为IP地址清理日志 [英] Grepping logs for IP adresses
问题描述
我在使用基本?时很不好unix命令,这个问题使我的知识更加考验。我想要做的是从一个日志(例如来自apache的access.log)对所有IP地址进行grep并计算它们发生的频率。我可以用一个命令做到这一点,还是我需要为它写一个脚本?
Br,
Paul Peelen
<至少需要一个短管道。
sed -e's / \([0-9] \ + \。[0-9] \ + \。[0-9] \ + \。[0-9] \ + \)。* $ / \ 1 /'-et -ed access.log |排序| uniq -c
哪个会打印每个IP(只能用于ipv4),排序前缀为计数。
我用apache2的access.log测试了它(它可以配置,所以你需要检查),它对我很有用。它假设IP地址是每一行的第一件事。
sed收集IP地址(实际上它寻找4组数字, ),并用它替换整个行。 -et
如果它设法替换,则继续到下一行, -ed
删除行(如果存在没有IP地址)。 sort
sorts .. :)并且 uniq -c
计算连续相同行的实例(这是因为我们已经排序他们,相当于总数)。
I am quite bad at using "basic?" unix commands and this question puts my knowledge even more to test. What I would like to do is grep all IP adresses from a log (e.g. access.log from apache) and count how often they occur. Can I do that with one command or do I need to write a script for that?
Br, Paul Peelen
You'll need a short pipeline at least.
sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d access.log | sort | uniq -c
Which will print each IP (will only work with ipv4 though), sorted prefixed with the count.
I tested it with apache2's access.log (it's configurable though, so you'll need to check), and it worked for me. It assumes the IP-address is the first thing on each line.
The sed collects the IP-addresses (actually it looks for 4 sets of digits, with periods in between), and replaces the entire line with it. -e t
continues to the next line if it managed to do a substitution, -e d
deletes the line (if there was no IP address on it). sort
sorts.. :) And uniq -c
counts instances of consecutive identical lines (which, since we've sorted them, corresponds to the total count).
这篇关于为IP地址清理日志的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!