Answer the question
In order to leave comments, you need to log in
H
H
Horosh2942021-05-25 06:48:50
Horosh294, 2021-05-25 06:48:50
How to analyze access log by IP?
I want to analyze the server for an attack. There is an access log of the site located in /var/www/httpd-logs/mysite.access.log .
I need a command to get a complete list of the most visited IPs in this log, with how many times they have been visited.
Prompt command for console
3 answer(s)
@Horosh294
@AUser0
And see the num.txt file. If the IP is not there, change the number in the -f1 argument to -f2 , etc.
D
Dmitry, 2021-05-25 @Horosh294
[[email protected] ~]$ sudo cat /var/log/nginx/default_access.log | awk {'print $1'} | uniq -c | sort -nr
14 51.81.242.166
2 45.148.10.50
2 40.112.197.203
1 80.82.77.192
1 45.148.10.50
1 45.148.10.50
1 204.93.154.215
1 182.123.202.236
1 178.73.215.171
1 162.221.192.26A
AUser0, 2021-05-25 @AUser0
Congenial! “I want to repair the car, I won’t say what exactly broke down.”
What specific program writes logs, at least one line from it? Not?
You can filter randomly with the command:
cut -f1 -d' ' /var/www/httpd-logs/mysite.access.log |sort |uniq -c |sort -nr >num.txtAnd see the num.txt file. If the IP is not there, change the number in the -f1 argument to -f2 , etc.
Similar questions
D
G
N
W
I
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question