看日志，分析varnish日志

#!/bin/sh # ?varnish切割日志，每隔一天切割一次

/usr/sbin/ntpdate 202.112.10.36 >> /dev/null?

看日志。logpath=/Data/logs

if [ -f $logpath/varnish.log ];then?

mv $logpath/varnish.log $logpath/varnish.`date "+%Y-%m-%d"`.log

elasticsearch 日志、killall -9 varnishncsa

/usr/bin/varnishncsa -n /var/lib/varnish/varnish01.example.com/ -w /Data/logs/varnish.log&

fi

elasticsearch日志查看？

#分析varnishi訪問日志，防CC爬蟲，varnish日志必須為每天切割一次，腳本為死循環方式執行，每執行一次會sleep一小時，獲取一小時內訪問超過百次，并且http response code 為4xx的IP

#!/bin/sh?

while true

do

num=100 #

varnishlog="/Data/logs/varnish.log" #

for i in `tac $varnishlog |awk 'BEGIN{ "date -d \"-60 minute\" +\"%H:%M:%S\"" |getline hour1ago } {if(substr($4,14) > hour1ago && $9~"4..") print}'|awk '{print $1}'|sort|uniq -c|sort -rn|awk -v count=$num '{if ($1>count){print $2}}'`

do

? ? ? iptables -I INPUT -p tcp -s $i --dport 80 -j DROP #Drop?

done

sleep 3600 ? #Sleep 1 hous?

iptables -F ?#Clear iptables

done