Count ip repeat in log from bash

Question

bash as I can tell from the repetition of an IP within a log through a specific search?

By example:

#!/bin/bash

# Log line: [Sat Jul 04 21:55:35 2015] [error] [client 192.168.1.39] Access denied with status code 403.

grep "status\scode\s403" /var/log/httpd/custom_error_log | while read line ; do

    pattern='^$$.*?$$\s$$error$$\s$$client\s(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$$.*?403'
    [[ $line =~ $pattern ]]

    res_remote_addr="${BASH_REMATCH[1]}.${BASH_REMATCH[2]}.${BASH_REMATCH[3]}.${BASH_REMATCH[4]}"

    echo "Remote Addr: $res_remote_addr"

done

I need to know the end results obtained a few times each message 403 ip, if possible sort highest to lowest.

By example output:

200.200.200.200 50 times.
200.200.200.201 40 times.
200.200.200.202 30 times.
... etc ...

This we need to create an html report from a monthly log of apache in a series of events (something like awstats).

Jason Hu · Accepted Answer

there are better ways. following is my proposal, which should be more readable and easier to maintain:

grep -P -o '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}' log_file | sort | uniq -c | sort -k1,1 -r -n

output should be in a form of:

count1 ip1
count2 ip2

update:

filter only 403:

grep -P -o '\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}(?=.*403)' log_file | sort | uniq -c | sort -k1,1 -r -n

notice that a look ahead would suffice.

Count ip repeat in log from bash

Answers (2)

Related Questions