# awstats nginx log
#Nick
awstats 安装
awstats 配置
awstats 参数
awstats 日志更新
#安装awstats
#tar xf awstats-7.1.1.tar.gz
#mv awstats-7.1.1 /usr/local/awstats
#chmod +x /usr/local/awstats/tools/awstats_configure.pl
#/usr/local/awstats/tools/awstats_configure.pl
awstats安装向导
A. 第一个选项选择none因为默认支持apache,nginx选择none(确定配置文件路径)
B. 然后 选Y 创建一个新的配置文件
C. 这里输入自己的域名
D. 第三个选项是配置文件路径,直接回车使用默认路径
E. 回车
F. 回车(完成)
/etc/awstats/awstat.域名.conf
找到LogFile="/var/log/httpd/mylog.log"
咱们自己修改成自己的日志位置
LogFile="/data/weblogs/nginx_%YYYY-24%MM-24%DD-24.log"
取到当前日期的前一天的日期
注释LogFormat = 1
本次变量为
LogFormat = "%host %time1 %methodurl %code %bytesd %refererquot %uaquot"
修改 DirData="/data/awstats-logs"
AWStats调优及个性定制
1,更改awstats.pl 中的LIMITFLUSH值 改为50000 默认为5000
一般是以内存换速度,减少flush data on disk 的次数!
2,更改awstats.yourdomain.conf, 去除不需要分析的日志 减少磁盘占用空间及加速分析速度
LevelForBrowsersDetection=2 # 0 disables Browsers detection.
# 2 reduces AWStats speed by 2%
# allphones reduces AWStats speed by 5%
LevelForOSDetection=2 # 0 disables OS detection.
# 2 reduces AWStats speed by 3%
LevelForRefererAnalyze=2 # 0 disables Origin detection.
# 2 reduces AWStats speed by 14%
LevelForRobotsDetection=2 # 0 disables Robots detection.
# 2 reduces AWStats speed by 2.5%
LevelForSearchEnginesDetection=2 # 0 disables Search engines detection.
# 2 reduces AWStats speed by 9%
LevelForKeywordsDetection=2 # 0 disables Keyphrases/Keywords detection.
# 2 reduces AWStats speed by 1%
LevelForFileTypesDetection=2 # 0 disables File types detection.
# 2 reduces AWStats speed by 1%
LevelForWormsDetection=0 # 0 disables Worms detection.
# 2 reduces AWStats speed by 15%
3,增加 500 403 等http error code 页面显示,具体url浏览
更改awstats.yourdomain.conf,添加以下字段
ExtraSectionName1="Internal Server Errors (500)"
ExtraSectionCodeFilter1="500"
ExtraSectionCondition1="URL,^.*$"
ExtraSectionFirstColumnTitle1="URL"
ExtraSectionFirstColumnValues1="URL,^(.*)$"
ExtraSectionFirstColumnFormat1="%s"
ExtraSectionStatTypes1=HBL
ExtraSectionAddSumRow1=1
MaxNbOfExtra1=10
MinHitExtra1=1
ExtraSectionName2="Forbidden (403)"
ExtraSectionCodeFilter2="403"
ExtraSectionCondition2="URL,^.*$"
ExtraSectionFirstColumnTitle2="URL"
ExtraSectionFirstColumnValues2="URL,^(.*)$"
ExtraSectionFirstColumnFormat2="%s"
ExtraSectionStatTypes1=HBL
ExtraSectionAddSumRow2=1
MaxNbOfExtra2=10
MinHitExtra2=1
数据是要每次分析完日志才生效 ( Change : Effective for new updates only)
起先是修改 awstats.pl及awstats_buildstaticpages.pl 代码 没调试成功!
4,日志分析格式注意
iis 日志一般是LogFormat=2
apache日志 LogFormat = 1
如自定义日志格式的 拿来分析必须 指定 %method 或%methodurl
如 LogFormat = "%time2 %method %url %query %host %ua %referer %code"
5,导出独立静态页面
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -config=yourdomain.com -output=errors404 -staticlinks > awstats.yourdomain.com .html
方便浏览 及自定义
具体可以awstats.pl --help
# Enter here your log format (Must match your web server config. See setup
# instructions in documentation to know how to configure your web server to
# have the required log format).
# Possible values: 1,2,3,4 or "your_own_personalized_log_format"
# 1 - Apache or Lotus Notes/Domino native combined log format (NCSA combined/XLF/ELF log format)
# 2 - IIS or ISA format (IIS W3C log format). See FAQ-COM115 For ISA.
# 3 - Webstar native log format.
# 4 - Apache or Squid native common log format (NCSA common/CLF log format)
# With LogFormat=4, some features (browsers, os, keywords...) can't work.
# "your_own_personalized_log_format" = If your log is ftp, mail or other format,
# you must use following keys to define the log format string (See FAQ for
# ftp, mail or exotic web log format examples):
# %host Client hostname or IP address (or Sender host for mail log)
客户端主机名或IP地址(主机或发件人邮件日志)
# %host_r Receiver hostname or IP address (for mail log)
接收主机名或IP地址(邮件日志)
# %lognamequot Authenticated login/user with format: "john"
验证登录/用户格式:“JOHN”
# %logname Authenticated login/user with format: john
身份验证的登录/用户格式:约翰
# %time1 Date and time with format: [dd/mon/yyyy:hh:mm:ss +0000] or [dd/mon/yyyy:hh:mm:ss]
# %time2 Date and time with format: yyyy-mm-dd hh:mm:ss
# %time3 Date and time with format: Mon dd hh:mm:ss or Mon dd hh:mm:ss yyyy
# %time4 Date and time with unix timestamp format: dddddddddd
# %time5 Date and time with format iso: yyyy-mm-ddThh:mm:ss
#Method and URL with format: "GET /index.html HTTP/x.x"
一种使用格式字串的:的方法和URL的“GET/ index.html的HTTP/ XX”
# %methodurlnoprot Method and URL with format: "GET /index.html"
# %method Method with format: GET
# %url URL only with format: /index.html
只能使用格式:/ index.html的URL
# %query Query string (used by URLWithQuery option)
查询字符串(使用URLWithQuery选项)
# %code Return code status (with format for web log: 999)
返回代码状态(网络日志的格式:999)
# %bytesd Size of document in bytes
%bytesd的文件大小(以字节为单位)
# %refererquot Referer page with format: "http://from.com/from.htm"
引用页面格式:“http://from.com/from.htm”
# %referer Referer page with format: http://from.com/from.htm
# %uabracket User agent with format: [Mozilla/4.0 (compatible, ...)]
用户代理与格式:[Mozilla/4.0(兼容,...)]
# %uaquot User agent with format: "Mozilla/4.0 (compatible, ...)"
# %ua User agent with format: Mozilla/4.0_(compatible...)
# %gzipin mod_gzip compression input bytes: In:XXX
# %gzipout mod_gzip compression output bytes & ratio: Out:YYY:ZZpct.
# %gzipratio mod_gzip compression ratio: ZZpct.
# %deflateratio mod_deflate compression ratio with format: (ZZ)
# %email EMail sender (for mail log)
# %email_r EMail receiver (for mail log)
# %cluster If log file is provided from several computers (merged by
# logresolvemerge.pl), use this to define cluster id field.
# %extraX
# %other Means another not used field
# %otherquot Means another not used double quoted field
#
# Examples for Apache combined logs (following two examples are equivalent):
# LogFormat = 1
# LogFormat = "%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot"
日志格式说明:
$remote_addr 与$http_x_forwarded_for 用以记录客户端的ip地址;
$remote_user :用来记录客户端用户名称;
$time_local : 用来记录访问时间与时区;
$request : 用来记录请求的url与http协议;
$status : 用来记录请求状态;成功是200,
$body_bytes_s ent :记录发送给客户端文件主体内容大小;
$http_referer :用来记录从那个页面链接访问过来的;
$http_user_agent :记录客户毒啊浏览器的相关信息;
######################################################################################################
线上nginx的日志格式
log_format proxy '$proxy_add_x_forwarded_for [$time_local]'
' "$request" $status $body_bytes_sent '
' "$http_referer" "$http_user_agent" ';
#日志注解
客户端请求ip 本地时间 用来记录请求的url与http协议 用来记录请求状态 记录发送给客户端文件主体内容大小
用来记录从那个页面链接访问过来的 记录客户毒啊浏览器的相关信息
awstats日志设置
LogFormat = "%host %time1 %methodurl %code %bytesd %refererquot %uaquot"
初始化生成静态页面
/安装路径/ awstats/wwwroot/cgi-bin/awstats.pl -update -config=youdomain
更新数据的代码
/usr/local/awstats/tools/awstats_buildstaticpages.pl
-update
-config=YOURDOMAIN
-dir=/usr/local/awstats/log/
-lang=cn -awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl
通过绝对路径可以访问到,
加密方法如下通过apache的htpasswd工具生成一个密钥包
这个工具的路径自己查找
/usr/bin/htpasswd -c admin.pass admin
生成一个admin.pass的文件
修改nginx.conf
location ~^/log/ { #重定向好做加密
root /data/awstats-web; #定向的目录路径
index index.html; #支持的文件类型
access_log off; #关掉日志
error_log off;
auth_basic "admin"; #加密
auth_basic_user_file /tools/admin.pass; #密钥路径(位置放哪里写哪里)
}
location ~^/icon/ { #用到的图片路径
root /data/awstats-web; #
index index.html;
access_log off;
error_log off;
#charser gd2312;
}
这样,在登录http://xxxx/awstats.www.name.com.html 就需要输入密码进行验证了
配置 Awstats 自动运行
11 59 * * * /home/scripts/nginxlog.sh #半夜11:59 进行日志切割
00 1 * * * /usr/local/awstats/tools/awstats_buildstaticpages.pl \
-update -config=www.YOUR.com -lang=cn -dir=/data/awstats_web/awstats \
-awstatsprog=/usr/local/awstats/wwwroot/cgi-bin/awstats.pl