在CentOS 6上使用awstats分析httpd和tomcat日志

 

用Awstats工具来分析httpd和tomcat的访问日志
准备工作:
Awstats 是由 perl 语言编写的,所以要首先准备好 awstats 的运行环境。
# yum install –y perl*
一、首先,要安装apache服务器,并且启动httpd服务。
我的 apache yum 安装的,配置文件路径为: /etc/httpd/conf/httpd.conf
下载 awstats 工具。
下载地址: http://www.awstats.org/files/awstats-7.1.tar.gz
# cd /opt
# wget http://www.awstats.org/files/awstats-7.1.tar.gz
# tar xvf awstats-7.1.tar.gz
# mv awstats-7.1 /usr/local/awstats
二、配置awstats分析httpd的访问日志
# cd /usr/local/awstats
# ls
# cd tools
# perl awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 1.9) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
 
-----> Running OS detected: Linux, BSD or Unix
 
-----> Check for web server install
 
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example:c:\Programfiles\apachegroup\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
>/etc/httpd/conf/httpd.conf   根据自己的 httpd 服务安装的具体路径填写
-----> Check and complete web server config file
'/etc/httpd/conf/httpd.conf'
 Add 'Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"'
 Add 'Alias /awstatscss
"/usr/local/awstats/wwwroot/css/"'
 Add 'Alias /awstatsicons
"/usr/local/awstats/wwwroot/icon/"'
 Add 'ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"'
 Add '<Directory>' directive
 AWStats directives added to Apache config file.
 
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
 File awstats.model.conf updated.
 
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ?y
 
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>lingling 可以是任意的名字,也可以是完整的域名格式,只是为了区分你要分析的那份日志的来源的网站,自己注意不要混淆就好。
 
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>
默认的 awstats 生成的配置文件目录,根据喜好可以更改。
-----> Create config file '/etc/awstats/awstats.lingling.conf'
 Config file /etc/awstats/awstats.lingling.conf created.
 
-----> Restart Web server with '/sbin/service httpd restart'
Stopping httpd:                                     [OK]
Starting httpd:                                       [OK]
 
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=lingling
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
 
A SIMPLE config file has been created: /etc/awstats/awstats.lingling.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'lingling' with command:
> perl awstats.pl -update -config=lingling
You can also read your statistics for 'lingling' with URL:
> http://localhost/awstats/awstats.pl?config=lingling
 
Press ENTER to finish...
 
1 、由于 httpd log 文件默认是 /var/log/httpd/access.log
所以要修改 /etc/awstats/awstats.lingling.conf 文件里的 LogFile
LogFile="/var/log/httpd/mylog.log" 改为 LogFile="/var/log/httpd/access_log"
或者 LogFile="var/log/access_log.%YYYY-0%MM-0%DD-0.log"
2 、然后,手动更新一下:
# cd /usr/local/awstats/wwwroot/cgi-bin/
# perl awstats.pl –update –config=lingling
或者: # /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=lingling
Error: AWStats database directory defined in config file by 'DirData' parameter (/var/lib/awstats) does not exist or is not writable.
Setup ('/etc/awstats/awstats.lingling.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
出错:忘记了创建 awstats 的默认数据存放目录
解决: # mkdir –m 755 /var/lib/awstats
# perl /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=lingling
Create/Update database for config "/etc/awstats/awstats.lingling.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/access_log"...
Phase 1 : First bypass old records, searching new record...
Direct access after last parsed record (after line 33664)
Jumped lines in file: 33664
 Found 33664 already parsed records.
Parsed lines in file:7
 Found 0 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 7 old records,
 Found 0 new qualified records.
3 、打开浏览器,用 awstats 分析日志:
http://10.100.10.11/awstats/awstats.pl?config=lingling
分析结果如下图:

4 、可以将更新的命令作为执行计划,使其每天执行一次,方便分析前一天的日。
# crontab –e
10 1 * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=lingling > /dev/null 2&>1
三、用awstats分析tomcat的访问日志
1 、要分析 tomcat 的日志,就要首先了解其日志格式。
并比较与 httpd 的访问日志格式有什么不同之处,然后就可以参照 awstats 分析 httpd 日志的格式来定义 awstats 分析 tomcat 的日志。
我的 tomcat 服务器上定义的访问日志格式如下:
<Valve className="org.apache.catalina.valves.
AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
       pattern="%h %l %u %t &quot;%r&quot; %s %b" />
%...a: 远程 IP 地址   
%...A: 本地 IP 地址   
%...B: 已发送的字节数,不包含 HTTP   
%...b: CLF 格式的已发送字节数量,不包含 HTTP 头。   
例如当没有发送数据时,写入 ‘-’ 而不是 0   
%e: 环境变量 FOOBAR 的内容   
%...f: 文件名字   
%...h: 远程主机   
%...H 请求的协议   
%i: Foobar 的内容,发送给服务器的请求的标头行。   
%...l: 远程登录名字(来自 identd ,如提供的话)   
%...m 请求的方法   
%n: 来自另外一个模块的注解 “Foobar” 的内容   
%o: Foobar 的内容,应答的标头行   
%...p: 服务器响应请求时使用的端口   
%...P: 响应请求的子进程 ID   
%...q 查询字符串(如果存在查询字符串,则包含 “?” 后面的   
部分;否则,它是一个空字符串。)   
%...r: 请求的第一行   
%...s: 状态。对于进行内部重定向的请求,这是指 * 原来 * 请求   
的状态。如果用 %...>s ,则是指后来的请求。   
%...t: 以公共日志时间格式表示的时间(或称为标准英文格式)   
%t: 以指定格式 format 表示的时间   
%...T: 为响应请求而耗费的时间,以秒计   
%...u: 远程用户(来自 auth ;如果返回状态( %s )是 401 则可能是伪造的)   
%...U: 用户所请求的 URL 路径   
%...v: 响应请求的服务器的 ServerName  
%...V: 依照 UseCanonicalName 设置得到的服务器名字   
最后的 tomcat 的访问日志内容如下:
203.156.200.162 - - [29/Aug/2012:11:16:58 +0800] "GET /front/magazine/getContent.htm?contentId=124504 HTTP/1.1" 200 20001
2 、由于我的 tomcat 服务器是在其他机器上,所以我将 tomcat 的服务日志 copy 到本机的 /var/log/httpd/ 下即可。
copy 的文件是: localhost_access_log.2012-08-29.txt
3 、配置 awstats 分析此日志 (tomcat 的域名并不是 httpd 的虚拟主机,所以没有写进 httpd.conf 文件里面 )
# cd /usr/local/awstats/tools
# perl awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 1.9) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
 
-----> Running OS detected: Linux, BSD or Unix
 
-----> Check for web server install
 
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
>none
Your web server config file(s) could not be found.
You will need to setup your web server manually to declare AWStats
script as a CGI, if you want to build reports dynamically.
See AWStats setup documentation (file docs/index.html)
 
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
 File awstats.model.conf updated.
 
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y
 
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>buoqu.com
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>
 
-----> Create config file '/etc/awstats/awstats.buoqu.com.conf'
 Config file /etc/awstats/awstats.buoqu.com.conf created.
 
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=buoqu.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
 
 
A SIMPLE config file has been created: /etc/awstats/awstats.buoqu.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'buoqu.com' with command:
> perl awstats.pl -update -config=buoqu.com
You can also build static report pages for 'buoqu.com' with command:
> perl awstats.pl -output=pagetype -config=buoqu.com
 
Press ENTER to finish...
4 、修改要分析日志文件
# vim /etc/awstats/awstats.buoqu.com.conf
LogFile="/var/log/httpd/mylog.log"
改为 LogFile="/var/log/httpd/localhost_access_log.2012-08-29.txt"
LogFile="/var/log/httpd/localhost_access_log. YYY-0%MM-0%DD-0.txt" 都可以。
5 、重启 httpd 服务,并分析日志
# service httpd restart
# cd /usr/local/awstats/wwwroot/cgi-bin
# perl awstats.pl -update -config=buoqu.com
Create/Update database for config "/etc/awstats/awstats.buoqu.com.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/localhost_access_log.2012-08-29.txt"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
AWStats did not find any valid log lines that match your LogFormat parameter, in the 50th first non commented lines read of your log.
Your log file /var/log/httpd/localhost_access_log.2012-08-29.txt must have a bad format or LogFormat parameter setup does not match this format.
Your AWStats LogFormat parameter is:
1
This means each line in your web server log file need to have "combined log format" like this:
111.22.33.44 - - [10/Jan/2001:02:14:14 +0200] "GET / HTTP/1.1" 200 1234 "http://www.fromserver.com/from.htm" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
And this is an example of records AWStats found in your log file (the record number 50 in your log):
203.208.60.231 - - [29/Aug/2012:00:02:47 +0800] "GET /front/magazine/getContent.htm?contentId=52253 HTTP/1.1" 200 18419
Setup ('/etc/awstats/awstats.buoqu.com.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
出错:日志格式不匹配。
解决:这个时候,就知道我为什么要先了解怎么定义 tomcat 的日志格式了。
修改文件 /etc/awstats/awstats.buoqu.com.conf
# vim /etc/awstats/awstats.buoqu.com.conf
LogFormat = 1
LogFormat="%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot" 这两行是注释的, 1 表示是 web 日志,下面是 httpd 的日志格式
LogFormat ="%host %other %logname %time1 %methodurl %code"
这是我修改后的匹配 tomcat 的日志格式
# perl awstats.pl -update -config=buoqu.com
Create/Update database for config "/etc/awstats/awstats.buoqu.com.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/localhost_access_log.2012-08-29.txt"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 22442
 Found 0 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 22442 new qualified records.
6 、打开网址查看分析结果:
http://10.100.10.11/awstats/awstats.pl?config=buoqu.com

7 手动执行命令可写入 crontab
①、 如果,想在分析页面上直接刷新,可以开启 AllowToUpdateStatsFromBrowser=1 ,默认情况下是关闭的。
②、 若是想每个页面上都直接有 立即更新 的按钮,而不想每次都手动的修改配置文件的话,可以再 awstats 的基本配置文件里修改。
# cd /usr/local/awstats/wwwroot/cgi-bin
# vim awstats.model.conf
AllowToUpdateStatsFromBrowser=0 改为 AllowToUpdateStatsFromBrowser=1 即可。
这样,以后的网页都可以直接点击刷新的。
注意:每次修改配置文件后要重启 httpd 服务
、若是要在浏览器上直接刷新,那么 apache 用户就要有对数据文件操作的权限
# chown apache.apache –R /var/lib/awstats
# chmod 755 /var/log/httpd
效果如图:

四、添加一些插件,使awstats看起来更人性化和直观化。
1 、首先下载所需要的插件:
# cd /opt
#wget http://www.maxmind.com/download/geoip/api/c/GeoIP-1.4.8.tar.gz
# tar xvf GeoIP-1.4.8.tar.gz
# cd GeoIP-1.4.8
# ./configure
# make && make install
# cd ..
#wget http://www.maxmind.com/download/geoip/api/perl/Geo-IP-1.40.tar.gz
# tar xvf Geo-IP-1.40.tar.gz
# cd Geo-IP-1.40
# perl Makeinstall.pl
# make && make install
# cd ..
# wget http://www.maxmind.com/download/geoip/api/pureperl/Geo-IP-PurePerl-1.25.tar.gz
#tar xvf Geo-IP-PurePerl-1.25.tar.gz
# perl –MCPAN –e shell
cpan[1]>install Geo::IP
cpan[2]>install Geo::IP::PurePerl
# cd /opt
# wget http://mirrors.download3k.com/token/4b6cdc111cdc95edb29534189f0ef839/GeoIP.dat.gz
# tar xvf GeoIP.dat.gz
2 、定义插件的使用方法:
可在各自的 /etc/awstats/awstats.domain.conf 的配置文件中定义,也可在 awstats 的主配置文件定义,然后全局生效。
如:
# vim /usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf
将以下语句的 # 注释去掉:
#LoadPlugin="tooltips"      html 报告中增加一些提示信息
#LoadPlugin="decodeutfkeys"  处理搜索引擎 UTF8 编码的关键字
#LoadPlugin="geoip GEOIP_STANDARD /opt/GeoIP.dat"
Internet IP-Country 数据库生成访问者来自国家的统计图表
并增加一条 LoadPlugin="qqhostinfo"
在访问主机表格中增加一列,显示 ip 对应的位置
qqhostinfo.pm 及需要的 qqwry.pl QQWry.dat 在http://down.51cto.com/data/496275里,有使用需求的可下载。
下载之后,要将这三个文件,放至 /usr/local/awstats/wwwroot/cgi-bin/plugins/ 下面:
# cd /usr/local/awstats/wwwroot/cgi-bin/plugins
# chmod 777 . –R

你可能感兴趣的:(tomcat,httpd,awstats,access.log)