commit adb1b8ae4c44734ced281dfa0579159dda4fc080 from: gonzalo date: Wed Nov 14 10:32:44 2018 UTC Add logs_analize, stolen from ( https://dev.to/int9h/how-to-analyze-openbsds-httpd-accesslog-with-a-shell-script-1jd2 ) with some modifications commit - 8754f60320a41bbc2dd90c3eda3c1b36899bdf7e commit + adb1b8ae4c44734ced281dfa0579159dda4fc080 blob - /dev/null blob + 880d614c8595ec9b7d12415c179a019f7ff52e67 (mode 755) --- /dev/null +++ logs_analize @@ -0,0 +1,120 @@ +#!/bin/sh + +LOGFILE="$1" +RESPONSE_CODE="200" + +filters() { +grep $RESPONSE_CODE \ +| grep -v "" \ +| grep -v "favicon.ico" \ +| grep -v "logfile turned over" +} + +filter_response_codes() +{ +grep -v "" \ +| grep -v "logfile turned over" \ +| awk '{print $10}' +} + +filter_404_response() { +grep "404" +} + +ips() { +awk '{print $2}' +} + +domain() { +awk '{print $1}' +} + +methods() { +awk '{print $7}' | cut -d'"' -f2 +} + +sort_count() { +sort | uniq -c +} + +sort_desc() { +sort -rn +} + +top_ten() { +head -10 +} + +sep() { +printf "\n" +} + +## +# Actions +## +action_request_ips() { + sep + echo "[+] Top requests from IPs" + sep + cat $LOGFILE \ + | filters \ + | ips \ + | sort_count \ + | sort_desc \ + | top_ten + sep +} + +action_request_methods() { + sep + echo "[+] Count requests methods" + sep + cat $LOGFILE \ + | filters \ + | methods \ + | sort_count + sep +} + +action_pages() { + sep + echo "[+] Top requested pages" + sep + cat $LOGFILE \ + | filters \ + | pages \ + | sort_count \ + | sort_desc \ + | top_ten + sep +} + +action_404() { + sep + echo "[+] Top requests 404" + sep + cat $LOGFILE \ + | filter_404_response \ + | pages \ + | sort_count \ + | sort_desc \ + | top_ten + sep +} + +action_response_codes() { + sep + echo "[+] Response code" + sep + cat $LOGFILE \ + | filter_response_codes \ + | sort_count \ + | sort_desc + sep +} + +action_request_ips +action_request_methods +action_response_codes +action_pages +action_404