Get count of IP addresses in a log file arranged in descending order of frequency

From Notes_Wiki
Revision as of 11:39, 13 February 2016 by Saurabh (talk | contribs) (Created page with "<yambe:breadcrumb>Useful_bash_shell_scripts|Useful bash shell scripts</yambe:breadcrumb> =Get count of IP addresses in a log file arranged in descending order of frequency= T...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

<yambe:breadcrumb>Useful_bash_shell_scripts|Useful bash shell scripts</yambe:breadcrumb>

Get count of IP addresses in a log file arranged in descending order of frequency

To get count of IP addresses in a log file arranged in descending order of frequency use following steps:

  1. Get all the IPs from log file into a temporary file: 
    grep -o '\([0-9]\{1,3\}\.\)\{3\}[0-9]\{1,3\}' log-file > ip1.txt
  2. Remove set of IPs that are not important such as loop-back or machines own IP address or local IP ranges 
    grep -v 127.0.0.1 ip1.txt | grep -v 1.2.3.4 | grep -v '^192\.168' > ip2.txt
  3. Sort IPs, get count of each IP with help of "uniq -c" and then again sort in reverse order of frequency using sort: 
    cat ip2.txt | sort | uniq -c | sort -rnb > ip3.txt
  4. Final temporary file (eg ip3.txt in above command) would have IPs arranged in descending order of frequency with frequency also mentioned in front of each IP
Retrieved from "http://www.sbarjatiya.com/notes_wiki/index.php?title=Get_count_of_IP_addresses_in_a_log_file_arranged_in_descending_order_of_frequency&oldid=2368"