多维度日志日志分析脚本 #!/bin/bash # 多维度nginx日志分析 LOG_FILE="/var/log/nginx/access.log" multi_dimension_analysis() { echo "=== 多维度分析报告 ===" # 按小时统计访问量 echo "24小时访问量分布:" awk '{ time = substr($4, 14, 2) hour_count[time]++ } END { for (h=0; h<24; h++) { printf "%02d:00-%02d:59 %6d 次", h, h, hour_count[sprintf("%02d", h)]+0 # 简单的图形化显示 bars = int((hour_count[sprintf("%02d", h)]+0) / 100) for (i=0; i<bars; i++) printf "█" printf "\n" } }' "$LOG_FILE" # IP地理位置分析 (需要geoip数据库) echo "访问来源分析:" awk '{print $1}' "$LOG_FILE" | \ sort | uniq -c | sort -nr | head -20 | \ while read count ip; do # 这里可以集成GeoIP查询 printf "%-15s %8d 次\n" "$ip" "$count" done # 用户代理分析 echo "浏览器/爬虫统计:" awk -F'"' '{ ua = $6 if (ua ~ /bot|spider|crawler/i) type = "爬虫" else if (ua ~ /Mobile|Android|iPhone/i) type = "移动端" else if (ua ~ /Chrome|Firefox|Safari/i) type = "桌面浏览器" else type = "其他" ua_type[type]++ } END { for (type in ua_type) { printf "%-12s %8d 次\n", type, ua_type[type] } }' "$LOG_FILE" # 响应码时间分布 echo "响应码时间分布:" awk '{ hour = substr($4, 14, 2) status = $9 status_hour[status"_"hour]++ total_hour[hour]++ } END { for (status in {"200":1, "404":1, "500":1}) { printf "\n%s状态码分布:\n", status for (h=0; h<24; h++) { key = status"_"sprintf("%02d", h) count = status_hour[key]+0 total = total_hour[sprintf("%02d", h)]+0 if (total > 0) { percentage = count * 100 / total printf "%02d时: %6d次 (%.1f%%)\n", h, count, percentage } } } }' "$LOG_FILE" } multi_dimension_analysis

磁盘空间清理脚本 #!/bin/bash # 磁盘空间分析和清理脚本 echo "=== 磁盘空间分析 ===" # 找出占用空间最大的目录 echo "占用空间最大的目录 TOP 10:" du -h /var 2>/dev/null | \ sort -hr | head -10 | \ awk '{printf "%-10s %s\n", $1, $2}' # 找出大文件 echo "大于100MB的文件:" find /var/log -type f -size +100M -exec ls -lh {} \; 2>/dev/null | \ awk '{printf "%-10s %s\n", $5, $9}' | \ sort -hr # 分析日志文件增长趋势 echo "日志文件大小变化 (最近7天):" for i in {0..6}; do date_str=$(date -d "$i days ago" '+%Y-%m-%d') total_size=$(find /var/log -name "*.log*" -newermt "$date_str 00:00:00" ! -newermt "$date_str 23:59:59" -exec du -cb {} + 2>/dev/null | tail -1 | awk '{print $1}') if [ -n "$total_size" ] && [ "$total_size" -gt 0 ]; then printf "%s: %.2f MB\n" "$date_str" $(echo "scale=2; $total_size/1024/1024" | bc) fi done

网站被攻击时的应急响应脚本 #!/bin/bash # 应急响应脚本 echo "=== 安全事件分析 ===" # 查找异常IP echo "可疑IP (请求量 > 1000):" awk '{print $1}' /var/log/nginx/access.log | \ sort | uniq -c | \ awk '$1 > 1000 {print $2, $1}' | \ sort -k2 -nr # 查找SQL注入尝试 echo "SQL注入尝试:" grep -i "union\|select\|drop\|insert" /var/log/nginx/access.log | \ awk '{print $1, $7}' | \ sort | uniq -c | \ sort -nr # 查找文件包含攻击 echo "文件包含攻击:" grep -E "\.\./|etc/passwd|proc/self" /var/log/nginx/access.log | \ awk '{print $1, $7}' | head -20

实用系统监控脚本 #!/bin/bash # 系统资源监控脚本 THRESHOLD_CPU=80 THRESHOLD_MEM=85 THRESHOLD_DISK=90 check_system() { echo "=== 系统监控报告 $(date) ===" # CPU检查 local cpu_usage=$(top -bn1 | grep "Cpu(s)" | awk '{print $2}' | sed 's/%us,//') echo "CPU使用率: ${cpu_usage}%" if (( $(echo "$cpu_usage > $THRESHOLD_CPU" | bc -l) )); then echo "CPU使用率超过阈值 ($THRESHOLD_CPU%)" echo "TOP 5 CPU消耗进程:" ps aux | awk 'NR>1 {print $11, $3, $2}' | sort -k2 -nr | head -5 | \ awk '{printf "%-20s CPU: %6.2f%% PID: %s\n", $1, $2, $3}' fi # 内存检查 local mem_info=$(free | awk 'NR==2{printf "%.2f %.2f %.2f", $3*100/$2, $3, $2}') local mem_usage=$(echo $mem_info | awk '{print $1}') local mem_used=$(echo $mem_info | awk '{print $2}') local mem_total=$(echo $mem_info | awk '{print $3}') echo "内存使用率: ${mem_usage}% ($(echo "scale=1; $mem_used/1024/1024" | bc)G/$(echo "scale=1; $mem_total/1024/1024" | bc)G)" if (( $(echo "$mem_usage > $THRESHOLD_MEM" | bc -l) )); then echo "内存使用率超过阈值 ($THRESHOLD_MEM%)" echo "TOP 5 内存消耗进程:" ps aux | awk 'NR>1 {print $11, $4, $2}' | sort -k2 -nr | head -5 | \ awk '{printf "%-20s MEM: %6.2f%% PID: %s\n", $1, $2, $3}' fi # 磁盘检查 echo "磁盘使用情况:" df -h | awk 'NR>1 && $1 !~ /tmpfs|devtmpfs/ { usage = $5 gsub(/%/, "", usage) printf "%-20s %8s/%8s (%s)\n", $1, $3, $2, $5 if (usage > '$THRESHOLD_DISK') { printf " %s 使用率超过阈值 ('$THRESHOLD_DISK'%%)\n", $1 } }' # 网络连接检查 local tcp_connections=$(ss -t | wc -l) local established=$(ss -t state established | wc -l) echo "网络连接: TCP总数 $tcp_connections, 已建立 $established" # 负载检查 local load_avg=$(uptime | awk -F'load average:' '{print $2}' | awk '{print $1}' | sed 's/,//') echo "系统负载: $load_avg" # 检查是否有僵尸进程 local zombie_count=$(ps aux | awk '$8 ~ /^Z/ {count++} END {print count+0}') if [ $zombie_count -gt 0 ]; then echo "发现 $zombie_count 个僵尸进程" fi } check_system

实用日志轮转清理脚本 #!/bin/bash # 智能日志清理脚本 LOG_DIRS=("/var/log/nginx" "/var/log/apache2" "/var/log/myapp") KEEP_DAYS=30 COMPRESS_DAYS=7 cleanup_logs() { local log_dir=$1 if [ ! -d "$log_dir" ]; then echo "目录不存在: $log_dir" return fi echo "清理目录: $log_dir" # 压缩7天前的日志 find "$log_dir" -name "*.log" -mtime +$COMPRESS_DAYS -not -name "*.gz" | while read logfile; do echo "压缩: $logfile" gzip "$logfile" done # 删除30天前的压缩日志 local deleted_count=$(find "$log_dir" -name "*.log.gz" -mtime +$KEEP_DAYS -delete -print | wc -l) if [ $deleted_count -gt 0 ]; then echo "删除了 $deleted_count 个过期日志文件" fi # 清理空的日志文件 find "$log_dir" -name "*.log" -size 0 -delete # 统计清理后的情况 local total_size=$(du -sh "$log_dir" 2>/dev/null | awk '{print $1}') local file_count=$(find "$log_dir" -name "*.log*" | wc -l) echo "清理后: $file_count 个文件, 总大小 $total_size" } # 主程序 echo "=== 日志清理开始 $(date) ===" for dir in "${LOG_DIRS[@]}"; do cleanup_logs "$dir" echo "---" done # 清理系统日志 echo "清理系统日志..." journalctl --vacuum-time=30d --vacuum-size=1G echo "=== 日志清理完成 $(date) ==="