利用ngxtop工具对nginx日志实时分析

2018/12 29 02:12

 

一、部署

准备:python2.7.3+、SQLite(否则会报错)

编译安装SQLite

cd /usr/local/src && wget http://www.sqlite.org/2018/sqlite-autoconf-3230100.tar.gz #下载安装包,最新安装包请参考
tar xf sqlite-autoconf-3230100.tar.gz && cd sqlite-autoconf-3230100 #解压安装包
./configure --prefix=/usr/local/sqlite && make && make install #自定义路径编译安装
重新编译安装python

cd /usr/local/src &&wget https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tgz #下载安装包,最新包请参考
tar xf Python-2.7.14.tgz && cd Python-2.7.14 #解压安装
配置setup.py中sqlite路径

qlite_inc_paths = [ '/usr/include',
'/usr/include/sqlite',
'/usr/include/sqlite3',
'/usr/local/include',
'/usr/local/include/sqlite',
'/usr/local/include/sqlite3',
'/usr/local/sqlite/include',
]
./configure --prefix=/usr/local/python2.7 && make && make install #自定义路径编译安装

安装ngxtop

pip install ngxtop
源码编译安装
wget https://github.com/lebinh/ngxtop/archive/1c200d51fbae7824a30159714669146d6b214210.zip
unzip ngxtop-1c200d51fbae7824a30159714669146d6b214210.zip
cd ngxtop-1c200d51fbae7824a30159714669146d6b214210
python setup.py install
二、使用

帮助help

# ngxtop --help

ngxtop - ad-hoc query for nginx access log.

Usage:

ngxtop [options]

ngxtop [options] (print|top|avg|sum) ...

ngxtop info

ngxtop [options] query ...

Options:

-l , --access-log 需要分析的访问日志

-f

, --log-format log_format指令指定的日志格式 [默认: combined]

--no-follow ngxtop default behavior is to ignore current lines in log

and only watch for new lines as they are written to the access log.

Use this flag to tell ngxtop to process the current content of the access log instead.

-t , --interval report interval when running in follow mode [default: 2.0]

-g , --group-by 根据变量分组 [默认: request_path]

-w , --having having clause [default: 1]

-o , --order-by 排序 [默认: count]

-n , --limit 显示的条数 [default: 10]

-a ..., --a ... add exp (must be aggregation exp: sum, avg, min, max, etc.) into output

-v, --verbose 更多的输出

-d, --debug print every line and parsed record

-h, --help 当前帮助信息.

--version 输出版本信息.

高级选项:

-c , --config 运行ngxtop解析nginx配置文件

-i , --filter filter in, records satisfied given expression are processed.

-p , --pre-filter in-filter expression to check in pre-parsing phase
示例:

ngxtop -c /usr/local/nginx/conf/nginx.conf -l /usr/local/nginx/logs/access.log top remote_addr request #默认2秒统计一次,默认显示前十的访问IP地址和请求 -l 指定日志文件路径
ngxtop -c /usr/local/nginx/conf/nginx.conf -t 10 -l /usr/local/nginx/logs/access.log top remote_addr request #-t 10 指定10秒钟统计一次
ngxtop -c /usr/local/nginx/conf/nginx.conf -l /usr/local/nginx/logs/access.log -i 'status == 400' print request status #-i 指定过滤条件
ngxtop -c /usr/local/nginx/conf/nginx.conf -l /usr/local/nginx/logs/access.log top remote_addr request -n 20 #-n 20 指定显示20行
使用普通格式从远程服务器解析apache日志

ssh user@remote_server tail -f /var/log/apache2/access.log | ngxtop -f common
3. ngxtop单条命令无法执行:

报错意思是说ngxin执行文件要加到PATH路径中,加软链接
ln -s /usr/local/nginx/sbin/nginx /sbin
#修改环境变量
# vim /etc/profile
export PATH=$PATH:/usr/local/nginx/sbin

source /etc/profile

--转载请注明: http://91o.cc/%e5%88%a9%e7%94%a8ngxtop%e5%b7%a5%e5%85%b7%e5%af%b9nginx%e6%97%a5%e5%bf%97%e5%ae%9e%e6%97%b6%e5%88%86%e6%9e%90/