红帽全球峰会21.4. 获取访问日志统计信息
logconv.pl 脚本解析访问日志,并返回服务器上运行的不同用户和操作的摘要信息。
在最简单的情况下,脚本只需解析访问日志(或日志):
# logconv.pl /relative/path/to/accessLog
脚本可以接受通配符来解析多个访问日志,这在使用了日志轮转时非常有用。
# logconv.pl /var/log/dirsrv/slapd-instance/access*
man page 和 Configuration, Command, and File Reference 中介绍了
logconv.pl 的不同选项。
logconv.pl 有多种不同的方法用于从访问日志中提取常规使用信息。
最简单,
logconv.pl 会输出一个操作总数、每个操作类型的数量、每个操作类型的计数、一些扩展操作计数,以及绑定信息。
# logconv.pl /var/log/dirsrv/slapd-instance/access
Access Log Analyzer 8.2
Command: logconv.pl /var/log/dirsrv/slapd-instance/access
Processing 1 Access Log(s)...
[001] /var/log/dirsrv/slapd-instance/access size (bytes): 77532
Total Log Lines Analysed: 527
Start of Logs: 14/Oct/2017:16:15:22.452909568
End of Logs: 14/Oct/2017:16:39:50.157790196
Processed Log Time: 0 Hours, 24 Minutes, 27.704877056 Seconds
Restarts: 10
Secure Protocol Versions:
- TLS1.2 client bound as uid=user_name,ou=people,o=example.com (11 connections)
- TLS1.2 128-bit AES; client CN=CA Subsystem,O=example.com; issuer CN=Certificate Authority,O=example.com (11 connections)
- TLS1.2 128-bit AES-GCM (2 connections)
- TLS1.2 128-bit AES (3 connections)
Peak Concurrent Connections: 38
Total Operations: 4771
Total Results: 4653
Overall Performance: 97.5%
Total Connections: 249 (0.17/sec) (10.18/min)
- LDAP Connections: 107 (0.07/sec) (4.37/min)
- LDAPI Connections: 128 (0.09/sec) (5.23/min)
- LDAPS Connections: 14 (0.01/sec) (0.57/min)
- StartTLS Extended Ops: 2 (0.00/sec) (0.08/min)
Searches: 2963 (2.02/sec) (121.13/min)
Modifications: 649 (0.44/sec) (26.53/min)
Adds: 785 (0.53/sec) (32.09/min)
Deletes: 10 (0.01/sec) (0.41/min)
Mod RDNs: 6 (0.00/sec) (0.25/min)
Compares: 0 (0.00/sec) (0.00/min)
Binds: 324 (0.22/sec) (13.25/min)
Proxied Auth Operations: 0
Persistent Searches: 17
Internal Operations: 0
Entry Operations: 0
Extended Operations: 4
Abandoned Requests: 0
Smart Referrals Received: 0
VLV Operations: 30
VLV Unindexed Searches: 0
VLV Unindexed Components: 20
SORT Operations: 22
Entire Search Base Queries: 12
Paged Searches: 2
Unindexed Searches: 0
Unindexed Components: 149
FDs Taken: 249
FDs Returned: 212
Highest FD Taken: 107
Broken Pipes: 0
Connections Reset By Peer: 0
Resource Unavailable: 0
Max BER Size Exceeded: 0
Binds: 324
Unbinds: 155
---------------------------------
- LDAP v2 Binds: 41
- LDAP v3 Binds: 180
- AUTOBINDs(LDAPI): 103
- SSL Client Binds: 0
- Failed SSL Client Binds: 0
- SASL Binds: 134
- EXTERNAL: 114
- GSSAPI: 20
- Directory Manager Binds: 10
- Anonymous Binds: 1
Cleaning up temp files...
Done.
除了操作和连接的摘要信息外,还详细介绍了与服务器的所有连接的详细摘要信息。此信息包括最常见的 IP 地址等内容,用于连接到服务器的 DN、用于访问服务器的登录尝试、总绑定 DN 以及最常见的错误或返回代码。
其他连接摘要作为单一选项传递。例如,列出用于连接到服务器 (
b) 数量,由服务器 (c) 返回的总连接代码通过 -bc 传递。
# logconv.pl -bc /var/log/dirsrv/slapd-instance/access
...
----- Total Connection Codes -----
U1 3 Cleanly Closed Connections
B1 1 Bad Ber Tag Encountered
----- Top 20 Bind DN's -----
Number of Unique Bind DN's: 212
1801 cn=Directory Manager
1297 Anonymous Binds
311 uid=jsmith,ou=people...
87 uid=bjensen,ou=peopl...
85 uid=mreynolds,ou=peo...
69 uid=jrockford,ou=peo...
55 uid=sspencer,ou=peop...
...
在某个开始时间(
-S)、特定结束时间(-E)之前或范围内,数据可以限制为条目。当设置 start 和 end times 时,logconv.pl 首先打印给定的时间范围,然后显示该周期的摘要。
# logconv.pl -S "[01/Jul/2016:16:11:47.000000000 -0400]" -E "[01/Jul/2016:17:23:08.999999999 -0400]" /var/log/dirsrv/slapd-instance/access
...
----------- Access Log Output ------------
Start of Logs: 01/Jul/2016:16:11:47
End of Logs: 01/Jul/2016:17:23:08
...
start 和 end 周期仅为用于生成总摘要计数的数据设定时间限制。它仍然显示聚合或总数。要获得与目录服务器的连接和操作中的模式视图,可以输出每分钟计数的数据(
-M)或每秒(-m)。在这种情况下,数据会在时间单位递增中输出到指定的 CSV 输出文件。
# logconv.pl -m|-M outputFile accessLogFile
例如:
# logconv.pl -M /home/output/statsPerMin.txt /var/log/dirsrv/slapd-instance/access*-M|-m 选项也可以与 -S 和 -E 参数一起使用,在特定时间段内按分钟或每秒计数。
文件中的每一行代表一个时间单位(可以是分钟或秒),该时间段内总计数。CSV 文件(针对每分钟和每秒统计)按顺序包含以下列:
Time,time_t,Results,Search,Add,Mod,Modrdn,Delete,Abandon,Connections,SSL Conns,Bind,Anon Bind,Unbind,Unindexed
CSV 文件可以在任何电子表格计划中操作,如 LibreOffice Calc 以及许多其他业务应用程序中。导入 CSV 数据并生成 chart 或其他指标的过程取决于应用程序本身。
例如,要在 LibreOffice Calc 中创建一个图表:
- 打开 CSV 文件。
- 单击 菜单,然后选择 。
- 在 Chart Type 区域中,将 Chart 类型设置为 XY (Scatter)。
- 将子类型设置为仅行。
- 选择要按 X 值排序的选项。
- 接受其他屏幕中的默认值(特别是,使用列中的 data series,并将第一行和第一列设置为标签),并创建 chart。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}