Menu
I am quite bad at using "basic?" unix commands and this question puts my knowledge even more to test. What I would like to do is grep all IP adresses from a log (e.g. access.log from apache) and count how often they occur. Can I do that with one command or do I need to write a script for that?
505
IP logging happens when your IP address gets displayed in a comment or a post online. When you comment or post online on social media platforms or more, you will get a warning that your IP address logging is on.
To search for multiple IP addresses, separate the IP addresses with a back slash and a pipe symbol like so… To search for multiple IP addresses in multiple files, you can pass in a number of log files or better yet is to use a wildcard such as an asterisk followed by the file extension.
In Linux you can use regular expressions with grep to extract an IP address from a file. The grep command has the -E (extended regex) option to allow it to interpret a pattern as a extended regular expression.
For searching files, the command syntax you use is grep [options] [pattern] [file] , where “pattern” is what you want to search for. For example, to search for the word “error” in the log file, you would enter grep 'error' junglediskserver. log , and all lines that contain”error” will output to the screen.
You'll need a short pipeline at least.
sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d access.log | sort | uniq -c
Which will print each IP (will only work with ipv4 though), sorted prefixed with the count.
I tested it with apache2's access.log (it's configurable though, so you'll need to check), and it worked for me. It assumes the IP-address is the first thing on each line.
The sed collects the IP-addresses (actually it looks for 4 sets of digits, with periods in between), and replaces the entire line with it. -e t continues to the next line if it managed to do a substitution, -e d deletes the line (if there was no IP address on it). sort sorts.. :) And uniq -c counts instances of consecutive identical lines (which, since we've sorted them, corresponds to the total count).
75
None of the answers presented here worked for me, so here is a working one:
cat yourlogs.txt | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort | uniq -c | sort
it uses grep to isolate all ips. then sorts them, counts them, and sorts that result again.
27
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
