Occurence Count
Clash Royale CLAN TAG#URR8PPP
184.13.80.102 - - [07/Jan/2019:00:33:10 -0500] "GET /?p=454 HTTP/1.1" 200 8822 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [07/Jan/2019:20:16:12 -0500] "GET /?p=454 HTTP/1.1" 200 8820 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
184.13.80.102 - - [07/Jan/2019:23:14:10 -0500] "GET /?p=454 HTTP/1.1" 200 8820 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:02:32:22 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:03:57:19 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:23:05:32 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:07:35:10 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:14:45:36 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:23:22:03 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [10/Jan/2019:23:50:28 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0"
184.13.80.102 - - [13/Jan/2019:00:56:36 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [15/Jan/2019:20:47:56 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [15/Jan/2019:22:36:09 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
This user tries to flood my server. How can I use cat
or awk
to check access_log
for a specific ip
and detect how many days the ip
tried to access the server?
It is 6 days in this example.
shell-script text-processing logs
add a comment |
184.13.80.102 - - [07/Jan/2019:00:33:10 -0500] "GET /?p=454 HTTP/1.1" 200 8822 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [07/Jan/2019:20:16:12 -0500] "GET /?p=454 HTTP/1.1" 200 8820 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
184.13.80.102 - - [07/Jan/2019:23:14:10 -0500] "GET /?p=454 HTTP/1.1" 200 8820 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:02:32:22 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:03:57:19 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:23:05:32 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:07:35:10 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:14:45:36 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:23:22:03 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [10/Jan/2019:23:50:28 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0"
184.13.80.102 - - [13/Jan/2019:00:56:36 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [15/Jan/2019:20:47:56 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [15/Jan/2019:22:36:09 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
This user tries to flood my server. How can I use cat
or awk
to check access_log
for a specific ip
and detect how many days the ip
tried to access the server?
It is 6 days in this example.
shell-script text-processing logs
add a comment |
184.13.80.102 - - [07/Jan/2019:00:33:10 -0500] "GET /?p=454 HTTP/1.1" 200 8822 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [07/Jan/2019:20:16:12 -0500] "GET /?p=454 HTTP/1.1" 200 8820 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
184.13.80.102 - - [07/Jan/2019:23:14:10 -0500] "GET /?p=454 HTTP/1.1" 200 8820 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:02:32:22 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:03:57:19 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:23:05:32 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:07:35:10 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:14:45:36 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:23:22:03 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [10/Jan/2019:23:50:28 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0"
184.13.80.102 - - [13/Jan/2019:00:56:36 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [15/Jan/2019:20:47:56 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [15/Jan/2019:22:36:09 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
This user tries to flood my server. How can I use cat
or awk
to check access_log
for a specific ip
and detect how many days the ip
tried to access the server?
It is 6 days in this example.
shell-script text-processing logs
184.13.80.102 - - [07/Jan/2019:00:33:10 -0500] "GET /?p=454 HTTP/1.1" 200 8822 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [07/Jan/2019:20:16:12 -0500] "GET /?p=454 HTTP/1.1" 200 8820 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:63.0) Gecko/20100101 Firefox/63.0"
184.13.80.102 - - [07/Jan/2019:23:14:10 -0500] "GET /?p=454 HTTP/1.1" 200 8820 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:02:32:22 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:03:57:19 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [08/Jan/2019:23:05:32 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:07:35:10 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:14:45:36 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [09/Jan/2019:23:22:03 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [10/Jan/2019:23:50:28 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Linux i686; rv:60.0) Gecko/20100101 Firefox/60.0"
184.13.80.102 - - [13/Jan/2019:00:56:36 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [15/Jan/2019:20:47:56 -0500] "GET /?p=454 HTTP/1.1" 200 8819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0"
184.13.80.102 - - [15/Jan/2019:22:36:09 -0500] "GET /?p=454 HTTP/1.1" 200 8821 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0"
This user tries to flood my server. How can I use cat
or awk
to check access_log
for a specific ip
and detect how many days the ip
tried to access the server?
It is 6 days in this example.
shell-script text-processing logs
shell-script text-processing logs
edited Jan 17 at 15:26
Jeff Schaller
40.8k1056129
40.8k1056129
asked Jan 17 at 15:22
NecNeccoNecNecco
3081517
3081517
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
You can use the command:
grep "$ip" log_file | cut -d '[' -f2 | cut -d '/' -f1 | uniq | wc -l
Let us say the ip address
to search is in the variable ip
, and log_file
is your log file.
You can define ip
variable as ip="184.13.80.102"
.
add a comment |
#!/bin/bash
echo "enter the ip"
read ip
awk -v i="$i" '/i/print $4' filename| sed "s/[//g"| awk 'print substr($1,1,2)'|awk 'if (!seen[$1]++)print $1'| wc -l| sed "1i Below are Number of times "$ip" exsists"
output
Below are Number of times 184.13.80.102 exsists
6
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495092%2foccurence-count%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
You can use the command:
grep "$ip" log_file | cut -d '[' -f2 | cut -d '/' -f1 | uniq | wc -l
Let us say the ip address
to search is in the variable ip
, and log_file
is your log file.
You can define ip
variable as ip="184.13.80.102"
.
add a comment |
You can use the command:
grep "$ip" log_file | cut -d '[' -f2 | cut -d '/' -f1 | uniq | wc -l
Let us say the ip address
to search is in the variable ip
, and log_file
is your log file.
You can define ip
variable as ip="184.13.80.102"
.
add a comment |
You can use the command:
grep "$ip" log_file | cut -d '[' -f2 | cut -d '/' -f1 | uniq | wc -l
Let us say the ip address
to search is in the variable ip
, and log_file
is your log file.
You can define ip
variable as ip="184.13.80.102"
.
You can use the command:
grep "$ip" log_file | cut -d '[' -f2 | cut -d '/' -f1 | uniq | wc -l
Let us say the ip address
to search is in the variable ip
, and log_file
is your log file.
You can define ip
variable as ip="184.13.80.102"
.
answered Jan 17 at 15:29
PRYPRY
1,87431024
1,87431024
add a comment |
add a comment |
#!/bin/bash
echo "enter the ip"
read ip
awk -v i="$i" '/i/print $4' filename| sed "s/[//g"| awk 'print substr($1,1,2)'|awk 'if (!seen[$1]++)print $1'| wc -l| sed "1i Below are Number of times "$ip" exsists"
output
Below are Number of times 184.13.80.102 exsists
6
add a comment |
#!/bin/bash
echo "enter the ip"
read ip
awk -v i="$i" '/i/print $4' filename| sed "s/[//g"| awk 'print substr($1,1,2)'|awk 'if (!seen[$1]++)print $1'| wc -l| sed "1i Below are Number of times "$ip" exsists"
output
Below are Number of times 184.13.80.102 exsists
6
add a comment |
#!/bin/bash
echo "enter the ip"
read ip
awk -v i="$i" '/i/print $4' filename| sed "s/[//g"| awk 'print substr($1,1,2)'|awk 'if (!seen[$1]++)print $1'| wc -l| sed "1i Below are Number of times "$ip" exsists"
output
Below are Number of times 184.13.80.102 exsists
6
#!/bin/bash
echo "enter the ip"
read ip
awk -v i="$i" '/i/print $4' filename| sed "s/[//g"| awk 'print substr($1,1,2)'|awk 'if (!seen[$1]++)print $1'| wc -l| sed "1i Below are Number of times "$ip" exsists"
output
Below are Number of times 184.13.80.102 exsists
6
answered Jan 17 at 18:29
Praveen Kumar BSPraveen Kumar BS
1,454138
1,454138
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f495092%2foccurence-count%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown