Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Grepping logs for IP addresses

Tags:

grep

I am quite bad at using "basic?" unix commands and this question puts my knowledge even more to test. What I would like to do is grep all IP adresses from a log (e.g. access.log from apache) and count how often they occur. Can I do that with one command or do I need to write a script for that?

like image 505
Paul Peelen Avatar asked Apr 20 '11 18:04

Paul Peelen

People also ask

What are IP address logs?

IP logging happens when your IP address gets displayed in a comment or a post online. When you comment or post online on social media platforms or more, you will get a warning that your IP address logging is on.

How do I grep multiple IP addresses?

To search for multiple IP addresses, separate the IP addresses with a back slash and a pipe symbol like so… To search for multiple IP addresses in multiple files, you can pass in a number of log files or better yet is to use a wildcard such as an asterisk followed by the file extension.

How do I grep an IP?

In Linux you can use regular expressions with grep to extract an IP address from a file. The grep command has the -E (extended regex) option to allow it to interpret a pattern as a extended regular expression.

How do I grep a log?

For searching files, the command syntax you use is grep [options] [pattern] [file] , where “pattern” is what you want to search for. For example, to search for the word “error” in the log file, you would enter grep 'error' junglediskserver. log , and all lines that contain”error” will output to the screen.

2 Answers

You'll need a short pipeline at least.

sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d access.log | sort | uniq -c

Which will print each IP (will only work with ipv4 though), sorted prefixed with the count.

I tested it with apache2's access.log (it's configurable though, so you'll need to check), and it worked for me. It assumes the IP-address is the first thing on each line.

The sed collects the IP-addresses (actually it looks for 4 sets of digits, with periods in between), and replaces the entire line with it. -e t continues to the next line if it managed to do a substitution, -e d deletes the line (if there was no IP address on it). sort sorts.. :) And uniq -c counts instances of consecutive identical lines (which, since we've sorted them, corresponds to the total count).

like image 75
falstro Avatar answered Sep 22 '22 18:09

falstro

None of the answers presented here worked for me, so here is a working one:

cat yourlogs.txt | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort | uniq -c | sort

it uses grep to isolate all ips. then sorts them, counts them, and sorts that result again.

like image 27
David Schumann Avatar answered Sep 19 '22 18:09

David Schumann
Sign in to Comment

Related questions

About 'grep -f': match pattern with file
subprocess.check_output with grep command fails when grep finds no matches
Default string for grep-find in emacs
Perl splitting array based on condition using grep
How do you make `git grep` output look like `ack` output?
How do I delete a matching line and the previous one?
perform an operation for *each* item listed by grep
grep match lines with n leading spaces
Bash (grep) regex performing unexpectedly
What does ^ character mean in grep ^d?
How to get only filenames without Path by using grep
How to get process id from process name?
grep find lines that contains " \t"
How to put Ruby Variable inside of Regex Code
Regular expression for finding a regular expression?
How to Check if Macbook Lid is closed via Terminal? [closed]
Match specific column with grep command
Summary of differences in regular expression syntax for various tools and languages?
how to find files containing a string using egrep
Grep: Excluding a specific folder using

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!