Shell script to grep all Nginx logs for TLS entries (requires modified nginx.conf script to include `$ssl_protocol/$ssl_cipher` in the access log definition).

nginx-tls.sh

#!/bin/bash

# Script to check the versions of TLS clients are connecting to our Nginx proxy with. Written by Paul Vaughan [gist.]github.com/vaughany
# https://gist.github.com/vaughany/48e12cfc0c645cf95eb630fbda34df22
# Many thanks to: https://misc.flogisoft.com/bash/tip_colors_and_formatting
#
# Copy this script to the proxy server and make it executable.
# ssh to the remote server and type: `sudo ./nginx-tls.sh` or run locally via ssh: `ssh 10.10.9.10 sudo ./nginx-tls.sh`

if [[ $EUID -ne 0 ]]; then
   echo -e "\e[91mThis script must be run as root.\e[0m"
   exit 1
fi

echo -e "\nChecking all available Nginx access logs (even the compressed, rotated ones)."
echo -e " TLS date:\tWed May  9 21:45:46 BST 2018"
echo -en " Run date:\t" && date

echo -en "\n\e[2mPreparing temp files..."
FILES="tls_all.log tls_1.2.log tls_1.1.log tls_1.0.log"
for f in $FILES; do
    truncate /tmp/$f --size 0
done
echo -en "\tdone.\nProcessing logs..."
# Process all rows from logs, or exclude those rows from IP addresses starting '10.10.' (reserved, internal addresses).
# zcat /var/log/nginx/access.log* | grep -i ' - TLSv' > /tmp/tls_all.log
# zcat /var/log/nginx/access.log* | grep -i ' - TLSv' | grep -v '10\.10\.' > /tmp/tls_all.log
zgrep -i ' - TLSv' /var/log/nginx/access.log* | grep --line-buffered -v '10\.10\.' > /tmp/tls_all.log
tlsall=$(cat /tmp/tls_all.log | wc -l)
echo -e "\tdone.\e[0m"

echo -e "\n\e[1mConnections using:\e[0m"

echo -en " * \e[92mTLSv1.2:\e[0m\t"
zgrep -i ' - TLSv1.2/' /tmp/tls_all.log > /tmp/tls_1.2.log
tls12=$(cat /tmp/tls_1.2.log | wc -l)
tls12p=$(echo "$tls12 / $tlsall * 100" | bc -l)
echo -en "$tls12\t(" && printf "%3.2f" $tls12p && echo "%)"

echo -en " * \e[93mTLSv1.1:\e[0m\t"
zgrep -i ' - TLSv1.1/' /tmp/tls_all.log > /tmp/tls_1.1.log
tls11=$(cat /tmp/tls_1.1.log | wc -l)
tls11p=$(echo "$tls11 / $tlsall * 100" | bc -l)
echo -en "$tls11\t(" && printf "%3.2f" $tls11p && echo "%)"

echo -en " * \e[91mTLSv1:\e[0m\t"
zgrep -i ' - TLSv1/' /tmp/tls_all.log > /tmp/tls_1.0.log
tls10=$(cat /tmp/tls_1.0.log | wc -l)
tls10p=$(echo "$tls10 / $tlsall * 100" | bc -l)
echo -en "$tls10\t(" && printf "%3.2f" $tls10p && echo "%)"

sleep 1

if [ -s "/tmp/tls_1.1.log" ]; then
    echo -e "\n\e[93mMost recent connections using TLSv1.1\e[0;2m (log saved to '/tmp/tls_1.1.log'):\e[0m"
    echo -en "\e[37m" && tail -n 5 /tmp/tls_1.1.log && echo -en "\e[0m"

    echo -e "\n\e[93;2mReferrers:\e[0m"
    cut -d\" -f6 /tmp/tls_1.1.log | sort | uniq -c | sort -nr
# else
#     echo -e "\n\e[92mNo connections using TLSv1.1.\e[0m"
fi

if [ -s "/tmp/tls_1.0.log" ]; then
    echo -e "\n\e[91mMost recent connections using TLSv1\e[0;2m (log saved to '/tmp/tls_1.0.log'):\e[0m"
    echo -en "\e[37m" && tail -n 5 /tmp/tls_1.0.log && echo -en "\e[0m"

    echo -e "\n\e[91;2mReferrers:\e[0m"
    cut -d\" -f6 /tmp/tls_1.0.log | sort | uniq -c | sort -nr
# else
#     echo -e "\e[92mNo connections using TLSv1.\e[0m"
fi

echo -en "\n\e[2mClearing up..."
FILES="tls_all.log tls_1.2.log"
for f in $FILES; do
    truncate /tmp/$f --size 0
done
echo -e "\tdone.\e[0m"

echo -n "$(date)" >> tls.log && echo -e ": \e[92m$tls12\e[0m / \e[93m$tls11\e[0m / \e[91m$tls10\e[0m" >> tls.log
echo -en "\n\e[1mtl:dr; \e[0;92m$tls12 (" && printf "%3.2f" $tls12p && echo -en "%)\e[0m / \e[93m$tls11 (" && printf "%3.2f" $tls11p && echo -en "%)\e[0m / \e[91m$tls10 (" && printf "%3.2f" $tls10p && echo -e "%)\e[0m. Progress saved to 'tls.log':\n"

echo -en "First:\t" && head -n 1 tls.log && echo -en "Latest:\t" && tail -n 1 tls.log

exit 0