在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志

时间:2022-01-02 10:31:57

准备工作:

Awstats 是由perl语言编写的,所以要首先准备好awstats的运行环境。
# yum install –y perl*

Apache

一、首先,要安装apache服务器,并且启动httpd服务。
我的apache是yum安装的,配置文件路径为:/etc/httpd/conf/httpd.conf
下载awstats工具。
下载地址:http://www.awstats.org/files/awstats-7.1.tar.gz
# cd /opt
# wget http://www.awstats.org/files/awstats-7.1.tar.gz
# tar xvf awstats-7.1.tar.gz 
# mv awstats-7.1 /usr/local/awstats

二、配置awstats分析httpd的访问日志
# cd /usr/local/awstats
# ls
# cd tools
# perl awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 1.9) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
 
-----> Running OS detected: Linux, BSD or Unix
 
-----> Check for web server install
 
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example:c:\Programfiles\apachegroup\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
>/etc/httpd/conf/httpd.conf    根据自己的httpd服务安装的具体路径填写
-----> Check and complete web server config file
'/etc/httpd/conf/httpd.conf'
 Add 'Alias /awstatsclasses "/usr/local/awstats/wwwroot/classes/"'
 Add 'Alias /awstatscss 
"/usr/local/awstats/wwwroot/css/"'
 Add 'Alias /awstatsicons
"/usr/local/awstats/wwwroot/icon/"'
 Add 'ScriptAlias /awstats/ "/usr/local/awstats/wwwroot/cgi-bin/"'
 Add '<Directory>' directive
 AWStats directives added to Apache config file.
 
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
 File awstats.model.conf updated.
 
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ?y
 
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>apache 可以是任意的名字,也可以是完整的域名格式,只是为了区分你要分析的那份日志的来源的网站,自己注意不要混淆就好。
 
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):

默认的awstats生成的配置文件目录,根据喜好可以更改。
-----> Create config file '/etc/awstats/awstats.apache.conf'
 Config file /etc/awstats/awstats.apache.conf created.
 
-----> Restart Web server with '/sbin/service httpd restart'
Stopping httpd:                                    [OK]
Starting httpd:                                      [OK]
 
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=apache
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue...
 
A SIMPLE config file has been created: /etc/awstats/awstats.apache.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'apache' with command:
> perl awstats.pl -update -config=apache
You can also read your statistics for 'apache' with URL:
> http://localhost/awstats/awstats.pl?config=apache
 
Press ENTER to finish...
1、由于httpd的log文件默认是/var/log/httpd/access.log,
所以要修改/etc/awstats/awstats.apache.conf文件里的LogFile:
把LogFile="/var/log/httpd/mylog.log"改为LogFile="/var/log/httpd/access_log"
或者LogFile="var/log/access_log.%YYYY-0%MM-0%DD-0.log"
2、然后,手动更新一下:
# cd /usr/local/awstats/wwwroot/cgi-bin/
# perl awstats.pl –update –config=apache
或者:# /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=apache
Error: AWStats database directory defined in config file by 'DirData' parameter (/var/lib/awstats) does not exist or is not writable.
Setup ('/etc/awstats/awstats.apache.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
出错:忘记了创建awstats的默认数据存放目录
解决:# mkdir –m 755 /var/lib/awstats
# perl/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=apache
Create/Update database for config "/etc/awstats/awstats.apache.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/access_log"...
Phase 1 : First bypass old records, searching new record...
Direct access after last parsed record (after line 33664)
Jumped lines in file: 33664
 Found 33664 already parsed records.
Parsed lines in file:7
 Found 0 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 7 old records,
 Found 0 new qualified records.
3、打开浏览器,用awstats分析日志:
http://www.ganziwen.cn/awstats/awstats.pl?config=apache
分析结果如下图:
在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志

4、可以将更新的命令作为执行计划,使其每天执行一次,方便分析前一天的日。
# crontab –e
10 1 * * * /usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=apache > /dev/null 2&>1

Tomcat

 用awstats分析tomcat的访问日志
1、要分析tomcat的日志,就要首先了解其日志格式。在 /opt/tomcat8/conf/server.xml 可以编辑查看
并比较与httpd的访问日志格式有什么不同之处,然后就可以参照awstats分析httpd日志的格式来定义awstats分析tomcat的日志。
我的tomcat服务器上定义的访问日志格式如下:
<Valve className="org.apache.catalina.valves.
AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
      pattern="%h %l %u %t &quot;%r&quot; %s %b" />
%...a: 远程IP地址  
%...A: 本地IP地址  
%...B: 已发送的字节数,不包含HTTP头  
%...b: CLF格式的已发送字节数量,不包含HTTP头。  
例如当没有发送数据时,写入‘-’而不是0。  
%e: 环境变量FOOBAR的内容  
%...f: 文件名字  
%...h: 远程主机  
%...H 请求的协议  
%i: Foobar的内容,发送给服务器的请求的标头行。  
%...l: 远程登录名字(来自identd,如提供的话)  
%...m 请求的方法  
%n: 来自另外一个模块的注解“Foobar”的内容  
%o: Foobar的内容,应答的标头行  
%...p: 服务器响应请求时使用的端口  
%...P: 响应请求的子进程ID。  
%...q 查询字符串(如果存在查询字符串,则包含“?”后面的  
部分;否则,它是一个空字符串。)  
%...r: 请求的第一行  
%...s: 状态。对于进行内部重定向的请求,这是指*原来*请求  
的状态。如果用%...>s,则是指后来的请求。  
%...t: 以公共日志时间格式表示的时间(或称为标准英文格式)  
%t: 以指定格式format表示的时间  
%...T: 为响应请求而耗费的时间,以秒计  
%...u: 远程用户(来自auth;如果返回状态(%s)是401则可能是伪造的)  
%...U: 用户所请求的URL路径  
%...v: 响应请求的服务器的ServerName  
%...V: 依照UseCanonicalName设置得到的服务器名字  
最后的tomcat的访问日志内容如下:
203.156.200.162 - - [29/Aug/2012:11:16:58 +0800] "GET /front/magazine/getContent.htm?contentId=124504 HTTP/1.1" 200 20001
2、由于我的tomcat服务器是在其他机器上,所以我将tomcat的服务日志copy到本机的/var/log/httpd/下即可。
如copy的文件是:localhost_access_log.2012-08-29.txt
3、配置awstats分析此日志(tomcat 的域名并不是httpd的虚拟主机,所以没有写进httpd.conf文件里面)
# cd /usr/local/awstats/tools
# perl awstats_configure.pl
----- AWStats awstats_configure 1.0 (build 1.9) (c) Laurent Destailleur -----
This tool will help you to configure AWStats to analyze statistics for
one web server. You can try to use it to let it do all that is possible
in AWStats setup, however following the step by step manual setup
documentation (docs/index.html) is often a better idea. Above all if:
- You are not an administrator user,
- You want to analyze downloaded log files without web server,
- You want to analyze mail or ftp log files instead of web log files,
- You need to analyze load balanced servers log files,
- You want to 'understand' all possible ways to use AWStats...
Read the AWStats documentation (docs/index.html).
 
-----> Running OS detected: Linux, BSD or Unix
 
-----> Check for web server install
 
Enter full config file path of your Web server.
Example: /etc/httpd/httpd.conf
Example: /usr/local/apache2/conf/httpd.conf
Example: c:\Program files\apache group\apache\conf\httpd.conf
Config file path ('none' to skip web server setup):
>none
Your web server config file(s) could not be found.
You will need to setup your web server manually to declare AWStats
script as a CGI, if you want to build reports dynamically.
See AWStats setup documentation (file docs/index.html)
 
-----> Update model config file '/usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf'
 File awstats.model.conf updated.
 
-----> Need to create a new config file ?
Do you want me to build a new AWStats config/profile
file (required if first install) [y/N] ? y
 
-----> Define config file name to create
What is the name of your web site or profile analysis ?
Example: www.mysite.com
Example: demo
Your web site, virtual server or profile name:
>linuxidc.com
-----> Define config file path
In which directory do you plan to store your config file(s) ?
Default: /etc/awstats
Directory path to store config file(s) (Enter for default):

 
-----> Create config file '/etc/awstats/awstats.linuxidc.com.conf'
 Config file /etc/awstats/awstats.linuxidc.com.conf created.
 
-----> Add update process inside a scheduler
Sorry, configure.pl does not support automatic add to cron yet.
You can do it manually by adding the following command to your cron:
/usr/local/awstats/wwwroot/cgi-bin/awstats.pl -update -config=linuxidc.com
Or if you have several config files and prefer having only one command:
/usr/local/awstats/tools/awstats_updateall.pl now
Press ENTER to continue... 
 
 
A SIMPLE config file has been created: /etc/awstats/awstats.linuxidc.com.conf
You should have a look inside to check and change manually main parameters.
You can then manually update your statistics for 'linuxidc.com' with command:
> perl awstats.pl -update -config=linuxidc.com
You can also build static report pages for 'linuxidc.com' with command:
> perl awstats.pl -output=pagetype -config=linuxidc.com
 
Press ENTER to finish...
4、修改要分析日志文件
# vim /etc/awstats/awstats.linuxidc.com.conf
将LogFile="/var/log/httpd/mylog.log"
改为LogFile="/var/log/httpd/localhost_access_log.2012-08-29.txt"
LogFile="/var/log/httpd/localhost_access_log. YYY-0%MM-0%DD-0.txt"都可以。
5、重启httpd服务,并分析日志
# service httpd restart
# cd /usr/local/awstats/wwwroot/cgi-bin
# perl awstats.pl -update -config=linuxidc.com
Create/Update database for config "/etc/awstats/awstats.linuxidc.com.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/localhost_access_log.2012-08-29.txt"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
AWStats did not find any valid log lines that match your LogFormat parameter, in the 50th first non commented lines read of your log.
Your log file /var/log/httpd/localhost_access_log.2012-08-29.txt must have a bad format or LogFormat parameter setup does not match this format.
Your AWStats LogFormat parameter is:
1
This means each line in your web server log file need to have "combined log format" like this:
111.22.33.44 - - [10/Jan/2001:02:14:14 +0200] "GET / HTTP/1.1" 200 1234 "http://www.fromserver.com/from.htm" "Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)"
And this is an example of records AWStats found in your log file (the record number 50 in your log):
203.208.60.231 - - [29/Aug/2012:00:02:47 +0800] "GET /front/magazine/getContent.htm?contentId=52253 HTTP/1.1" 200 18419
Setup ('/etc/awstats/awstats.linuxidc.com.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).
出错:日志格式不匹配。
解决:这个时候,就知道我为什么要先了解怎么定义tomcat的日志格式了。
修改文件/etc/awstats/awstats.linuxidc.com.conf
# vim /etc/awstats/awstats.linuxidc.com.conf
LogFormat = 1
LogFormat="%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot" 这两行是注释的,1表示是web日志,下面是httpd的日志格式
LogFormat ="%host %other %logname %time1 %methodurl %code"
这是我修改后的匹配tomcat的日志格式
# perl awstats.pl -update -config=linuxidc.com
Create/Update database for config "/etc/awstats/awstats.linuxidc.com.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/localhost_access_log.2012-08-29.txt"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
Phase 2 : Now process new records (Flush history on disk after 20000 hosts)...
Jumped lines in file: 0
Parsed lines in file: 22442
 Found 0 dropped records,
 Found 0 comments,
 Found 0 blank records,
 Found 0 corrupted records,
 Found 0 old records,
 Found 22442 new qualified records.
6、打开网址查看分析结果:
http://www.ganziwen.cn/awstats/awstats.pl?config=tomcat8
在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志

7、手动执行命令可写入crontab。

①、如果,想在分析页面上直接刷新,可以开启 AllowToUpdateStatsFromBrowser=1 ,默认情况下是关闭的。
②、若是想每个页面上都直接有“立即更新”的按钮,而不想每次都手动的修改配置文件的话,可以再awstats的基本配置文件里修改。
# cd /usr/local/awstats/wwwroot/cgi-bin
# vim awstats.model.conf
将AllowToUpdateStatsFromBrowser=0改为AllowToUpdateStatsFromBrowser=1即可。

这样,以后的网页都可以直接点击刷新的。
注意:每次修改配置文件后要重启httpd服务

③、若是要在浏览器上直接刷新,那么apache用户就要有对数据文件操作的权限
# chown apache.apache –R /var/lib/awstats
# chmod 755 /var/log/httpd

如果是tomcat 就是要给 log 文件夹 755 权限
效果如图:

在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志

四、添加一些插件,使awstats看起来更人性化和直观化。
1、首先下载所需要的插件:
# cd /opt
#wget http://www.maxmind.com/download/geoip/api/c/GeoIP-1.4.8.tar.gz
# tar xvf GeoIP-1.4.8.tar.gz
# cd GeoIP-1.4.8
# ./configure 
# make && make install
# cd ..
#wget http://www.maxmind.com/download/geoip/api/perl/Geo-IP-1.40.tar.gz
# tar xvf Geo-IP-1.40.tar.gz
# cd Geo-IP-1.40
# perl Makeinstall.pl
# make && make install
# cd ..
# wget http://www.maxmind.com/download/geoip/api/pureperl/Geo-IP-PurePerl-1.25.tar.gz
#tar xvf Geo-IP-PurePerl-1.25.tar.gz
# perl –MCPAN –e shell
cpan[1]>install Geo::IP
cpan[2]>install Geo::IP::PurePerl
# cd /opt
# wget http://mirrors.download3k.com/token/4b6cdc111cdc95edb29534189f0ef839/GeoIP.dat.gz
# tar xvf GeoIP.dat.gz
2、定义插件的使用方法:
可在各自的/etc/awstats/awstats.domain.conf的配置文件中定义,也可在awstats的主配置文件定义,然后全局生效。
如:
# vim /usr/local/awstats/wwwroot/cgi-bin/awstats.model.conf
将以下语句的#注释去掉:
#LoadPlugin="tooltips"      在html报告中增加一些提示信息
#LoadPlugin="decodeutfkeys" 处理搜索引擎UTF8编码的关键字
#LoadPlugin="geoip GEOIP_STANDARD /opt/GeoIP.dat"
从Internet IP-Country数据库生成访问者来自国家的统计图表
并增加一条LoadPlugin="qqhostinfo" 
在访问主机表格中增加一列,显示ip对应的位置
qqhostinfo.pm及需要的qqwry.pl、QQWry.dat在里,有使用需求的可下载。

**************************************************************

下载在Linux公社的1号FTP服务器里,下载地址:

FTP地址:ftp://www.linuxidc.com

用户名:www.linuxidc.com

密码:www.muu.cc

在 2012年LinuxIDC.com\10月\在CentOS 6上使用AWStats分析httpd和Tomcat日志

下载方法见 http://www.linuxidc.net/thread-1187-1-1.html

**************************************************************

下载之后,要将这三个文件,放至/usr/local/awstats/wwwroot/cgi-bin/plugins/下面:
# cd /usr/local/awstats/wwwroot/cgi-bin/plugins
# chmod 777 . –R

在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志

3、其实,还可以使用LoadPlugin="graphgooglechartapi" 插件,利用google chart创建图表。

在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志

在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志

五、使tomcat的分析页面也显示浏览器和操作系统的图标
由于tomcat的日志格式与apache的格式设置的不同,导致tomcat日志分析的时候出现如下情况:

在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志

1、本来以为是图片不对,在网上找了一天,发现并不和网上说的错误一致,所以还是自己想办法。
苦苦纠结中,就想到了日志格式这点上:输出的日志并没有操作系统的版本,也没有浏览器的信息,awstats当然不能分析出其所对应的图标了。(*^__^*) 嘻嘻……
Tomcat的默认日志格式类型与apache一样,都是common,然而awstats分析的是combined类型的。如上所知,我的tomcat类型就是common型的,所以要改为combined型的。

2、重新定义tomcat日志格式:

在 /opt/tomcat8/conf/server.xml 内:

<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log." suffix=".txt"
pattern="%h %l %u %t&quot;%r&quot; %s %b %{Referer}i %{User-Agent}i" />
输出的日志为:
10.100.0.7 - - [31/Aug/2012:13:34:29 +0800]"GET /docs/proxy-howto.html HTTP/1.1" 200 15550 http://10.100.10.10:8080/docs/setup.html Mozilla/5.0 (Windows NT 5.2; rv:13.0) Gecko/20100101 Firefox/13.0.1

3、这下就全好了,不能高兴的太早,要先测试一下:
# cd /usr/local/awstats/wwwroot/cgi-bin
# perl awstats.pl -update -config=linuxidc.com
Create/Update database for config "/etc/awstats/awstats.linuxidc.com.conf" by AWStats version 7.0 (build 1.976)
From data in log file "/var/log/httpd/localhost_access_log.2012-08-29.txt"...
Phase 1 : First bypass old records, searching new record...
Searching new records from beginning of log file...
AWStats did not find any valid log lines that match your LogFormat parameter, in the 50th first non commented lines read of your log.
Your log file /var/log/httpd/localhost_access_log.2012-08-29.txt must have a bad format or LogFormat parameter setup does not match this format.
Your AWStats LogFormat parameter is:
1
This means each line in your web server log file need to have "combined log format" like this:
111.22.33.44 - - [10/Jan/2001:02:14:14 +0200] "GET / HTTP/1.1" 200 1234 
And this is an example of records AWStats found in your log file (the record number 50 in your log):
203.208.60.231 - - [29/Aug/2012:00:02:47 +0800] "GET /front/magazine/getContent.htm?contentId=52253 HTTP/1.1" 200 18419 http://10.100.10.10:8080/docs/setup.html Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)
Setup ('/etc/awstats/awstats.linuxidc.com.conf' file, web server or permissions) may be wrong.
Check config file, permissions and AWStats documentation (in 'docs' directory).

4、细心的朋友会发现,错误正好跟以前的相反。所以将我们以前定义的格式
LogFormat ="%host %other %logname %time1 %methodurl %code"
注释掉或者删掉,就用默认的格式即可。但是有一点,还必须知道:
LogFormat="%host %other %logname %time1 %methodurl %code %bytesd %refererquot %uaquot"
%refererquot Referer page with format: "http://from.com/from.htm"
%referer Referer page with format: http://from.com/from.htm
%uabracket User agent with format: [Mozilla/4.0 (compatible, ...)]
%uaquot User agent with format: "Mozilla/4.0 (compatible, ...)"
%ua User agent with format: Mozilla/4.0_(compatible...)
这里有格式的区别,如%refererquot %uaquot" 需要输出的日志有“”,而我们的日志是没有的,所以还要改变LogFormat格式,使其完全一致。
LogFormat="%host %other %logname %time1 %methodurl %code %bytesd %referer %ua"
这样之后,awstats才能完全真正的分析tomcat日志了。
效果如图:

在CentOS 6上使用 AWStats 分析 httpd 和 Tomcat 日志