求脚本，python处理文件

tony_413

文件格式为：

192.168.0.181 - - [04/Nov/2009:14:35:18 +0800] "CONNECT mail.google.com:443 HTTP/1.1" 200 11163 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:18 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:19 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:19 +0800] "GET http://www.jingoal.com/portal/publicity/manage_bbs/news/main.html HTTP/1.1" 200 1976 TCP_MEM_HIT:NONE 192.168.0.181 - - [04/Nov/2009:14:35:20 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:21 +0800] "GET http://www.jingoal.com/portal/pu ... gmaterial/main.html HTTP/1.1 " 200 3502 TCP_MEM_HIT:NONE 192.168.0.103 - - [04/Nov/2009:14:35:21 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:21 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:23 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:24 +0800] "GET http://www.jingoal.com/portal/cn/index.jsp HTTP/1.1" 200 5339 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:25 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 341 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:25 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:27 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 416 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:29 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:21:35:31 +0800] "CONNECT mail.google.com:443 HTTP/1.1" 200 1948 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:21:35:31 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:33 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 1198 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:35 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 341 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:36 +0800] "CONNECT mail.google.com:443 HTTP/1.1" 200 165 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:37 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 341 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:21:35:39 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.193 - - [04/Nov/2009:14:35:39 +0800] "POST http://www.jingoal.com/portal/pu ... stration/result.jsp HTTP /1.1" 200 333 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:21:35:41 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.193 - - [04/Nov/2009:21:35:41 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.127 - - [04/Nov/2009:14:35:42 +0800] "GET http://www.tpy100.com/product.aspx? HTTP/1.1" 200 11045 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:21:35:43 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.193 - - [04/Nov/2009:01:35:45 +0800] "GET http://www.jingoal.com/portal/cn/mobile/main.jsp HTTP/1.1" 200 3563 TCP_MISS:DIR ECT

要求：
       1、按照ip排序，统计每个ip访问域名次数的前20个。
       2、过滤时间，只统计9：00-12：00，13：00-18：00的，其他时间不统计。

[ 本帖最后由 tony_413 于 2009-11-10 10:34 编辑 ]

tony_413

自己用shell写了一个，但是文件一大，处理速度太慢。只实现了对ip排序和对每个ip访问的域名统计20个，没有排序，也没有对时间过滤。

发出来，请高手指点一下。

#!/bin/sh SLog="/home/tony/shell/log/test.log" IPs=`awk '{ print $1 }' $SLog | sort | uniq` Doms=`awk -F"/" '{ print $5 }' $SLog | sort | uniq | grep -E "^[a-zA-Z0-9][a-z0-9]{0,}.\W.{1,}(com|cn|com.cn|net)$"` #Doms=`awk '{ print $2 }' $SLog | sort | uniq` #echo $Doms echo -e "+-----------------+-----------------------------+-------+" echo -e "|      IP         |      Site and Domain        | Count |" echo -e "+-----------------+-----------------------------+-------+" for ip in $IPs do         #ip_total=`grep "$ip" $SLog | wc -l`         #echo -e "$ip\t$ip_total"         for dom in $Doms         do                 i=1                 count=`grep "$ip" $SLog | grep "$dom" | wc -l`                 if [ "$i" -lt 20 ]                 then                         if [ "$count" -gt 0 ]                         then                                 echo -e "|  $ip  |    $dom    |   $count   |"                                 echo -e "+-----------------+-----------------------------+-------+"                         fi                         ((i++))                 fi         done done

smallfish_xy

说下思路：

while True:
   #读取一行
   #如果时间是9：00-12：00，13：00-18：00则继续，否则continue
   #以IP为dict的key，然后把域名加入到value里去（value可以嵌套网址）

或者你把这些log直接都split下，存在数据库，然后想怎么查就怎么查把

tony_413

先谢谢楼上了。

怎么把读入一行中的ip和域名取出来呀，我在python中执行awk命令老是报错。

while True：
        os.system("awk '{ print $1}'" + line)

openspace

正则表达式自己处理就可以
re模块

tony_413

我对python的re模块不熟悉，麻烦楼上给个例子呗。

openspace

随便找本书看看就可以
像Python核心编程、Programming Python
网上应该有现成的
http://www.baidu.com/s?word=+pyt ... 3&wd=+python+re

tony_413

看了几个，都没看明白。楼上的最好给个例子。

比如： GET [url]http://www.tpy100.com[/url]

提取出www.tpy100.com

[ 本帖最后由 tony_413 于 2009-11-10 15:00 编辑 ]

jiang_ocean

awk '{w=substr($4,14,2);if(w>9&&w<1{print $0}}' ww
awk  '{a[$1]++}END{for (i in a )if(a>20){print i,a}}' ww
awk 处理这种事情比较好吧，可以把上面两个合并一下。

[ 本帖最后由 jiang_ocean 于 2009-11-10 15:00 编辑 ]

tony_413

执行：awk  '{a[$1]++}END{for (i in a )if(a>20){print i,a}}'
报错：
awk: (FILENAME=log/test.log FNR=1359859) fatal: attempt to use array `a' in a scalar context