只顯示nginx訪問日志中返回500狀態碼的日志行:
tail -f access_log.log | grep 500 --color
注意: tail -f 之後,只能使用管道一次,如下命令將無任何輸出
tail -f access_log.log | grep 500 | grep 500
比如,nginx日志格式為:
log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"';
日志內容為:
192.168.1.181 - - [13/Apr/2011:15:19:10 +0800] "GET /tomcat.png HTTP/1.1" 304 0 "http://192.168.1.9/" "Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0" "-" 192.168.1.181 - - [13/Apr/2011:15:19:10 +0800] "GET /favicon.ico HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0" "-" 192.168.1.181 - - [13/Apr/2011:15:19:10 +0800] "GET /bg-nav.png HTTP/1.1" 304 0 "http://192.168.1.9/tomcat.css" "Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0" "-" 192.168.1.181 - - [13/Apr/2011:15:19:10 +0800] "GET /bg-upper.png HTTP/1.1" 304 0 "http://192.168.1.9/tomcat.css" "Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0" "-" 192.168.1.181 - - [13/Apr/2011:15:19:10 +0800] "GET /bg-middle.png HTTP/1.1" 304 0 "http://192.168.1.9/tomcat.css" "Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0" "-" 192.168.1.181 - - [13/Apr/2011:15:19:10 +0800] "GET /bg-button.png HTTP/1.1" 304 0 "http://192.168.1.9/tomcat.css" "Mozilla/5.0 (Windows NT 6.1; rv:2.0) Gecko/20100101 Firefox/4.0" "-" 192.168.1.114 - - [13/Apr/2011:15:19:37 +0800] "GET / HTTP/1.0" 200 12220 "-" "-" "-" 192.168.1.114 - - [13/Apr/2011:15:20:22 +0800] "GET / HTTP/1.0" 200 12220 "-" "-" "-"
需求:標出返回狀態碼非200的請求
如果用grep只能用過濾方式,如下命令:
grep -v "200" access_log.log
用sed可以用顏色標出非200的狀態碼:
為了拼出sed的正確正則表達式,我們先從標記200為綠色開始
sed 's/200/\x1b[32m&\x1b[0m/g' access_log.log
說明:echo打印彩色字符時,使用八進制符號\033,但是在sed中不支持八進制,必須使用16進制:\x1b
下一步,把狀態碼3XX標為黃色:
sed 's/3[0-9][0-9]/\x1b[33m&\x1b[0m/g' access_log.log
但請注意,nginx日志行中其他地方也有數字,上面的匹配不夠精確
下一步,把HTTP/1.0” 或者 HTTP/1.1"之後的3位數標記顏色:
sed 's/\(HTTP\/1\.[01]" \)\(3[0-9][0-9]\)/\1\x1b[33m\2\x1b[0m/g' access_log.log
再下一步,如果狀態碼之後的返回數據量大於1K,就標記紅色:
sed 's/\(HTTP\/1\.[01]" [0-9][0-9][0-9] \)\([0-9]\+\)[0-9][0-9][0-9]/\1\x1b[31m[\2KB]\x1b[0m/g' access_log.log