Using Bash to Extract IP Addresses From Each Line of Log File

Question

Is there a way using bash /sed/awk to extract IP addresses from each line of log file to show IP host conversations or connection attempts?

Example of log file:

*Teardown TCP connection -1948864210 for Node14:110.98.8.41 to Net_N:10.98.35.28 duration 0:02:01 bytes 0 SYN Timeout
Built outbound TCP connection -1948863670 for Net11:10.10.2.5 (10.10.2.5 to Net01:10.9.15.2 (10.9.15.2)
Deny tcp src Node22:10.128.4.201/2254 dst outside:10.198.2.1/5560 by access-group "111"*

Required output, listing IP conversation/connection attempt:

110.98.8.41 10.98.35.28

10.10.2.5 10.9.15.2

10.128.4.201 10.198.2.1

I have tried using grep to strip out the IPs:

cat log.file | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort | uniq

But the output just lists single IP addresses and not line-by-line IP conversations

Any help is appreciated..

Answer 1

To print IPs next to each other, try the below command:

cat first | grep -o '[0-9]\{0,3\}\.[0-9]\{0,3\}\.[0-9]\{0,3\}\.[0-9]\{0,3\}' | awk 'NR%2{printf $0"\t";next;}1' 

Answer 2

You could do this:

octet='\<(25[0-5]|2[0-4][0-9]|1[0-9][0-9]|[1-9][0-9]?)\>'
ip="$octet\\.$octet\\.$octet\\.$octet"
grep -Eo "$ip" file | paste - -

Or, use a wheel that's already been invented

perl -MRegexp::Common -lne '$,=" "; print /$RE{net}{IPv4}/g' file