1

I am having trouble getting my IP addresses from my site's server log out from amidst the mess of other data in a server log. Before I crack open Excel I know there's a way to do it because I found the opposite of what I want, removing IP 's from AWS:

cat web.log | awk '{$1=$2=$3=""}1' > web-no-ip.log

A step by step or cheat sheet for this kind of thing would be amazing.

Ben Racicot
  • 123
  • 5

1 Answers1

1

I'm assuming that IP addresses are in the typical format of X.X.X.X where X is between [0,255]. Knowing that, grep can do the job quite admirably:

grep -oP '(0|[01]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])(\.(0|[01]?[0-9]{1,2}|2[0-4][0-9]|25[0-5])){3}' filename.txt

(0|[01]?[0-9]{1,2}|2[0-4][0-9]|25[0-5]) will match any number between 0 and 255, including leading zeroes--for example, 0, 255, 019, etc.. As written, however, it will match things like 1.1.1.1.5 (five octets). This also does not track IPV6 addresses.

If you expect the logs to ONLY contain valid IP addresses that look like X.X.X.X, and we can ASSUME that X is not going to be invalid, you can use a much simpler expression:

grep -oP '\d{1,3}(\.\d{1,3}){3}' filename.txt
Andrew M.
  • 11,182
  • 2
  • 35
  • 29
  • My hosting support came back with this for anyone else: Your command is good to list the IP addresses from the raw access logs, but that will not sort or count the IP addresses in the logs and if the logs contain thousands number of entries, it will be hard to read the output. I recommend you to use this command to sort the IP addresses from the raw access logs: cat /home/username/access-logs/domain.com | awk '{print $1}' | sort -n | uniq -c | sort -n – Ben Racicot Aug 15 '13 at 01:30