收集IP地址的日志 [英] Grepping logs for IP addresses

问题描述

我不太擅长使用基本"? Unix命令，这个问题使我的知识更加难以测试.我想做的是从日志中grep所有IP地址(例如，来自Apache的access.log)，并计算它们发生的频率.我可以使用一个命令来执行此操作，还是需要为此编写脚本?

I am quite bad at using "basic?" unix commands and this question puts my knowledge even more to test. What I would like to do is grep all IP adresses from a log (e.g. access.log from apache) and count how often they occur. Can I do that with one command or do I need to write a script for that?

推荐答案

您至少需要一条较短的管道.

You'll need a short pipeline at least.

sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d access.log | sort | uniq -c

哪个将打印每个IP(尽管仅适用于ipv4)，并以计数开头.

Which will print each IP (will only work with ipv4 though), sorted prefixed with the count.

我用apache2的access.log(虽然它是可配置的，所以您需要检查)进行了测试，但它对我有用.假定IP地址是每一行的第一件事.

I tested it with apache2's access.log (it's configurable though, so you'll need to check), and it worked for me. It assumes the IP-address is the first thing on each line.

sed收集IP地址(实际上，它查找4位数字，中间有句点)，并用它替换整行.如果-e t设法进行替换，则继续到下一行，-e d删除该行(如果没有IP地址). sort进行排序.. :)并且uniq -c对连续的相同行的实例进行计数(由于我们已经对它们进行了排序，因此它对应于总数).

The sed collects the IP-addresses (actually it looks for 4 sets of digits, with periods in between), and replaces the entire line with it. -e t continues to the next line if it managed to do a substitution, -e d deletes the line (if there was no IP address on it). sort sorts.. :) And uniq -c counts instances of consecutive identical lines (which, since we've sorted them, corresponds to the total count).

这篇关于收集IP地址的日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！