1.收集日志脚本

made by G.M

#!/usr/bin/env python
import time, os

#-----------------------------
log_file = '/var/log/httpd/www_access.log'
#-----------------------------

log_name = log_file.split('/')[-1]
file = open(log_file, 'r')
lt1,to1_5,gt5,status4,status5,concurrent = 0,0,0,0,0,0
Time2 = '0'
st_results = os.stat(log_file)
st_size = st_results[6]
file.seek(st_size)
size = os.path.getsize(log_file)

while 1:
        Time = time.strftime("%Y_%m_%d",time.localtime(time.time() - 60))
        where = file.tell()
        line = file.readline()
        L = line.split('"')
        Time1 = time.strftime("%Y_%m_%d_%H:%M",time.localtime(time.time() - 60))
        if Time1 not in Time2:
            concurrent = concurrent / 60
            out = Time1 + "," + str(lt1) + "," + str(to1_5) + "," + str(gt5) + "," + str(status4) + "," + str(status5) + "," + str(concurrent)
            F = open('/tmp/' + log_name + '_' + Time + '.data', 'a')
            print >> F, out
            F.close()
            Time2 = Time1
            lt1,to1_5,gt5,status4,status5,concurrent = 0,0,0,0,0,0
        elif os.path.exists(log_file):
            if not line:
                size = os.path.getsize(log_file)
                if size < where:
                    file = open(log_file, 'r')
                else:
                    time.sleep(0.1)
                    file.seek(where)
            else:
                try:
                    Jsptime = float(L[-1])
                    url = L[1]
                    status = L[2][1:4]
                    if '4' in status[0]:
                        status4 += 1
                    elif '5' in status[0]:
                        status5 += 1
                    if '/echo.jsp' not in url:
                        concurrent += 1
                        if Jsptime < 1:
                            lt1 += 1
                        elif 1 <= Jsptime <= 5:
                            to1_5 += 1
                        else:
                            gt5 += 1
                except:
                    pass
        else:
            time.sleep(0.1)

2.snmp调用脚本

#!/bin/sh
log_tmp=/tmp
day=$(date +%Y_%m_%d)
time=$(date -d -1minute +%Y_%m_%d_%H:%M)
logname=www_access.log_${day}.data
awk -F"," '$1~/'$time'/{printf"%d\n %d\n %d\n %d\n %d\n %d\n",$2,$3,$4,$5,$6,$7}' $log_tmp/$logname

3.修改snmpd.conf

snmpd 5.5之前

添加 exec .1.3.6.1.4.1.2021.51.1 loganalysis /bin/sh /var/loganalysis.sh

snmpd5.5之后

添加 extend .1.3.6.1.4.1.2021.51.1 loganalysis /bin/sh /var/loganalysis.sh