用Awstats工具来分析httpd和tomcat的访问日志
准备工作:
Awstats 是由perl语言编写的,所以要首先准备好awstats的运行环境。
# yum install –y perl*
一、首先,要安装apache服务器,并且启动httpd服务。
我的apacheyum安装的,配置文件路径为:/etc/httpd/conf/httpd.conf
下载awstats工具。
# cd /opt
# tar xvf awstats-7.1.tar.gz
# mv awstats-7.1 /usr/local/awstats
二、配置awstats分析httpd的访问日志
# cd /usr/local/awstats
# ls
# cd tools
# perl awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 1.9) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
 
-----> Running OS detected: Linux, BSD or Unix
 
-----> Check for web server install
 
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example:c:\Programfiles\apachegroup\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
>/etc/httpd/conf/httpd.conf  根据自己的httpd服务安装的具体路径填写
-----> Check and complete web server config file
'/etc/httpd/conf/httpd.conf'
 Add 'Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"'
 Add 'Alias /awstatscss
"/usr/local/awstats/wwwroot/css/"'
 Add 'Alias /awstatsicons
"/usr/local/awstats/wwwroot/icon/"'
 Add 'ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"'
 Add '<Directory>' directive
 AWStats directives added to Apache config file.
 
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
 File awstats.model.conf updated.
 
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ?y
 
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>lingling 可以是任意的名字,也可以是完整的域名格式,只是为了区分你要分析的那份日志的来源的网站,自己注意不要混淆就好。
 
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>
默认的awstats生成的配置文件目录,根据喜好可以更改。
-----> Create config file '/etc/awstats/awstats.lingling.conf'
 Config file /etc/awstats/awstats.lingling.conf created.
 
-----> Restart Web server with '/sbin/service httpd restart'
Stopping httpd:                                     [OK]
Starting httpd:                                       [OK]
 
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=lingling
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
 
A SIMPLE config file has been created: /etc/awstats/awstats.lingling.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'lingling' with command:
> perl awstats.pl -update -config=lingling
You can also read your statistics for 'lingling' with URL:
> http://localhost/awstats/awstats.pl?config=lingling
 
Press ENTER to finish...
 
1、由于httpdlog文件默认是/var/log/httpd/access.log
所以要修改/etc/awstats/awstats.lingling.conf文件里的LogFile
LogFile="/var/log/httpd/mylog.log"改为LogFile="/var/log/httpd/access_log"
或者LogFile="var/log/access_log.%YYYY-0%MM-0%DD-0.log"
2、然后,手动更新一下:
# cd /usr/local/awstats/wwwroot/cgi-bin/
# perl awstats.pl –update –config=lingling
或者:# /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=lingling
Error: AWStats database directory defined in config file by 'DirData' parameter (/var/lib/awstats) does not exist or is not writable.
Setup ('/etc/awstats/awstats.lingling.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
出错:忘记了创建awstats的默认数据存放目录
解决:# mkdir –m 755 /var/lib/awstats
Create/Update database for config "/etc/awstats/awstats.lingling.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/access_log"...
Phase 1 : First bypass old records, searching new record...
Direct access after last parsed record (after line 33664)
Jumped lines in file: 33664
 Found 33664 already parsed records.
Parsed lines in file:7
 Found 0 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 7 old records,
 Found 0 new qualified records.
3、打开浏览器,用awstats分析日志:
分析结果如下图:

4、可以将更新的命令作为执行计划,使其每天执行一次,方便分析前一天的日。
# crontab –e
10 1 * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=lingling > /dev/null 2&>1
三、用awstats分析tomcat的访问日志
1、要分析tomcat的日志,就要首先了解其日志格式。
并比较与httpd的访问日志格式有什么不同之处,然后就可以参照awstats分析httpd日志的格式来定义awstats分析tomcat的日志。
我的tomcat服务器上定义的访问日志格式如下:
<Valve className="org.apache.catalina.valves.
AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
       pattern="%h %l %u %t &quot;%r&quot; %s %b" />
%...a: 远程IP地址  
%...A: 本地IP地址  
%...B: 已发送的字节数,不包含HTTP  
%...b: CLF格式的已发送字节数量,不包含HTTP头。  
例如当没有发送数据时,写入‘-’而不是0  
%e: 环境变量FOOBAR的内容  
%...f: 文件名字  
%...h: 远程主机  
%...H 请求的协议  
%i: Foobar的内容,发送给服务器的请求的标头行。  
%...l: 远程登录名字(来自identd,如提供的话)  
%...m 请求的方法  
%n: 来自另外一个模块的注解“Foobar”的内容  
%o: Foobar的内容,应答的标头行  
%...p: 服务器响应请求时使用的端口  
%...P: 响应请求的子进程ID  
%...q 查询字符串(如果存在查询字符串,则包含“?”后面的  
部分;否则,它是一个空字符串。)  
%...r: 请求的第一行  
%...s: 状态。对于进行内部重定向的请求,这是指*原来*请求  
的状态。如果用%...>s,则是指后来的请求。  
%...t: 以公共日志时间格式表示的时间(或称为标准英文格式)  
%t: 以指定格式format表示的时间  
%...T: 为响应请求而耗费的时间,以秒计  
%...u: 远程用户(来自auth;如果返回状态(%s)是401则可能是伪造的)  
%...U: 用户所请求的URL路径  
%...v: 响应请求的服务器的ServerName  
%...V: 依照UseCanonicalName设置得到的服务器名字  
最后的tomcat的访问日志内容如下:
203.156.200.162 - - [29/Aug/2012:11:16:58 +0800] "GET /front/magazine/getContent.htm?contentId=124504 HTTP/1.1" 200 20001
2、由于我的tomcat服务器是在其他机器上,所以我将tomcat的服务日志copy到本机的/var/log/httpd/下即可。
copy的文件是:localhost_access_log.2012-08-29.txt
3、配置awstats分析此日志(tomcat 的域名并不是httpd的虚拟主机,所以没有写进httpd.conf文件里面)
# cd /usr/local/awstats/tools
# perl awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 1.9) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
 
-----> Running OS detected: Linux, BSD or Unix
 
-----> Check for web server install
 
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
>none
Your web server config file(s) could not be found.
You will need to setup your web server manually to declare AWStats
script as a CGI, if you want to build reports dynamically.
See AWStats setup documentation (file docs/index.html)
 
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
 File awstats.model.conf updated.
 
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y
 
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>buoqu.com
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):
>
 
-----> Create config file '/etc/awstats/awstats.buoqu.com.conf'
 Config file /etc/awstats/awstats.buoqu.com.conf created.
 
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=buoqu.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
 
 
A SIMPLE config file has been created: /etc/awstats/awstats.buoqu.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'buoqu.com' with command:
> perl awstats.pl -update -config=buoqu.com
You can also build static report pages for 'buoqu.com' with command:
> perl awstats.pl -output=pagetype -config=buoqu.com
 
Press ENTER to finish...
4、修改要分析日志文件
# vim /etc/awstats/awstats.buoqu.com.conf
LogFile="/var/log/httpd/mylog.log"
改为LogFile="/var/log/httpd/localhost_access_log.2012-08-29.txt"
LogFile="/var/log/httpd/localhost_access_log. YYY-0%MM-0%DD-0.txt"都可以。
5、重启httpd服务,并分析日志
# service httpd restart
# cd /usr/local/awstats/wwwroot/cgi-bin
# perl awstats.pl -update -config=buoqu.com
Create/Update database for config "/etc/awstats/awstats.buoqu.com.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/localhost_access_log.2012-08-29.txt"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
AWStats did not find any valid log lines that match your LogFormat parameter, in the 50th first non commented lines read of your log.
Your log file /var/log/httpd/localhost_access_log.2012-08-29.txt must have a bad format or LogFormat parameter setup does not match this format.
Your AWStats LogFormat parameter is:
1
This means each line in your web server log file need to have "combined log format" like this:
111.22.33.44 - - [10/Jan/2001:02:14:14 +0200] "GET / HTTP/1.1" 200 1234 "http://www.fromserver.com/from.htm" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
And this is an example of records AWStats found in your log file (the record number 50 in your log):
203.208.60.231 - - [29/Aug/2012:00:02:47 +0800] "GET /front/magazine/getContent.htm?contentId=52253 HTTP/1.1" 200 18419
Setup ('/etc/awstats/awstats.buoqu.com.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
出错:日志格式不匹配。
解决:这个时候,就知道我为什么要先了解怎么定义tomcat的日志格式了。
修改文件/etc/awstats/awstats.buoqu.com.conf
# vim /etc/awstats/awstats.buoqu.com.conf
LogFormat = 1
LogFormat="%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot" 这两行是注释的,1表示是web日志,下面是httpd的日志格式
LogFormat ="%host %other %logname %time1 %methodurl %code"
这是我修改后的匹配tomcat的日志格式
# perl awstats.pl -update -config=buoqu.com
Create/Update database for config "/etc/awstats/awstats.buoqu.com.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/localhost_access_log.2012-08-29.txt"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 22442
 Found 0 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 22442 new qualified records.
6、打开网址查看分析结果:

7手动执行命令可写入crontab
①、如果,想在分析页面上直接刷新,可以开启AllowToUpdateStatsFromBrowser=1,默认情况下是关闭的。
②、若是想每个页面上都直接有立即更新的按钮,而不想每次都手动的修改配置文件的话,可以再awstats的基本配置文件里修改。
# cd /usr/local/awstats/wwwroot/cgi-bin
# vim awstats.model.conf
AllowToUpdateStatsFromBrowser=0改为AllowToUpdateStatsFromBrowser=1即可。
这样,以后的网页都可以直接点击刷新的。
注意:每次修改配置文件后要重启httpd服务
、若是要在浏览器上直接刷新,那么apache用户就要有对数据文件操作的权限
# chown apache.apache –R /var/lib/awstats
# chmod 755 /var/log/httpd
效果如图:

四、添加一些插件,使awstats看起来更人性化和直观化。
1、首先下载所需要的插件:
# cd /opt
# tar xvf GeoIP-1.4.8.tar.gz
# cd GeoIP-1.4.8
# ./configure
# make && make install
# cd ..
# tar xvf Geo-IP-1.40.tar.gz
# cd Geo-IP-1.40
# perl Makeinstall.pl
# make && make install
# cd ..
#tar xvf Geo-IP-PurePerl-1.25.tar.gz
# perl –MCPAN –e shell
cpan[1]>install Geo::IP
cpan[2]>install Geo::IP::PurePerl
# cd /opt
# tar xvf GeoIP.dat.gz
2、定义插件的使用方法:
可在各自的/etc/awstats/awstats.domain.conf的配置文件中定义,也可在awstats的主配置文件定义,然后全局生效。
如:
# vim /usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf
将以下语句的#注释去掉:
#LoadPlugin="tooltips"      html报告中增加一些提示信息
#LoadPlugin="decodeutfkeys" 处理搜索引擎UTF8编码的关键字
#LoadPlugin="geoip GEOIP_STANDARD /opt/GeoIP.dat"
Internet IP-Country数据库生成访问者来自国家的统计图表
并增加一条LoadPlugin="qqhostinfo"
在访问主机表格中增加一列,显示ip对应的位置
qqhostinfo.pm及需要的qqwry.plQQWry.dathttp://down.51cto.com/data/496275里,有使用需求的可下载。
下载之后,要将这三个文件,放至/usr/local/awstats/wwwroot/cgi-bin/plugins/下面:
# cd /usr/local/awstats/wwwroot/cgi-bin/plugins
# chmod 777 . –R