spx2
01-03-2008, 07:35 PM
I wanted to know how many times each unique ip was seen in my logs and order them in decreasing order of number of occurences.
I don't know of any thing that does this already so I quickly wrote a one-liner using native unix commands and perl.
the logs are located as you all know in /var/log/proftpd/proftpd.log
so I did
cat proftpd/proftpd.log | perl -ne '/(\d+\.\d+\.\d+\.\d+)/;print "$1\n" if $1;' | sort | uniq -c | sort -r -n -k 1
The first cat is for getting the contents of the log,the second pipe filter
using perl is for extracting from each line the ip and printing it if and only
if there is a match for that regex(wich matches only ips)on that line.
The following line sorts the ips so that uniq can do its job of properly eliminating the duplicates and -c is to also prepend the count of each
ip on the first column of the output.then sort -r means sort them in reverse
-n means numerically and -k 1 means the first column.
Reference:
http://lowfatlinux.com/linux-sort.html
I don't know of any thing that does this already so I quickly wrote a one-liner using native unix commands and perl.
the logs are located as you all know in /var/log/proftpd/proftpd.log
so I did
cat proftpd/proftpd.log | perl -ne '/(\d+\.\d+\.\d+\.\d+)/;print "$1\n" if $1;' | sort | uniq -c | sort -r -n -k 1
The first cat is for getting the contents of the log,the second pipe filter
using perl is for extracting from each line the ip and printing it if and only
if there is a match for that regex(wich matches only ips)on that line.
The following line sorts the ips so that uniq can do its job of properly eliminating the duplicates and -c is to also prepend the count of each
ip on the first column of the output.then sort -r means sort them in reverse
-n means numerically and -k 1 means the first column.
Reference:
http://lowfatlinux.com/linux-sort.html