为IP地址清理日志 [英] Grepping logs for IP adresses

问题描述

我在使用基本？时很不好unix命令，这个问题使我的知识更加考验。我想要做的是从一个日志（例如来自apache的access.log）对所有IP地址进行grep并计算它们发生的频率。我可以用一个命令做到这一点，还是我需要为它写一个脚本？

Br，
Paul Peelen

<至少需要一个短管道。

  sed -e's / \（[0-9] \ + \。[0-9] \ + \。[0-9] \ + \。[0-9] \ + \）。* $ / \ 1 /'-et -ed access.log |排序| uniq -c 
  

哪个会打印每个IP（只能用于ipv4），排序前缀为计数。

我用apache2的access.log测试了它（它可以配置，所以你需要检查），它对我很有用。它假设IP地址是每一行的第一件事。

sed收集IP地址（实际上它寻找4组数字， ），并用它替换整个行。 -et 如果它设法替换，则继续到下一行， -ed 删除行（如果存在没有IP地址）。 sort sorts .. :)并且 uniq -c 计算连续相同行的实例（这是因为我们已经排序他们，相当于总数）。

I am quite bad at using "basic?" unix commands and this question puts my knowledge even more to test. What I would like to do is grep all IP adresses from a log (e.g. access.log from apache) and count how often they occur. Can I do that with one command or do I need to write a script for that?

Br, Paul Peelen

解决方案

You'll need a short pipeline at least.

sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d access.log | sort | uniq -c

Which will print each IP (will only work with ipv4 though), sorted prefixed with the count.

I tested it with apache2's access.log (it's configurable though, so you'll need to check), and it worked for me. It assumes the IP-address is the first thing on each line.

The sed collects the IP-addresses (actually it looks for 4 sets of digits, with periods in between), and replaces the entire line with it. -e t continues to the next line if it managed to do a substitution, -e d deletes the line (if there was no IP address on it). sort sorts.. :) And uniq -c counts instances of consecutive identical lines (which, since we've sorted them, corresponds to the total count).

这篇关于为IP地址清理日志的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！