arrays - Count ip repeat in log from bash -


bash can tell repetition of ip within log through specific search?

by example:

#!/bin/bash  # log line: [sat jul 04 21:55:35 2015] [error] [client 192.168.1.39] access denied status code 403.  grep "status\scode\s403" /var/log/httpd/custom_error_log | while read line ;      pattern='^\[.*?\]\s\[error\]\s\[client\s(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\].*?403'     [[ $line =~ $pattern ]]      res_remote_addr="${bash_rematch[1]}.${bash_rematch[2]}.${bash_rematch[3]}.${bash_rematch[4]}"      echo "remote addr: $res_remote_addr"  done 

i need know end results obtained few times each message 403 ip, if possible sort highest lowest.

by example output:

200.200.200.200 50 times. 200.200.200.201 40 times. 200.200.200.202 30 times. ... etc ... 

this need create html report monthly log of apache in series of events (something awstats).

there better ways. following proposal, should more readable , easier maintain:

grep -p -o '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}' log_file | sort | uniq -c | sort -k1,1 -r -n 

output should in form of:

count1 ip1 count2 ip2 

update:

filter 403:

grep -p -o '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?=.*403)' log_file | sort | uniq -c | sort -k1,1 -r -n 

notice ahead suffice.


Comments

Popular posts from this blog

c# - Better 64-bit byte array hash -

webrtc - Which ICE candidate am I using and why? -

php - Zend Framework / Skeleton-Application / Composer install issue -