Apache服务的日志分割与日志分析

  
日志分割
  • 随着网站的访问量增加,默认情况下Apache的单个日志文件也会越来越大

  • 日志文件占用磁盘空间很大

  • 查看相关信息不方便

两种日志分割工具

  • Apache自带rotatelogs分割工具实现

  • 第三方工具cronolog分割

rotatelogs分割工具实验

(1)安装httpd服务。

[root@localhost ~]# yum install httpd -y
........省略安装过程

技术分享图片

(2)安装完毕后,我们可以查看,日志文件存放目录“/var/log/httpd/”可以看到并没有日志文件。当我们开启服务后再次查看,日志文件生成。

[root@localhost ~]# ls /var/log/httpd/                        //查看目录
[root@localhost ~]# systemctl start httpd                //开启服务
[root@localhost ~]# ls /var/log/httpd/                       //查看目录
access_log  error_log                                               //日志文件
[root@localhost ~]# systemctl stop firewalld.service                //关闭防火墙
[root@localhost ~]# setenforce 0                           //关闭增强性安全功能
[root@localhost ~]#

(3)查看IP地址。

[root@localhost ~]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.52.133  netmask 255.255.255.0  broadcast 192.168.52.255
        inet6 fe80::3e1d:31ba:f66a:6f80  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:27:1c:3f  txqueuelen 1000  (Ethernet)
        RX packets 11004  bytes 14155417 (13.4 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 5374  bytes 360388 (351.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

(4)对配置文件进行修改(可以用“ / ”来查询关键字修改)。

[root@localhost ~]# vim /etc/httpd/conf/httpd.conf

Listen 192.168.52.133:80          //开启IPv4监听
#Listen 80                                    //注释IPv6监听

ServerName www.abc.com:80          //设置域名

#ErrorLog "logs/error_log"
ErrorLog "| /usr/sbin/rotatelogs -l logs/www.abc.com.error_%Y%m%dlog 86400"   //错误日志配置

# CustomLog "logs/access_log" combined
CustomLog "| /usr/sbin/rotatelogs -l logs/www.abc.com.access_%Y%m%dlog 86400" combined   //访问日志配置

[root@localhost ~]# systemctl restart httpd                //重启服务
[root@localhost ~]#

技术分享图片

技术分享图片

技术分享图片

(5)我们先查看日志文件目录,此时只有错误日志。当我们用win10主机访问网站后再查看,就生成了访问日志。

技术分享图片

[root@localhost ~]# 
[root@localhost ~]# cd /var/log/httpd/                //进入日志文件存放目录
[root@localhost httpd]# ls                  //查看
access_log  error_log  www.abc.com.error_20191025log        //只有错误日志
[root@localhost httpd]# ls                 //用win10主机访问后再次查看
access_log  error_log  www.abc.com.access_20191025log  www.abc.com.error_20191025log   //访问日志生成
[root@localhost httpd]# 

(6)我们用“date -s”命令,将系统日期向后修改一天后,重启服务再次查看目录,又生成了新的一天的日志文件。

[root@localhost httpd]# date -s 10/26/19
2019年 10月 26日 星期六 00:00:00 CST
[root@localhost httpd]# 
[root@localhost httpd]# ls
access_log  error_log  www.abc.com.access_20191025log  www.abc.com.error_20191025log
[root@localhost httpd]# systemctl restart httpd
[root@localhost httpd]# ls
access_log  error_log  www.abc.com.access_20191025log  www.abc.com.error_20191025log  www.abc.com.error_20191026log
[root@localhost httpd]# 

第三方工具cronolog实验

(1)我们先安装httpd服务。

[root@localhost ~]# yum install httpd -y
......//省略安装过程
[root@localhost ~]# 

(2)通过Samba服务将cronolog工具的安装包从宿主机挂载到Linux系统。

[root@localhost ~]# mkdir /mnt/tools             //创建挂载目录
[root@localhost ~]# smbclient -L //192.168.100.50/      //检查共享
Enter SAMBA\root‘s password: 
OS=[Windows 10 Enterprise LTSC 2019 17763] Server=[Windows 10 Enterprise LTSC 2019 6.3]

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       远程 IPC
    share           Disk      
    tools           Disk      
    Users           Disk      
Connection to 192.168.100.50 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
NetBIOS over TCP disabled -- no workgroup available
[root@localhost ~]# mount.cifs //192.168.100.50/tools /mnt/tools           //挂载
Password for root@//192.168.100.50/tools:  
[root@localhost ~]# ls /mnt/tools/          //查看
awstats-7.6.tar.gz                fiddler.exe                john-1.8.0.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm  intellijideahahau2018.rar  LAMP-C7
extundelete-0.2.4.tar.bz2         jdk-8u191-windows-x64.zip
[root@localhost ~]# 

(3)用“rpm”命令直接安装cronolog工具。

[root@localhost ~]# cd /mnt/tools            //切换目录
[root@localhost tools]# ls            //查看
awstats-7.6.tar.gz                fiddler.exe                john-1.8.0.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm  intellijideahahau2018.rar  LAMP-C7
extundelete-0.2.4.tar.bz2         jdk-8u191-windows-x64.zip
[root@localhost tools]# rpm -ivh cronolog-1.6.2-14.el7.x86_64.rpm        //安装
警告:cronolog-1.6.2-14.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID 352c64e5: NOKEY
准备中...                          ################################# [100%]
正在升级/安装...
   1:cronolog-1.6.2-14.el7            ################################# [100%]
[root@localhost tools]# 

(4) 查看命令文件存放目录。

[root@localhost tools]# which cronolog    //查看命令文件存放目录
/usr/sbin/cronolog
[root@localhost tools]# 

(5)对httpd服务的配置文件进行修改。

[root@localhost tools]# vim /etc/httpd/conf/httpd.conf

Listen 192.168.52.133:80          //开启IPv4监听
#Listen 80                                    //注释IPv6监听

ServerName www.abc.com:80     //设置域名

#ErrorLog "logs/error_log"
ErrorLog "| /usr/sbin/cronolog logs/www.abc.com.error_%Y%m%d.log"   //配置错误日志

    #CustomLog "logs/access_log" combined
    CustomLog "| /usr/sbin/cronolog logs/www.abc.com.access_%Y%m%d.log" combined   //配置访问日志

(6)实验结果测试。

技术分享图片

[root@localhost tools]# systemctl start httpd              //开启httpd服务
[root@localhost tools]# systemctl stop firewalld.service           //关闭防火墙
[root@localhost tools]# setenforce 0          //关闭增强性安全功能
[root@localhost tools]# ls /var/log/httpd/      //查看日志存放目录
www.abc.com.error_20191025.log              //只有错误日志
[root@localhost tools]# ls /var/log/httpd/       //用win10主机访问后再查看
www.abc.com.access_20191025.log  www.abc.com.error_20191025.log    //访问日志生成
[root@localhost tools]# 
[root@localhost tools]# date -s 10/26/19     //更改系统时间
2019年 10月 26日 星期六 00:00:00 CST
[root@localhost tools]# systemctl restart httpd      //重启服务
[root@localhost tools]# ls /var/log/httpd/               //再次查看日志存放目录
www.abc.com.access_20191025.log  www.abc.com.error_20191025.log  www.abc.com.error_20191026.log    //生成新日志文件
[root@localhost tools]# 

AWStats日志分析系统介绍

AWStats 日志分析系统

  • Per语言开发的一款开源日志分析系统

  • 可用来分析Apache、Samba、 Vsftpd、 IIS等服务器的访问日志信息结合crond等计划任务服务,可对日志内容定期进行分析

部署AWStats日志分析系统实验

(1)安装httpd服务和bind(named)服务。

[root@localhost ~]# yum install bind httpd -y
......//省略安装过程

技术分享图片

(2)对named服务的主配置文件进行修改。

[root@localhost ~]# vim /etc/named.conf

options {
        listen-on port 53 { any; };                   //127.0.0.1改为any
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursing-file  "/var/named/data/named.recursing";
        secroots-file   "/var/named/data/named.secroots";
        allow-query     { any; };               //localhost改为any

(3)对named服务的区域配置文件进行修改。

[root@localhost ~]# vim /etc/named.rfc1912.zones

zone "abc.com" IN {                                 //添加一个域名信息
        type master;
        file "abc.com.zone";
        allow-update { none; };
};

(4)查看一下IP地址。

[root@localhost named]# ifconfig 
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.52.133  netmask 255.255.255.0  broadcast 192.168.52.255
        inet6 fe80::3e1d:31ba:f66a:6f80  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:27:1c:3f  txqueuelen 1000  (Ethernet)
        RX packets 14532  bytes 20210558 (19.2 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 6054  bytes 399142 (389.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

(5)保留权限复制一份named服务的区域数据配置文件,进行修改。

[root@localhost ~]# cd /var/named/          //切换目录
[root@localhost named]# ls                        //查看
data  dynamic  named.ca  named.empty  named.localhost  named.loopback  slaves
[root@localhost named]# cp -p named.localhost abc.com.zone    //复制
[root@localhost named]# vim abc.com.zone 

$TTL 1D
@       IN SOA  @ rname.invalid. (
                                        0       ; serial
                                        1D      ; refresh
                                        1H      ; retry
                                        1W      ; expire
                                        3H )    ; minimum
        NS      @
        A       127.0.0.1
www IN  A       192.168.52.133             //添加IPv4的域名解析

(6)开启named服务。

[root@localhost named]# systemctl start named      //开启服务
[root@localhost named]# systemctl stop firewalld.service      //关闭防火墙
[root@localhost named]# setenforce 0         //关闭增强性安全功能
[root@localhost named]# 

(7)对httpd服务的配置文件进行修改。

[root@localhost named]# cd /etc/httpd/
[root@localhost httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run
[root@localhost httpd]# vim conf/httpd.conf

Listen 192.168.52.133:80      //开启IPv4监听
#Listen 80                               //注销IPv6监听

#
ServerName www.abc.com:80     //配置域名

(8)开启服务,查看日志文件存放目录

[root@localhost httpd]# systemctl start httpd.service    //开启服务
[root@localhost httpd]# 
[root@localhost httpd]# ls /var/log/httpd/      //查看
access_log  error_log       //访问日志和错误日志文件
[root@localhost httpd]# 

(9)用Samba服务将工具压缩包,从宿主机挂载到Linux系统。

[root@localhost httpd]# mkdir /mnt/abc     //创建挂载目录
[root@localhost httpd]# smbclient -L //192.168.100.50/      //查看共享
Enter SAMBA\root‘s password: 
OS=[Windows 10 Enterprise LTSC 2019 17763] Server=[Windows 10 Enterprise LTSC 2019 6.3]

    Sharename       Type      Comment
    ---------       ----      -------
    IPC$            IPC       远程 IPC
    share           Disk      
    tools           Disk      
    Users           Disk      
Connection to 192.168.100.50 failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
NetBIOS over TCP disabled -- no workgroup available
[root@localhost httpd]# mount.cifs //192.168.100.50/tools /mnt/abc      //挂载
Password for root@//192.168.100.50/tools:  
[root@localhost httpd]# ls /mnt/abc/      //查看挂载目录
awstats-7.6.tar.gz                fiddler.exe                john-1.8.0.tar.gz
cronolog-1.6.2-14.el7.x86_64.rpm  intellijideahahau2018.rar  LAMP-C7
extundelete-0.2.4.tar.bz2         jdk-8u191-windows-x64.zip
[root@localhost httpd]# tar zxvf /mnt/abc/awstats-7.6.tar.gz -C /opt/      //将压缩包解压到“/opt/”目录
[root@localhost httpd]# ls /opt      //查看“/opt/”目录
awstats-7.6  rh
[root@localhost httpd]#
[root@localhost httpd]# mv /opt/awstats-7.6/ /usr/local/awstats      //将解压包移动到“/usr/local/”目录,命名为“awstats ”
[root@localhost httpd]# ls /usr/local/     //查看
awstats  bin  etc  games  include  lib  lib64  libexec  sbin  share  src
[root@localhost httpd]# 

(10)进入“/usr/local/awstats/tools”目录

[root@localhost httpd]# 
[root@localhost httpd]# cd /usr/local/awstats/
[root@localhost awstats]# ls
docs  README.md  tools  wwwroot
[root@localhost awstats]# cd tools/
[root@localhost tools]# ls
awstats_buildstaticpages.pl  dolibarr            maillogconvert.pl   xslt
awstats_configure.pl         geoip_generator.pl  nginx
awstats_exportlib.pl         httpd_conf          urlaliasbuilder.pl
awstats_updateall.pl         logresolvemerge.pl  webmin

(11)对awstats进行配置。

[root@localhost tools]# ./awstats_configure.pl 

----- AWStats awstats_configure 1.0 (build 20140126) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to ‘understand‘ all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).

-----> Running OS detected: Linux, BSD or Unix

-----> Check for web server install

Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path (‘none‘ to skip web server setup):
> /etc/httpd/conf/httpd.conf                      //指定httpd服务配置文件

-----> Check and complete web server config file ‘/etc/httpd/conf/httpd.conf‘
  Add ‘Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"‘
  Add ‘Alias /awstatscss "/usr/local/awstats/wwwroot/css/"‘
  Add ‘Alias /awstatsicons "/usr/local/awstats/wwwroot/icon/"‘
  Add ‘ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"‘
  Add ‘<Directory>‘ directive
  AWStats directives added to Apache config file.

-----> Update model config file ‘/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf‘
  File awstats.model.conf updated.

-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y                            //确定

-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
> www.abc.com                                       //指定域名

-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>                //指定awstats工具配置文件,直接回车默认“/etc/awstats”

-----> Create config file ‘/etc/awstats/awstats.www.abc.com.conf‘
 Config file /etc/awstats/awstats.www.abc.com.conf created.

-----> Restart Web server with ‘/sbin/service httpd restart‘
Redirecting to /bin/systemctl restart httpd.service

-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=www.abc.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...                     //回车继续

A SIMPLE config file has been created: /etc/awstats/awstats.www.abc.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for ‘www.abc.com‘ with command:
> perl awstats.pl -update -config=www.abc.com
You can also read your statistics for ‘www.abc.com‘ with URL:
> http://localhost/awstats/awstats.pl?config=www.abc.com

Press ENTER to finish...              //回车完成

[root@localhost tools]# 

(12)对httpd服务的配置文件进行修改。

[root@localhost tools]# cd /etc/httpd/
[root@localhost httpd]# ls
conf  conf.d  conf.modules.d  logs  modules  run
[root@localhost httpd]# vim conf/httpd.conf

#
# This is to permit URL access to scripts/files in AWStats directory.
#
<Directory "/usr/local/awstats/wwwroot">
    Options None
    AllowOverride None
    #Order allow,deny      //注释
    #Allow from all           //注释
    Require all granted      //添加
</Directory>

(13)对awstats日志分析系统的配置文件进行修改

[root@localhost httpd]# 
[root@localhost httpd]# cd /etc/awstats/
[root@localhost awstats]# ls
awstats.www.abc.com.conf
[root@localhost awstats]# vim awstats.www.abc.com.conf

LogFile="/var/log/httpd/access_log"         //指定httpd访问日志文件

DirData="/var/lib/awstats"                        //awstats文件,默认不存在(需要创建)

(14)创建awstats文件,并重启httpd服务。

[root@localhost awstats]# 
[root@localhost awstats]# ls /var/lib/awstats             //查看awstats文件不存在
ls: 无法访问/var/lib/awstats: 没有那个文件或目录
[root@localhost awstats]# mkdir /var/lib/awstats      //创建awstats文件
[root@localhost awstats]# ls /var/lib/awstats
[root@localhost awstats]# 
[root@localhost awstats]# systemctl restart httpd.service    //重启服务
[root@localhost awstats]# 

(15)修改win10主机的dns服务器IP地址,同时用win主机访问httpd服务域名。

技术分享图片

技术分享图片

(16)用win10主机访问awstats统计的主页,域名:http://localhost/awstats/awstats.pl?config=www.abc.com。可以看到没有统计信息,因为没有更新数据。

技术分享图片

(17)我们回到Linux系统,切换到“/usr/local/awstats/tools/”,更新数据。

[root@localhost awstats]# cd /usr/local/awstats/tools/
[root@localhost tools]# ls
awstats_buildstaticpages.pl  awstats_exportlib.pl  dolibarr            httpd_conf          maillogconvert.pl  urlaliasbuilder.pl  xslt
awstats_configure.pl         awstats_updateall.pl  geoip_generator.pl  logresolvemerge.pl  nginx              webmin
[root@localhost tools]# ./awstats_updateall.pl now     //更新数据
Running ‘"/usr/local/awstats/wwwroot/cgi-bin/awstats.pl" -update -config=www.abc.com -configdir="/etc/awstats"‘ to update config www.abc.com
Create/Update database for config "/etc/awstats/awstats.www.abc.com.conf" by AWStats version 7.6 (build 20161204)
From data in log file "/var/log/httpd/access_log"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 106
 Found 0 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 1 corrupted records,
 Found 0 old records,
 Found 105 new qualified records.

[root@localhost tools]# 

(18)再次在win10 系统进入统计页面,已经有了统计数据。

技术分享图片

(19)为了方便使用awstats服务统计数据,我们可以设置周期性任务。

[root@localhost tools]# crontab -e    //编辑周期性任务

*/5 * * * *     /usr/local/awstats/tools/awstats_updateall.pl now     //每五分钟更新一次数据

[root@localhost tools]# 
您在 /var/spool/mail/root 中有邮件
[root@localhost tools]# 

(20)我们访问数据统计页面的域名“http://localhost/awstats/awstats.pl?config=www.abc.com”太长,不容易记忆。我们可以优化网页的地址,用“http://www.abc.com/aws.html”即可访问。

[root@localhost tools]# 
[root@localhost tools]# cd /var/www/html/
[root@localhost html]# vim aws.html

<html>
 <head>
  <meta http-equiv=refresh content="0;url=http://www.abc.com/awstats/awstats.pl?config=www.abc.com">
 </head>
 <body></body>
</html>

[root@localhost html]# systemctl restart httpd.service      //重启服务

(21)在win10主机浏览器输入地址“http://www.abc.com/aws.html”,会自动转到数据统计页面。

技术分享图片

原文:https://blog.51cto.com/14449541/2445873

相关文章