用LINUX脚本分析NETSCREEN日志

 

#!/bin/bash
#这里放注释
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
export PATH

mail_to=”test@test.com test2@test.com ”
nslog=/dev/shm/ns.log

#下面就是脚本的主要内容,可以声明变量可以写函数之类的
cat ${nslog} |awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==50' | nali | iconv -f utf-8 -t gb2312 |  mail -s "防火墙半小时访问IP统计TOP50" ${mail_to}
cat ${nslog} |grep 199.198.197.81| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "movie.test.com(199.198.197.81)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.98| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "search.test.com(199.198.197.98)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.99| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "people.test.com(199.198.197.99)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.100| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "news.test.com(199.198.197.100)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.41| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "my.test.com(199.198.197.41)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.16| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "i.test.com(199.198.197.16)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.68| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "dyy.test.com(199.198.197.68)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.57| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "img2.test.com(199.198.197.57)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.101| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "service.test.com(199.198.197.101)访问IP统计TOP20" ${mail_to}
cat ${nslog} |grep 199.198.197.32| awk '{print $22}' | sort | uniq -c  | sort -rnk1 | awk 'NR==1,NR==20' | nali | iconv -f utf-8 -t gb2312 |  mail -s "theater.test.com(199.198.197.32)访问IP统计TOP20" ${mail_to}

# The  logs path
logs_path="/var/log/netscreen/"

mkdir -p ${logs_path}$(date -d "today" +"%Y")/$(date -d "today" +"%m")/
mv ${nslog} ${logs_path}$(date -d "today" +"%Y")/$(date -d "today" +"%m")/ns_$(date -d "today" +"%Y%m%d%H%M").log
kill -SIGHUP `cat /var/run/syslogd.pid`

 

设计思想:  

    将SYSLOG接收到的防火墙日志进行定时切断(半小时一次)并输出到文件(当然可以采用压缩备档) 经实践 kill -SIGHUP `cat /var/run/syslogd.pid` 这个可以搞定截断。

如此则可以采用一个较小的日志文件进行分析。

   将SYSLOG接收文件目录设置为内存之中(32G),减低读写IO负担,大幅增加日志分析的速度。

每个分析的语句还是冗余了,有待提炼简化。

你可能感兴趣的:(linux,脚本,职场,休闲,NETSCREEN日志)