求腳本，python處理文件

tony_413

文件格式為：

192.168.0.181 - - [04/Nov/2009:14:35:18 +0800] "CONNECT mail.google.com:443 HTTP/1.1" 200 11163 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:18 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:19 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:19 +0800] "GET http://www.jingoal.com/portal/publicity/manage_bbs/news/main.html HTTP/1.1" 200 1976 TCP_MEM_HIT:NONE 192.168.0.181 - - [04/Nov/2009:14:35:20 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:21 +0800] "GET http://www.jingoal.com/portal/pu ... gmaterial/main.html HTTP/1.1 " 200 3502 TCP_MEM_HIT:NONE 192.168.0.103 - - [04/Nov/2009:14:35:21 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:21 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:23 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:24 +0800] "GET http://www.jingoal.com/portal/cn/index.jsp HTTP/1.1" 200 5339 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:25 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 341 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:25 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:27 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 416 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:29 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:21:35:31 +0800] "CONNECT mail.google.com:443 HTTP/1.1" 200 1948 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:21:35:31 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:33 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 1198 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:35 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 341 TCP_MISS:DIRECT 192.168.0.181 - - [04/Nov/2009:14:35:36 +0800] "CONNECT mail.google.com:443 HTTP/1.1" 200 165 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:14:35:37 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 341 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:21:35:39 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.193 - - [04/Nov/2009:14:35:39 +0800] "POST http://www.jingoal.com/portal/pu ... stration/result.jsp HTTP /1.1" 200 333 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:21:35:41 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.193 - - [04/Nov/2009:21:35:41 +0800] "GET http://www.jingoal.com/favicon.ico HTTP/1.1" 302 662 TCP_MISS:DIRECT 192.168.0.127 - - [04/Nov/2009:14:35:42 +0800] "GET http://www.tpy100.com/product.aspx? HTTP/1.1" 200 11045 TCP_MISS:DIRECT 192.168.0.103 - - [04/Nov/2009:21:35:43 +0800] "POST http://207.46.124.200/gateway/gateway.dll? HTTP/1.1" 200 342 TCP_MISS:DIRECT 192.168.0.193 - - [04/Nov/2009:01:35:45 +0800] "GET http://www.jingoal.com/portal/cn/mobile/main.jsp HTTP/1.1" 200 3563 TCP_MISS:DIR ECT

要求：
       1、按照ip排序，統(tǒng)計每個ip訪問域名次數(shù)的前20個。
       2、過濾時間，只統(tǒng)計9：00-12：00，13：00-18：00的，其他時間不統(tǒng)計。

[ 本帖最后由 tony_413 于 2009-11-10 10:34 編輯 ]

tony_413

自己用shell寫了一個，但是文件一大，處理速度太慢。只實現(xiàn)了對ip排序和對每個ip訪問的域名統(tǒng)計20個，沒有排序，也沒有對時間過濾。

發(fā)出來，請高手指點一下。

#!/bin/sh SLog="/home/tony/shell/log/test.log" IPs=`awk '{ print $1 }' $SLog | sort | uniq` Doms=`awk -F"/" '{ print $5 }' $SLog | sort | uniq | grep -E "^[a-zA-Z0-9][a-z0-9]{0,}.\W.{1,}(com|cn|com.cn|net)$"` #Doms=`awk '{ print $2 }' $SLog | sort | uniq` #echo $Doms echo -e "+-----------------+-----------------------------+-------+" echo -e "|      IP         |      Site and Domain        | Count |" echo -e "+-----------------+-----------------------------+-------+" for ip in $IPs do         #ip_total=`grep "$ip" $SLog | wc -l`         #echo -e "$ip\t$ip_total"         for dom in $Doms         do                 i=1                 count=`grep "$ip" $SLog | grep "$dom" | wc -l`                 if [ "$i" -lt 20 ]                 then                         if [ "$count" -gt 0 ]                         then                                 echo -e "|  $ip  |    $dom    |   $count   |"                                 echo -e "+-----------------+-----------------------------+-------+"                         fi                         ((i++))                 fi         done done

smallfish_xy

說下思路：

while True:
   #讀取一行
   #如果時間是9：00-12：00，13：00-18：00則繼續(xù)，否則continue
   #以IP為dict的key，然后把域名加入到value里去（value可以嵌套網(wǎng)址）

或者你把這些log直接都split下，存在數(shù)據(jù)庫，然后想怎么查就怎么查把

tony_413

先謝謝樓上了。

怎么把讀入一行中的ip和域名取出來呀，我在python中執(zhí)行awk命令老是報錯。

while True：
        os.system("awk '{ print $1}'" + line)

openspace

正則表達(dá)式自己處理就可以
re模塊

tony_413

我對python的re模塊不熟悉，麻煩樓上給個例子唄。

openspace

隨便找本書看看就可以
像Python核心編程、Programming Python
網(wǎng)上應(yīng)該有現(xiàn)成的
http://www.baidu.com/s?word=+pyt ... 3&wd=+python+re

tony_413

看了幾個，都沒看明白。樓上的最好給個例子。

比如： GET [url]http://www.tpy100.com[/url]

提取出www.tpy100.com

[ 本帖最后由 tony_413 于 2009-11-10 15:00 編輯 ]

jiang_ocean

awk '{w=substr($4,14,2);if(w>9&&w<1{print $0}}' ww
awk  '{a[$1]++}END{for (i in a )if(a>20){print i,a}}' ww
awk 處理這種事情比較好吧，可以把上面兩個合并一下。

[ 本帖最后由 jiang_ocean 于 2009-11-10 15:00 編輯 ]

tony_413

執(zhí)行：awk  '{a[$1]++}END{for (i in a )if(a>20){print i,a}}'
報錯：
awk: (FILENAME=log/test.log FNR=1359859) fatal: attempt to use array `a' in a scalar context