> For the complete documentation index, see [llms.txt](https://xu-an.gitbook.io/sec/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://xu-an.gitbook.io/sec/mido/apache/rizhi.md). # 日志审计 ### 1、Apache访问日志格式详解 访问日志文件access\_log记录了所有对Web服务器的访问活动,下面是访问日志access\_log中的一条标准记录 192.168.0.1 - - \[01/Apr/2020:10:37:19 +0800] "GET / HTTP/1.1" 200 45 日志字段所代表的内容如下: 1. 远程主机IP:表明访问网站的是谁 2. 空白(E-mail):为了避免用户的邮箱被垃圾邮件骚扰,第二项就用“-”取代了 3. 空白(登录名):用于记录浏览者进行身份验证时提供的名字。 4. 请求时间:用方括号包围,而且采用“公用日志格式”或者“标准英文格式”。 时间信息最后的“+0800”表示服务器所处时区位于UTC之后的8小时。 5. 方法+资源+协议:服务器收到的是一个什么样的请求。该项信息的典型格式是“METHOD RESOURCE PROTOCOL”,即“方法 资源 协议”。 METHOD: GET、POST、HEAD、…… RESOURCE: /、index.html、/default/index.php、……(请求的文件) PROTOCOL: HTTP+版本号 6. 状态代码:请求是否成功,或者遇到了什么样的错误。大多数时候,这项值是200,它表示服务器已经成功地响应浏览器的请求,一切正常。 7. 发送字节数:表示发送给客户端的总字节数。它告诉我们传输是否被打断(该数值是否和文件的大小相同)。把日志记录中的这些值加起来就可以得知服务器在一天、一周或者一月内发送了多少数据。 ### 2、apapche日志分析技巧——Linux+shell | 名称 | 对应命令 | | ---------------------------- | ------------------------------------------------------------------------------------------------ | | 当天访问次数最多的IP命令 | cut -d- -f 1 log\_file\|uniq -c \| sort -rn \| head -20 | | 查看当天有多少个IP访问 | awk '{print $1}' log\_file\|sort\|uniq\|wc -l | | 查看某一个页面被访问的次数 | grep "/index.php" log\_file \| wc -l | | 查看每一个IP访问了多少个页面 | awk '{++S\[$1]} END {for (a in S) print a,S\[a]}' log\_file | | 将每个IP访问的页面数进行从小到大排序 | awk '{++S\[$1]} END {for (a in S) print S\[a],a}' log\_file \| sort -n | | 查看IP访问了哪些页面 | grep ^192.168.1.1 log\_file\| awk '{print $1,$7}' | | 去掉搜索引擎统计当天的页面 | awk '{print $12,$1}' log\_file \| grep ^\\"Mozilla \| awk '{print $2}' \|sort \| uniq \| wc -l | | 查看2018年6月21日14时这一个小时内有多少IP访问 | awk '{print $4,$1}' log\_file \| grep 21/Jun/2018:14 \| awk '{print $2}'\| sort \| uniq \| wc -l | ![当天访问次数最多的IP](/files/-MDXTWM0grA1NkAs4wuI) ![查看当天有多少个IP访问](/files/-MDXTlm_kMAabnUk5qtO) ![查看某一个页面被访问的次数](/files/-MDXU3-lFNJ1fiHPLAv_) ![查看每一个IP访问了多少个页面](/files/-MDXUSk64wnXGYaeCaQy) ![将每个IP访问的页面数进行从小到大排序](/files/-MDXUjk78xXF43CYBFqX) ![查看 IP访问了哪些页面](/files/-MDXV3WrggfM1EgoORoP) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://xu-an.gitbook.io/sec/mido/apache/rizhi.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.