Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 576
  • Last Modified:

how to search a file for an unknown ip address that occurs the most in the file

If I'm trying to see what ip address occurs most in an apache access file, how would I do that?

The ip address is unknown.  Maybe something with grep?  Anything will do, so long as it can be done in bash.

Thanks!
0
drj003
Asked:
drj003
2 Solutions
 
käµfm³d 👽Commented:
How about:

grep "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" log_file | sort | uniq -c | sort -r | head -n1

Open in new window

0
 
TintinCommented:
awk '{print $1}' access.log|sort |uniq -c|sort -rn | less

Open in new window

0
 
g3nu1n3Commented:
awk '{ print $1 }' /etc/httpd/logs/access_log | sort | uniq -c | sort -r | awk 'NR == 1'

You will want to change the path to your access_log and you can remove the last awk command if you wish to get output for all IP addresses and the number of times they appear in your access_log
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Prashant2888Commented:
cat <your log file> | egrep '[0-255][.]|[0-255][.]|[0-255][.]|[0-255]'|uniq -c |sort -nr | head -1


You will get the IP address that has occured the most in the log file.


Thanks, Good luck..
0
 
käµfm³d 👽Commented:
@Prashant2888

Your pattern doesn't do what you think it does  = )

"[0-255]" means "either 0, 1, 2, or 5", not "0 to 255".
0
 
Prashant2888Commented:
@kaufmed
Yeah, right.. it will need more changes.. :)
0
 
drj003Author Commented:
Thanks guys.  Exactly what I was looking for.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now