This article shows how you can find, sort, and count IP addresses from any log or text file.
We will be using the grep
command for this purpose. The grep utility searches any given input files, selecting lines that match one or more patterns.
We will use the -o
option of the grep
command. This option will return only the matched pattern and not the whole line.
We will use the following regular expression pattern to search/fetch the IP addresses:
[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+
Get all IP addresses
grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log
Output:
220.227.40.118
220.227.40.118
59.95.13.217
111.92.9.222
120.56.236.46
49.138.106.21
117.195.185.130
122.160.166.220
46.72.177.4
46.72.177.4
46.72.177.4
46.72.177.4
188.187.105.165
46.72.177.4
188.187.105.165
...
...
Get all IP addresses & Sort
Sort the IP addresses.
grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort
Output:
111.92.9.222
117.195.185.130
120.56.236.46
122.160.166.220
172.58.204.254
188.187.105.165
188.187.105.165
188.187.105.165
188.187.105.165
188.187.105.165
188.187.105.165
220.227.40.118
220.227.40.118
3.121.24.234
3.121.24.234
37.159.185.154
46.72.177.4
46.72.177.4
46.72.177.4
...
...
Get all IP addresses & Sort & Unique
Sort and only fetch/print the unique IP addresses, i.e. remove duplicate IP addresses.
grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort | uniq
Output:
111.92.9.222
117.195.185.130
120.56.236.46
122.160.166.220
172.58.204.254
188.187.105.165
220.227.40.118
3.121.24.234
37.159.185.154
46.72.177.4
46.72.184.174
46.72.185.236
...
...
Get all IP addresses & Sort & Unique & Count
Sort, remove duplicates, and show the count of each IP address, i.e. the number of times the IP address is present in the log file.
grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort | uniq -c
Output:
1 172.58.204.254
6 188.187.105.165
2 220.227.40.118
2 3.121.24.234
1 37.159.185.154
12 46.72.177.4
...
...
Get all IP addresses & Sort & Unique & Count & Sort
Above, the count of the IP addresses is not sorted. So, here we will sort the count of the IP addresses in ascending or descending order. We will use the numeric sort option -n
.
Ascending sort (-n numeric sort)
grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort | uniq -c | sort -n
Output (ascending sort):
1 111.92.9.222
1 117.195.185.130
1 120.56.236.46
1 122.160.166.220
1 172.58.204.254
1 37.159.185.154
1 49.138.106.21
1 59.95.13.217
2 220.227.40.118
2 3.121.24.234
2 46.72.185.236
2 46.72.192.202
2 54.185.146.72
2 72.0.3626.109
2 81.0.4044.113
2 84.0.4147.135
4 46.72.184.174
4 46.72.213.133
6 188.187.105.165
12 46.72.177.4
Descending sort (-r = reverse sort)
grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort | uniq -c | sort -r
Output (descending sort):
12 46.72.177.4
6 188.187.105.165
4 46.72.213.133
4 46.72.184.174
2 84.0.4147.135
2 81.0.4044.113
2 72.0.3626.109
2 54.185.146.72
2 46.72.192.202
2 46.72.185.236
2 3.121.24.234
2 220.227.40.118
1 59.95.13.217
1 49.138.106.21
1 37.159.185.154
1 172.58.204.254
1 122.160.166.220
1 120.56.236.46
1 117.195.185.130
1 111.92.9.222
Hope this helps. Thanks.
Reference: https://www.petefreitag.com/item/884.cfm