Apacheログのエラーコードのフィルタリング

Apacheログのエラーコードのフィルタリング

Apache/Haproxy ログがあるとしましょう。

Jan 28 15:45:18 lict haproxy[48318]: 103.133.5.14:52243 [28/Jan/2020:15:45:08.730] LICT_front~ LICT_back/web2 9320/0/0/212/9532 302 556 - - --VN 24/24/4/1/0 0/0 "POST /exam/Users/login HTTP/1.1"
Jan 28 15:45:19 lict haproxy[48318]: 37.111.205.140:23757 [28/Jan/2020:15:45:19.355] LICT_front~ LICT_back/web3 56/0/0/1/57 404 373 - - --VN 14/14/2/0/0 0/0 "GET /favicon.ico HTTP/1.1"
Jan 28 15:45:20 lict haproxy[48318]: 10.205.122.17:64022 [28/Jan/2020:15:45:04.084] LICT_front~ LICT_back/web3 15725/0/0/212/15937 302 462 - - --VN 13/13/2/0/0 0/0 "POST /exam/Users/login?lang=bn HTTP/1.1"
Jan 28 15:45:27 lict haproxy[48318]: 103.133.5.14:52253 [28/Jan/2020:15:45:27.779] LICT_front~ LICT_back/web2 119/0/0/78/202 404 15377 - - --VN 13/13/2/1/0 0/0 "GET /exam/img/24_dbbl.png HTTP/1.1"
Jan 28 15:45:33 lict haproxy[48318]: 103.204.209.118:18949 [28/Jan/2020:15:45:33.374] LICT_front~ LICT_back/web2 392/0/1/1/394 404 373 - - --VN 19/19/2/1/0 0/0 "GET /favicon.ico HTTP/1.1"
Jan 28 15:45:37 lict haproxy[48318]: 182.163.96.37:58192 [28/Jan/2020:15:45:37.010] LICT_front~ LICT_back/web2 116/0/1/252/369 302 570 - - --VN 18/18/3/2/0 0/0 "POST /exam/Users/login HTTP/1.1"
Jan 28 15:45:44 lict haproxy[48318]: 10.205.122.17:64040 [28/Jan/2020:15:45:44.109] LICT_front~ LICT_back/web3 27/0/0/80/113 404 15373 - - --VN 16/16/3/0/0 0/0 "GET /exam/img/24_dbbl.png HTTP/1.1"
Jan 28 15:45:44 lict haproxy[48318]: 203.188.251.226:51821 [28/Jan/2020:15:45:44.319] LICT_front~ LICT_back/web3 449/0/0/230/679 302 462 - - --VN 15/15/3/0/0 0/0 "POST /exam/Users/login?lang=bn HTTP/1.1"
Jan 28 15:45:47 lict haproxy[48318]: 103.254.86.107:33762 [28/Jan/2020:15:45:47.444] LICT_front~ LICT_back/web3 119/0/1/160/280 200 425 - - --VN 15/15/3/0/0 0/0 "POST /exam/applicantProfiles/savePersonalInfo HTTP/1.1"
Jan 28 15:45:48 lict haproxy[48318]: 182.163.96.37:58197 [28/Jan/2020:15:45:48.557] LICT_front~ LICT_back/web2 117/0/1/1/119 404 380 - - --VN 15/15/3/2/0 0/0 "GET /images/invalid.png HTTP/1.1"
Jan 28 15:45:49 lict haproxy[48318]: 103.237.38.243:4347 [28/Jan/2020:15:45:49.516] LICT_front~ LICT_back/web3 15/0/1/0/16 404 373 - - --VN 18/18/4/1/0 0/0 "GET /favicon.ico HTTP/1.1"
Jan 28 15:45:51 lict haproxy[48318]: 103.237.38.243:4348 [28/Jan/2020:15:45:51.007] LICT_front~ LICT_back/web3 10/0/1/235/246 302 564 - - --VN 16/16/3/0/0 0/0 "POST /exam/Users/login?lang=bn HTTP/1.1"
Jan 28 15:45:51 lict haproxy[48318]: 182.163.96.37:58198 [28/Jan/2020:15:45:51.669] LICT_front~ LICT_back/web2 113/0/0/2/115 404 378 - - --VN 18/18/3/2/0 0/0 "GET /images/valid.png HTTP/1.1"
Jan 28 15:46:02 lict haproxy[48318]: 103.99.129.15:8789 [28/Jan/2020:15:46:01.696] LICT_front~ LICT_back/web3 687/0/0/201/888 302 590 - - --VN 18/18/4/0/0 0/0 "POST /exam/users/login HTTP/1.1"
Jan 28 15:46:06 lict haproxy[48318]: 182.163.96.37:58199 [28/Jan/2020:15:46:05.488] LICT_front~ LICT_back/web2 587/0/1/70/658 302 548 - - --VN 19/19/3/2/0 0/0 "GET /exam/users/logout HTTP/1.1"
Jan 28 15:46:11 lict haproxy[48318]: 163.53.149.98:50480 [28/Jan/2020:15:46:11.115] LICT_front~ LICT_back/web2 316/0/1/136/454 302 453 - - --VN 18/18/3/2/0 0/0 "GET /exam/users/[email protected]&&account_code=2368455803 HTTP/1.1"

40xや50xなどのエラーコードに対してこのログをフィルタリングしたいです。

Jan 28 15:45:19 lict haproxy[48318]: 37.111.205.140:23757 [28/Jan/2020:15:45:19.355] LICT_front~ LICT_back/web3 56/0/0/1/57 404 373 - - --VN 14/14/2/0/0 0/0 "GET /favicon.ico HTTP/1.1"
Jan 28 15:45:27 lict haproxy[48318]: 103.133.5.14:52253 [28/Jan/2020:15:45:27.779] LICT_front~ LICT_back/web2 119/0/0/78/202 404 15377 - - --VN 13/13/2/1/0 0/0 "GET /exam/img/24_dbbl.png HTTP/1.1"
Jan 28 15:45:33 lict haproxy[48318]: 103.204.209.118:18949 [28/Jan/2020:15:45:33.374] LICT_front~ LICT_back/web2 392/0/1/1/394 404 373 - - --VN 19/19/2/1/0 0/0 "GET /favicon.ico HTTP/1.1"
Jan 28 15:45:44 lict haproxy[48318]: 10.205.122.17:64040 [28/Jan/2020:15:45:44.109] LICT_front~ LICT_back/web3 27/0/0/80/113 404 15373 - - --VN 16/16/3/0/0 0/0 "GET /exam/img/24_dbbl.png HTTP/1.1"
Jan 28 15:45:48 lict haproxy[48318]: 182.163.96.37:58197 [28/Jan/2020:15:45:48.557] LICT_front~ LICT_back/web2 117/0/1/1/119 404 380 - - --VN 15/15/3/2/0 0/0 "GET /images/invalid.png HTTP/1.1"
Jan 28 15:45:49 lict haproxy[48318]: 103.237.38.243:4347 [28/Jan/2020:15:45:49.516] LICT_front~ LICT_back/web3 15/0/1/0/16 404 373 - - --VN 18/18/4/1/0 0/0 "GET /favicon.ico HTTP/1.1"
Jan 28 15:45:51 lict haproxy[48318]: 182.163.96.37:58198 [28/Jan/2020:15:45:51.669] LICT_front~ LICT_back/web2 113/0/0/2/115 404 378 - - --VN 18/18/3/2/0 0/0 "GET /images/valid.png HTTP/1.1"

grep/awk/sed またはその他のシェルスクリプトツールを使用してこれを行うにはどうすればよいですか?

答え1

レコード11を次のものと組み合わせることができますawk

awk '$11 ~ /^[45]0/' logfile

または、grep最初の5つの数字を「/」で区切り、その後にスペース、ステータスコード、その他のスペースを入力することもできます(参照:HAProxy HTTP ログ形式):

grep '[0-9]*/[0-9]*/[0-9]*/[0-9]*/[0-9]* [45]0[0-9] ' logfile

または

grep -E '([0-9]*/){4}[0-9]* [45]0[0-9] ' logfile

関連情報