#!/bin/sh # ?varnish切割日志,每隔一天切割一次
/usr/sbin/ntpdate 202.112.10.36 >> /dev/null?
看日志。logpath=/Data/logs
if [ -f $logpath/varnish.log ];then?
mv $logpath/varnish.log $logpath/varnish.`date "+%Y-%m-%d"`.log
elasticsearch 日志、killall -9 varnishncsa
/usr/bin/varnishncsa -n /var/lib/varnish/varnish01.example.com/ -w /Data/logs/varnish.log&
fi
elasticsearch日志查看?
#分析varnishi訪問日志,防CC爬蟲,varnish日志必須為每天切割一次,腳本為死循環方式執行,每執行一次會sleep一小時,獲取一小時內訪問超過百次,并且http response code 為4xx的IP
#!/bin/sh?
while true
do
num=100 #
varnishlog="/Data/logs/varnish.log" #
for i in `tac $varnishlog |awk 'BEGIN{ "date -d \"-60 minute\" +\"%H:%M:%S\"" |getline hour1ago } {if(substr($4,14) > hour1ago && $9~"4..") print}'|awk '{print $1}'|sort|uniq -c|sort -rn|awk -v count=$num '{if ($1>count){print $2}}'`
do
? ? ? iptables -I INPUT -p tcp -s $i --dport 80 -j DROP #Drop?
done
sleep 3600 ? #Sleep 1 hous?
iptables -F ?#Clear iptables
done