BASH
Analyze Web Server Access Logs for Top IP Addresses and Requested URLs
Quickly analyze Nginx or Apache access logs using Bash. This script extracts and ranks the top IP addresses accessing your server and the most frequently requested URLs for insights.
#!/bin/bash
# Configuration
LOG_FILE="/var/log/nginx/access.log" # Or /var/log/apache2/access.log
NUM_TOP_ENTRIES=10 # Number of top IPs/URLs to display
if [ ! -f "${LOG_FILE}" ]; then
echo "Error: Log file not found at ${LOG_FILE}." >&2
exit 1
fi
echo "Analyzing log file: ${LOG_FILE}"
echo "
--- Top ${NUM_TOP_ENTRIES} Most Frequent IP Addresses ---"
# Extract the first column (IP address), sort, count unique occurrences, then sort numerically and display top N
awk '{print $1}' "${LOG_FILE}" | sort | uniq -c | sort -nr | head -n "${NUM_TOP_ENTRIES}"
echo "
--- Top ${NUM_TOP_ENTRIES} Most Frequent Requested URLs (excluding query strings) ---"
# Extract the 7th column (URL path), remove query strings, sort, count unique, sort numerically and display top N
awk '{print $7}' "${LOG_FILE}" | cut -d'?' -f1 | sort | uniq -c | sort -nr | head -n "${NUM_TOP_ENTRIES}"
echo "
Analysis complete."
How it works: This Bash script provides a quick way to analyze web server access logs (Nginx or Apache) to identify patterns such as top visitors and most requested content. It first checks for the log file's existence. Then, it uses a combination of `awk`, `sort`, `uniq -c`, and `head` to extract, count, and rank the most frequent IP addresses accessing the server. A similar pipeline is used to find the most requested URLs, with `cut -d'?' -f1` added to strip query strings for cleaner URL analysis. This helps in identifying popular pages, potential bot activity, or performance bottlenecks.