[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Omaha.pm] IIS log hackery



IIS logs look like this:

> zcat 443.access_log-20050609.gz | head
66.45.77.200 - - [08/Jun/2005:04:15:20 -0500] "GET /Omni?prop=STLDTN&pagedst=AvailReq&pagesrc=Hotels HTTP/1.1" 200 23293
10.0.37.2 - - [08/Jun/2005:04:15:22 -0500] "GET /Omni HTTP/1.0" 200 22159
10.0.37.2 - - [08/Jun/2005:04:15:28 -0500] "GET /Carlton HTTP/1.0" 200 6097
66.45.77.200 - - [08/Jun/2005:04:15:32 -0500] "POST /Omni?prop=STLDTN&pagedst=AvailReq&pagesrc=Hotels HTTP/1.1" 200 21303
66.45.77.200 - - [08/Jun/2005:04:15:41 -0500] "GET /Omni?prop=SFODTN&pagedst=AvailReq&pagesrc=Hotels HTTP/1.1" 200 23304
10.0.37.3 - - [08/Jun/2005:04:15:46 -0500] "GET /Omni HTTP/1.0" 200 22159
10.0.37.3 - - [08/Jun/2005:04:15:47 -0500] "GET /Carlton HTTP/1.0" 200 6097
204.94.250.10 - - [08/Jun/2005:04:15:48 -0500] "GET /images/calendar.gif HTTP/1.1" 200 145
10.0.37.2 - - [08/Jun/2005:04:15:50 -0500] "GET /Omni HTTP/1.0" 200 22159
10.0.37.2 - - [08/Jun/2005:04:15:50 -0500] "GET /Carlton HTTP/1.0" 200 6097

Here's a couple quick deals I just did where I found myself piping to Perl:


Count all the prop=XXXXX thingies to report count per XXXXX

> zcat 443.access_log-20050609.gz | grep 209.73.169. | perl -ne 'print /prop=(\w+)/, "\n";' | sort | uniq -c
      5 ATLCNN
      3 AUSSTH
     28 BOSPAR
     25 CHIAMB
     24 CHIDTN
...etc...


Count hits by class C

> zcat 443.access_log-20050609.gz | cut -d' ' -f1 | perl -pe 's/\.\d+$//' | sort | uniq -c | sort -nr | head
  10740 10.0.37
   4789 66.45.77
   3454 209.73.169
   1820 68.142.230
   1248 12.129.73
    223 10.0.33
    187 67.79.134
...etc...


Cheers,

j