BrainFish Eat FishBrain

Ramblings of a techie

Apache logs: simple log analyzer in Perl – II

I added top 30 and bandwidth / minute; 


#!/usr/bin/perl

# get handler to the logfile
open(LOG_FILE, "tail -f /var/log/httpd/access_log.users|");

# start the main loop
%users = ();
$cp=0;
$ct=time();
while() {
 chomp;
 
 $cp = time() + 5*60 if $cp==0;
 if (-f "/tmp/killtraffic") {
  %users=();
  `rm -f /tmp/killtraffic`;
 }

 my $t1 = time(); # timestamp for checkpointing

 my ($dom, $ip, $date, $req, $code, $ref, $client, $in, $out) 
                = /(.*?) (.*?) .*?[(.*?)] "(.*?)" (.*?) .*?"(.*?)" "(.*?)" (.*?) (.*)/;

 my ($method, $uri, $proto) = ($req =~ /(.*?) (.*?) (.*)/);

 my $get = 0;
 if ($uri =~ /(.*?)?(.*)$/) {
  $uri = $1;
  $get = $2;
 }

 my $url = $dom;

 if (!$users{$url}) {
  $users{$url} = $in + $out;
 } else {
  $users{$url} = $users{$url} + $in + $out;
 }

 $cpc = time();
 if ( $cpc > $cp ) {
  $cp=0; 
  my $s="";
  $m = (time()-$ct) / 60;
  $count = 0;
  foreach(keys %users) {
   $s.=($users{$_}/1024)." kb - ".($users{$_}/1024/$m)." kb/min - ".$_."n";
   $count++; 
   last if $count>30;
  }
  `echo "Count started $m minutes agon" > /tmp/traffic.log`;
  `echo "$s"|sort -n -r >> /tmp/traffic.log`;
 }
}


# never get here:
close LOG_FILE;

Be the first to leave a comment. Don’t be shy.

Join the Discussion

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>