I am analyzing a syslog files that have been created as a result of a DDOS attack and would like to a create a list of unique ip connections.Any assistance is greatly appreciated.
Asked
Active
Viewed 279 times
0
-
What do your syslog files look like? What have you tried? What kind of assistance do you want? – robert May 29 '12 at 21:15
-
you can do that with a bit of `grep`, `sort`, `uniq` and `awk` alone. – dschulz May 29 '12 at 21:18
-
I would like get a listing of all unique ips in a syslog file. – msudi May 29 '12 at 22:32
1 Answers
1
Assuming that the IP/Hostname is in field 4:
cat /var/log/messages | cut -d\ -f 4 -|sort|uniq
Example log message:
May 29 18:27:30 10.101.11.31 Myprog[5291]: 20856: Mar 31 06:14:38 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/29, changed state to up
You may also want to try a tool like LogZilla which will make this much easier for analyzing these things.
Clayton Dukes
- 1,297
- 2
- 11
- 30