最近在做运营的一个需求，需要统计IP访问，突发奇想能不能从Nginx的日志里试试，毕竟以前没搞过，感觉挺有意思的

nginx访问日志格式如下：

xxx.xxx.xxx.xxx - - [17/04/2020:02:58:45 +0000] "GET / HTTP/1.1" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
xxx.xxx.xxx.xxx - - [17/04/2020:02:58:45 +0000] "GET / HTTP/1.1" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"
xxx.xxx.xxx.xxx - - [17/04/2020:02:58:45 +0000] "GET / HTTP/1.1" 502 166 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:64.0) Gecko/20100101 Firefox/64.0"

解决思路：

# 先提取访客的 ip，awk提取
$ cat access.log |awk '{print$1}'
223.166.74.72
119.39.46.77
110.167.94.116
71.6.202.253
115.192.187.161
134.119.218.243
184.105.247.196
87.2.28.156
...

# 对所展示的ip进行统计操作
$ cat access.log |awk '{print1}'|sort|uniq -c
2 157.55.39.27
1 159.203.201.155
8 163.177.13.2
1 164.68.112.178
1 171.34.179.184
1 175.152.111.112
4 175.184.164.59
84 182.138.137.127
158 182.138.158.156
334 182.138.158.183
250 182.138.158.67
...

# 上面的是没有排序的，加上sort-rn命令即可排序
$ cat 1.log | awk '{print$1}' |sort|uniq -c|sort -rn
334 182.138.158.183
250 182.138.158.67
158 182.138.158.156
84 182.138.137.127
16 36.32.3.46
10 123.245.24.149
8 163.177.13.2
7 182.96.12.70
6 39.100.240.14
6 39.100.231.247
...

# 通过上面的命令即可完成统计, 如果需要展示前5名的ip，只需要加上 head -5 即可
$ cat access.log | awk '{print$1}' |sort|uniq -c|sort -rn|head -5
334 182.138.158.183
250 182.138.158.67
158 182.138.158.156
84 182.138.137.127
16 36.32.3.46