另一个直接用if判断过滤时间的脚步运行的特别慢shell 过滤十分钟之内的Nginx日志文件(json格式)
#!/bin/bash
#十分钟之前的时间
zhiqian=$(date -d"10 minutes ago" +"%H:%M")
zhiqian_ip=$(date -d "10 minutes ago" "+%Y-%m-%d %H:%M:%S" )
#现在的时间
xianzai=$(date +"%H:%M")
xianzai_ip=$(date "+%Y-%m-%d %H:%M:%S")
access_log="/var/log/nginx/access.json"
cat $access_log |awk -v st="$zhiqian" -v et="$xianzai" '{t=substr($3,RSTART+14,21);if(t>=st && t<=et) {print $0}}' > /var/log/nginx/10.json
cat /var/log/nginx/10.json | while read line;do
host_jq=$(echo $line | jq '.host' )
#echo $host_jq
if [[ $host_jq != '"www.ywcsb.vip"' ]];then
if [[ $host_jq != '"ywcsb.vip"' ]];then
#echo $host_jq
ip=$(echo $line | jq '.remote_addr'|awk -F'"' '{print $2}' | sort | uniq)
#echo $ip
iptables=$(iptables -L -v -n --line-numbers | grep $ip)
if [[ -z $iptables ]];then
/usr/sbin/iptables -I INPUT 1 -s $ip -j DROP
echo "${xianzai_ip}-${zhiqian_ip}之间的IP地址:$ip" >> /data/script/iptables-DROP.txt
fi
fi
fi
done
rm -rf /var/log/nginx/10.json
发表评论
共 0 条评论
暂无评论