sed，grep，awk命令常用法

查看当天nginx访问日志中2016:03:25到2016:05点passport.mingxiao.com域名访问量最多的url，可以查看网站是否被刷。

法一：

sed -n '/2016:03:25/, /2016:05/p' ./access_all.log | grep "^passport.mingxiao.com" | awk '{access[$8]++} END {for (A in access){print access[A], A}}' | sort -nr | head

1701009 /reg/checkusernameapi
48588 /login/submit
2749 /login/proxy
662 /authcode?key=
442 /
220 //login/submit
168 /reg/checkmobileapi
151 /reg/checkemailapi
151 /app/active/
116 /stat/regTJ?type=1&name=%E6%B3%A8%E5%86%8C%E5%B1%82%E6%89%93%E5%BC%80

法二：

sed -n '/2016:03:25/, /2016:05/p' ./access_all.log |grep "^passport.mingxiao" | awk '{print $8}'|sort|uniq -c |sort -rn|head -n 10
1701009 /reg/checkusernameapi
48588 /login/submit
2749 /login/proxy
662 /authcode?key=
442 /
220 //login/submit
168 /reg/checkmobileapi
151 /reg/checkemailapi
151 /app/active/
116 /stat/regTJ?type=1&name=%E6%B3%A8%E5%86%8C%E5%B1%82%E6%89%93%E5%BC%80

查看凌晨4点访问量最多的url，查看网站是否被刷

# grep '06/Dec/2016:04' access_all.log|awk '{print $8}'|sort|uniq -c |sort -rn|head -n 20
1085934 /reg/checkusernameapi
  23759 /login/submit
  10477 /
   1910 /login/proxy
    510 /favicon.ico
    148 /authcode?key=
    147 /up/fresh/
    145 /up/changemm/
    117 //login/submit
    114 /app/active/
     94 /reg/checkemailapi

查看日志中状态码200的日志有多少

# awk  '{if($8==200){print $0}}' ./game.51.com.access.log | wc -l
25736

删除当前目录下七天前的文件

find ./ -mtime +7  -exec rm {} \;

按单词查找

# grep -w 'root' /etc/passwd
# grep '\<root\>' /etc/passwd
root:x:0:0:root:/root:/bin/bash
operator:x:11:0:operator:/root:/sbin/nologin

 列相加

# awk '{sum+=$1}END{print sum}' ./sb