Find & Count IP Addresses from Log File – Grep

Categories Linux, Miscellaneous Tags , , , , ,
LinkedInPinPrintShares

This article shows how you can find, sort, and count IP addresses from any log or text file.

We will be using the grep command for this purpose. The grep utility searches any given input files, selecting lines that match one or more patterns.

We will use the -o option of the grep command. This option will return only the matched pattern and not the whole line.

We will use the following regular expression pattern to search/fetch the IP addresses:


[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+

Get all IP addresses


grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log

Output:


220.227.40.118
220.227.40.118
59.95.13.217
111.92.9.222
120.56.236.46
49.138.106.21
117.195.185.130
122.160.166.220
46.72.177.4
46.72.177.4
46.72.177.4
46.72.177.4
188.187.105.165
46.72.177.4
188.187.105.165
...
...

Get all IP addresses & Sort

Sort the IP addresses.


grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort

Output:


111.92.9.222
117.195.185.130
120.56.236.46
122.160.166.220
172.58.204.254
188.187.105.165
188.187.105.165
188.187.105.165
188.187.105.165
188.187.105.165
188.187.105.165
220.227.40.118
220.227.40.118
3.121.24.234
3.121.24.234
37.159.185.154
46.72.177.4
46.72.177.4
46.72.177.4
...
...

Get all IP addresses & Sort & Unique

Sort and only fetch/print the unique IP addresses, i.e. remove duplicate IP addresses.


grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort | uniq

Output:


111.92.9.222
117.195.185.130
120.56.236.46
122.160.166.220
172.58.204.254
188.187.105.165
220.227.40.118
3.121.24.234
37.159.185.154
46.72.177.4
46.72.184.174
46.72.185.236
...
...

Get all IP addresses & Sort & Unique & Count

Sort, remove duplicates, and show the count of each IP address, i.e. the number of times the IP address is present in the log file.


grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort | uniq -c

Output:


   1 172.58.204.254
   6 188.187.105.165
   2 220.227.40.118
   2 3.121.24.234
   1 37.159.185.154
  12 46.72.177.4
  ...
  ...

Get all IP addresses & Sort & Unique & Count & Sort

Above, the count of the IP addresses is not sorted. So, here we will sort the count of the IP addresses in ascending or descending order. We will use the numeric sort option -n.

Ascending sort (-n numeric sort)


grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort | uniq -c | sort -n

Output (ascending sort):


   1 111.92.9.222
   1 117.195.185.130
   1 120.56.236.46
   1 122.160.166.220
   1 172.58.204.254
   1 37.159.185.154
   1 49.138.106.21
   1 59.95.13.217
   2 220.227.40.118
   2 3.121.24.234
   2 46.72.185.236
   2 46.72.192.202
   2 54.185.146.72
   2 72.0.3626.109
   2 81.0.4044.113
   2 84.0.4147.135
   4 46.72.184.174
   4 46.72.213.133
   6 188.187.105.165
  12 46.72.177.4

Descending sort (-r = reverse sort)


grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+" access.log | sort | uniq -c | sort -r

Output (descending sort):


   12 46.72.177.4
   6 188.187.105.165
   4 46.72.213.133
   4 46.72.184.174
   2 84.0.4147.135
   2 81.0.4044.113
   2 72.0.3626.109
   2 54.185.146.72
   2 46.72.192.202
   2 46.72.185.236
   2 3.121.24.234
   2 220.227.40.118
   1 59.95.13.217
   1 49.138.106.21
   1 37.159.185.154
   1 172.58.204.254
   1 122.160.166.220
   1 120.56.236.46
   1 117.195.185.130
   1 111.92.9.222

Hope this helps. Thanks.

Reference: https://www.petefreitag.com/item/884.cfm

Related posts:

  1. Magento: Writing Custom Log Message
  2. Magento 2: Writing Custom Log
  3. Gmail Trick: Use multiple email addresses for your single Gmail account
  4. Magento 2: Enable Database/MySQL Query Log
  5. Ubuntu Linux: Convert CHM file into PDF file