IP extraction

Regex are useful to cope with basic unix / linux administration tasks.
To extract IP from file, this simple command do the trick :
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' /var/log/auth.log 15-08-27 - 16:17:00
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
188.216.199.96
188.216.199.96
188.216.199.96
188.216.199.96
188.216.199.96
188.216.199.96
188.216.199.96
188.216.199.96
188.216.199.96
188.216.199.96
188.216.199.96
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142
11.213.54.142

To go further, it can be interesting to count them and sort them by number of time the ip occurs, and write the result to file.
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' /var/log/auth.log |uniq -c | sort -nr > out.txt

matthieu@me:~
cat out.txt
11 188.216.199.96
10 11.213.54.142
5 11.213.54.142
1 11.213.54.142

 

Leave a Reply

Your email address will not be published. Required fields are marked *