2.19.2.3. Analyze logs using console commands

You can analyze logs using console commands either on your hosting server or on your local PC:

  1. Download the logs to your PC.
  2. Using the file manager or any FTP client, upload the downloaded logs to your hosting account's root directory.
  3. If the logs are in an archive file, extract them using the file manager.
  4. Connect to hosting via SSH.
  5. Use the console commands listed below in the terminal.
  1. Download the logs to your PC.
  2. If the logs are in a compressed file, extract them.
  3. Open a terminal on your PC:
    • On Windows, you must have WSL or Cygwin installed. If you have trouble installing them, use the simpler hosting analysis.
    • On Linux, you can use the standard terminal.
    • On macOS, you can use the standard terminal.
  4. Use the console commands listed below in the terminal.

Commands

In all commands, replace "access.log" with the name of the downloaded log file or its full path.

Server response codes, listed in descending order of frequency: 

awk '{print $9}' access.log | sort | uniq -c | sort -r

The 25 most active IP addresses: 

cat access.log | awk '{ print $1 }' | sort | uniq -c | sort -rn | head -n 25

Number of requests from each IP address, in descending order: 

cat access.log | awk '{print "requests from " $1}' | sort | uniq -c | sort -r

The 10 most popular Referer: 

cat access.log | awk -F \" ' { print $4 } ' | grep -v '-' | sort | uniq -c | sort -rn | head -n 10

The 10 most popular User-Agents: 

cat access.log | awk -F \" ' { print $6 } ' | sort | uniq -c | sort -rn | head -n 10

Total number of requests per day: 

awk '{print $4}' access.log | cut -d: -f1 | uniq -c

Number of requests per hour per day:

  • If the log contains information for only one day:
    cat access.log | cut -d [ -f2 | cut -d] -f1 | awk -F: '{print $2":00"}' | sort -n | uniq -c
  • If the log contains information for several days (replace DD/Mon with the desired day of the month and the first three letters of the month's name in English):
    grep "DD/Mon" access.log | cut -d [ -f2 | cut -d] -f1 | awk -F: '{print $2":00"}' | sort -n | uniq -c

The number of requests per minute for the specified hour on the specified day (replace DD/Mon/YEAR:HH with the desired day of the month, the first three letters of the month's name in English, the year, and the hour): 

grep "DD/Mon/YEAR:HH" access.log | cut -d [ -f2 | cut -d] -f1 | awk -F: '{print $2":"$3}' | sort -nk1 -nk2 | uniq -c | awk '{ if ($1 > 10) print $0}'

Number of unique visitors: 

cat access.log | awk '{print $1}' | sort | uniq -c | wc -l

The 25 most popular URIs: 

cat access.log | awk '{ print $7 }' | sort | uniq -c | sort -rn | head -n 25

List of unique IP addresses: 

cat access.log | awk '{print $1}' | sort | uniq

A list of unique IP addresses, along with the date and time of each request from them: 

cat access.log | awk '{print $1 " " $4}' | sort | uniq

A list of unique IP addresses, along with the date, time, and method for each request from them: 

cat access.log | awk '{print $1 " " $4 " " $6}' | sort | uniq

A list of unique IP addresses, along with the date, time, and URI for each request from them: 

cat access.log | awk '{print $1 " " $4 " " $7}' | sort | uniq
Content
    (1)