# 查看文件最后10行（默認(rèn)）
tail /var/log/syslog
# 查看文件最后100行
tail -n 100 /var/log/nginx/access.log
# 實(shí)時(shí)追蹤日志更新（最常用）
tail -f /var/log/apache2/error.log
# 同時(shí)追蹤多個(gè)日志文件
tail -f /var/log/nginx/access.log /var/log/nginx/error.log
# 顯示行號(hào)
tail -n 50 -v /var/log/auth.log

# 查看文件前20行
head -n 20 /var/log/dmesg
# 查看前100字節(jié)
head -c 100 /var/log/bootstrap.log

# 查看完整日志文件
cat /var/log/kern.log
# 結(jié)合more/less分頁(yè)查看
cat /var/log/long.log | more
cat /var/log/long.log | less
# 顯示行號(hào)
cat -n /var/log/syslog
# 顯示非空行
cat -s /var/log/nginx/error.log

# 簡(jiǎn)單搜索
grep "error" /var/log/syslog
# 忽略大小寫
grep -i "warning" /var/log/messages
# 顯示匹配行及前后5行
grep -A 5 -B 5 "critical" /var/log/application.log
# 反向匹配（顯示不包含error的行）
grep -v "error" /var/log/apache2/access.log
# 正則表達(dá)式匹配
grep -E "404|500" /var/log/nginx/access.log
# 統(tǒng)計(jì)匹配行數(shù)
grep -c "GET" /var/log/nginx/access.log
# 遞歸搜索目錄下所有日志文件
grep -r "segmentation fault" /var/log/

# 提取訪問日志中的IP地址
awk '{print $1}' /var/log/nginx/access.log
# 統(tǒng)計(jì)IP訪問次數(shù)并排序
awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr
# 統(tǒng)計(jì)HTTP狀態(tài)碼出現(xiàn)次數(shù)
awk '{print $9}' /var/log/nginx/access.log | sort | uniq -c | sort -nr
# 計(jì)算某時(shí)間段的請(qǐng)求數(shù)
awk '/12\/May\/2023:15:/,/12\/May\/2023:16:/' /var/log/nginx/access.log | wc -l
# 統(tǒng)計(jì)訪問量最大的URL
awk '{print $7}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -20
# 計(jì)算平均響應(yīng)時(shí)間（假設(shè)第10列為響應(yīng)時(shí)間）
awk '{sum+=$10; count++} END {print "Avg:",sum/count,"ms"}' /var/log/nginx/access.log

# 替換日志中的敏感信息
sed 's/192.168.1.100/[REDACTED]/g' /var/log/auth.log
# 提取特定時(shí)間范圍的日志
sed -n '/May 10 09:00:00/,/May 10 10:00:00/p' /var/log/syslog
# 刪除空白行
sed '/^$/d' /var/log/application.log
# 只顯示包含error或warning的行
sed -n '/error\|warning/p' /var/log/syslog

# 提取第一列
cut -d' ' -f1 /var/log/nginx/access.log
# 提取第5-8列
cut -d' ' -f5-8 /var/log/nginx/access.log
# 使用冒號(hào)分隔符提取用戶名
cut -d: -f1 /etc/passwd

# 統(tǒng)計(jì)IP出現(xiàn)頻率
cat /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr
# 統(tǒng)計(jì)HTTP狀態(tài)碼頻率
cat /var/log/nginx/access.log | awk '{print $9}' | sort | uniq -c | sort -n
# 統(tǒng)計(jì)訪問最多的URL
cat /var/log/nginx/access.log | awk '{print $7}' | sort | uniq -c | sort -nr | head -20
# 統(tǒng)計(jì)不同HTTP方法的請(qǐng)求數(shù)
cat /var/log/nginx/access.log | awk '{print $6}' | sed 's/"http://g' | sort | uniq -c

# 統(tǒng)計(jì)每小時(shí)請(qǐng)求數(shù)
cat /var/log/nginx/access.log | awk '{print $4}' | cut -d: -f2 | sort | uniq -c
# 統(tǒng)計(jì)每分鐘請(qǐng)求數(shù)（更精細(xì)）
cat /var/log/nginx/access.log | awk '{print $4}' | cut -d: -f2,3 | sort | uniq -c
# 統(tǒng)計(jì)每天請(qǐng)求數(shù)（需要日志中包含日期）
cat /var/log/nginx/access.log | awk '{print $4}' | cut -d[ -f2 | cut -d: -f1 | sort | uniq -c

# 找出響應(yīng)時(shí)間最長(zhǎng)的請(qǐng)求（假設(shè)第10列為響應(yīng)時(shí)間）
cat /var/log/nginx/access.log | awk '{print $10,$7}' | sort -nr | head -20
# 統(tǒng)計(jì)不同響應(yīng)時(shí)間的請(qǐng)求分布
cat /var/log/nginx/access.log | awk '{if($10<0.1) a++; else if($10<0.5) b++; else if($10<1) c++; else d++} END {print "0-0.1s:",a,"\n0.1-0.5s:",b,"\n0.5-1s:",c,"\n>1s:",d}'
# 計(jì)算95分位響應(yīng)時(shí)間
cat /var/log/nginx/access.log | awk '{print $10}' | sort -n | awk '{all[NR] = $0} END{print all[int(NR*0.95)]}'

cat /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -20 | awk '{if($1>100) print $2}'

grep " 500 " /var/log/nginx/access.log | awk '{print $1,$7,$9}' | sort | uniq -c | sort -nr

tail -f /var/log/application.log | grep --line-buffered -E "ERROR|CRITICAL" | while read line; do echo "$line" | mail -s "Application Error Alert" admin@example.com; done

cat /var/log/auth.log | grep "Failed password" | awk '{print $11}' | sort | uniq -c | sort -nr | head -20

cess.log.2023-$month-*.gz | wc -l; done