools /mnt/abc //掛載
Password for root@//192.168.100.50/tools:
[root@localhost httpd]# ls /mnt/abc/ //查看掛載目錄
awstats-7.6.tar.gz fiddler.exe john-1.8.0.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm intellijideahahau2018.rar LAMP-C7
extundelete-0.2.4.tar.bz2 jdk-8u191-windows-x64.zip
[root@localhost httpd]# tar zxvf /mnt/abc/awstats-7.6.tar.gz -C /opt/ //將壓縮包解壓到「/opt/」目錄
[root@localhost httpd]# ls /opt //查看「/opt/」目錄
awstats-7.6 rh
[root@localhost httpd]#
[root@localhost httpd]# mv /opt/awstats-7.6/ /usr/local/awstats //將解壓包移動到「/usr/local/」目錄,命名爲「awstats 」
[root@localhost httpd]# ls /usr/local/ //查看
awstats bin etc games include lib lib64 libexec sbin share src
[root@localhost httpd]#
(10)進入「/usr/local/awstats/tools」目錄
[root@localhost httpd]# [root@localhost httpd]# cd /usr/local/awstats/ [root@localhost awstats]# ls docs README.md tools wwwroot [root@localhost awstats]# cd tools/ [root@localhost tools]# ls awstats_buildstaticpages.pl dolibarr maillogconvert.pl xslt awstats_configure.pl geoip_generator.pl nginx awstats_exportlib.pl httpd_conf urlaliasbuilder.pl awstats_updateall.pl logresolvemerge.pl webmin
(11)對awstats進行配置。
[root@localhost tools]# ./awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 20140126) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
-----> Running OS detected: Linux, BSD or Unix
-----> Check for web server install
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
> /etc/httpd/conf/httpd.conf //指定httpd服務配置文件
-----> Check and complete web server config file '/etc/httpd/conf/httpd.conf'
Add 'Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"'
Add 'Alias /awstatscss "/usr/local/awstats/wwwroot/css/"'
Add 'Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"'
Add 'ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"'
Add '<Directory>' directive
AWStats directives added to Apache config file.
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
File awstats.model.conf updated.
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y //肯定
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
> www.abc.com //指定域名
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
> //指定awstats工具配置文件,直接回車默認「/etc/awstats」
-----> Create config file '/etc/awstats/awstats.www.abc.com.conf'
Config file /etc/awstats/awstats.www.abc.com.conf created.
-----> Restart Web server with '/sbin/service httpd restart'
Redirecting to /bin/systemctl restart httpd.service
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.abc.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue... //回車繼續
A SIMPLE config file has been created: /etc/awstats/awstats.www.abc.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'www.abc.com' with command:
> perl awstats.pl -update -config=www.abc.com
You can also read your statistics for 'www.abc.com' with URL:
> http://localhost/awstats/awstats.pl?config=www.abc.com
Press ENTER to finish... //回車完成
[root@localhost tools]#
(12)對httpd服務的配置文件進行修改。
[root@localhost tools]# cd /etc/httpd/
[root@localhost httpd]# ls
conf conf.d conf.modules.d logs modules run
[root@localhost httpd]# vim conf/httpd.conf
#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/usr/local/awstats/wwwroot">
Options None
AllowOverride None
#Order allow,deny //註釋
#Allow from all //註釋
Require all granted //添加
</Directory>
(13)對awstats日誌分析系統的配置文件進行修改
[root@localhost httpd]# [root@localhost httpd]# cd /etc/awstats/ [root@localhost awstats]# ls awstats.www.abc.com.conf [root@localhost awstats]# vim awstats.www.abc.com.conf LogFile="/var/log/httpd/access_log" //指定httpd訪問日誌文件 DirData="/var/lib/awstats" //awstats文件,默認不存在(須要建立)
(14)建立awstats文件,並重啓httpd服務。
[root@localhost awstats]# [root@localhost awstats]# ls /var/lib/awstats //查看awstats文件不存在 ls: 沒法訪問/var/lib/awstats: 沒有那個文件或目錄 [root@localhost awstats]# mkdir /var/lib/awstats //建立awstats文件 [root@localhost awstats]# ls /var/lib/awstats [root@localhost awstats]# [root@localhost awstats]# systemctl restart httpd.service //重啓服務 [root@localhost awstats]#
(15)修改win10主機的dns服務器IP地址,同時用win主機訪問httpd服務域名。
(16)用win10主機訪問awstats統計的主頁,域名:http://localhost/awstats/awstats.pl?config=www.abc.com。能夠看到沒有統計信息,由於沒有更新數據。
(17)咱們回到Linux系統,切換到「/usr/local/awstats/tools/」,更新數據。
[root@localhost awstats]# cd /usr/local/awstats/tools/ [root@localhost tools]# ls awstats_buildstaticpages.pl awstats_exportlib.pl dolibarr httpd_conf maillogconvert.pl urlaliasbuilder.pl xslt awstats_configure.pl awstats_updateall.pl geoip_generator.pl logresolvemerge.pl nginx webmin [root@localhost tools]# ./awstats_updateall.pl now //更新數據 Running '"/usr/local/awstats/wwwroot/cgi-bin/awstats.pl" -update -config=www.abc.com -configdir="/etc/awstats"' to update config www.abc.com Create/Update database for config "/etc/awstats/awstats.www.abc.com.conf" by AWStats version 7.6 (build 20161204) From data in log file "/var/log/httpd/access_log"... Phase 1 : First bypass old records, searching new record... Searching new records from beginning of log file... Phase 2 : Now process new records (Flush history on disk after 20000 hosts)... Jumped lines in file: 0 Parsed lines in file: 106 Found 0 dropped records, Found 0 comments, Found 0 blank records, Found 1 corrupted records, Found 0 old records, Found 105 new qualified records. [root@localhost tools]#
(18)再次在win10 系統進入統計頁面,已經有了統計數據。
(19)爲了方便使用awstats服務統計數據,咱們能夠設置週期性任務。
[root@localhost tools]# crontab -e //編輯週期性任務 */5 * * * * /usr/local/awstats/tools/awstats_updateall.pl now //每五分鐘更新一次數據 [root@localhost tools]# 您在 /var/spool/mail/root 中有郵件 [root@localhost tools]#
(20)咱們訪問數據統計頁面的域名「http://localhost/awstats/awstats.pl?config=www.abc.com」太長,不容易記憶。咱們能夠優化網頁的地址,用「http://www.abc.com/aws.html」便可訪問。
[root@localhost tools]# [root@localhost tools]# cd /var/www/html/ [root@localhost html]# vim aws.html <html> <head> <meta http-equiv=refresh content="0;url=http://www.abc.com/awstats/awstats.pl?config=www.abc.com"> </head> <body></body> </html> [root@localhost html]# systemctl restart httpd.service //重啓服務
(21)在win10主機瀏覽器輸入地址「http://www.abc.com/aws.html」,會自動轉到數據統計頁面。
相關文章
- 1. Apache日誌分割
- 2. apache日誌分割
- 3. Apache 分割日誌
- 4. Linux Centos7.4--apache日誌分割,日誌管理分析
- 5. Apache 配置——日誌分割及使用AWStats日誌分析
- 6. logrotate分割apache日誌
- 7. Apache日誌分割(rotatelogs、cronolog)
- 8. Apache日誌分析
- 9. apache日誌分析
- 10. 日誌分割及分析
- 更多相關文章...
- • SQLite 日期 & 時間 - SQLite教程
- • 服務器上的 XML - XML 教程
- • Spring Cloud 微服務實戰(三) - 服務註冊與發現
- • 常用的分佈式事務解決方案
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章