Grepping logs for IP addresses

grep specific ip address
grep unique ip addresses
grep ip address from file
grep ip address range
count ip addresses in access log file python
grep wildcard ip address
extract ip addresses from log file
extract ip address from log file python

I am quite bad at using "basic?" unix commands and this question puts my knowledge even more to test. What I would like to do is grep all IP adresses from a log (e.g. access.log from apache) and count how often they occur. Can I do that with one command or do I need to write a script for that?

You'll need a short pipeline at least.

sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d access.log | sort | uniq -c

Which will print each IP (will only work with ipv4 though), sorted prefixed with the count.

I tested it with apache2's access.log (it's configurable though, so you'll need to check), and it worked for me. It assumes the IP-address is the first thing on each line.

The sed collects the IP-addresses (actually it looks for 4 sets of digits, with periods in between), and replaces the entire line with it. -e t continues to the next line if it managed to do a substitution, -e d deletes the line (if there was no IP address on it). sort sorts.. :) And uniq -c counts instances of consecutive identical lines (which, since we've sorted them, corresponds to the total count).

How to Grep IP Addresses from a Log File, Hello, We have some log files.. there it is filing with some junk or what ever.. apart from that there is some IP address also will be there in the file. I wanted to grep  Grep IP Addresses. Parse a file and print all expressions that match a range between 0.0.0.0 and 999.999.999.999. $ grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" file.txt. This regular expression is quite simple but you should understand that not all matches are technically valid IP addresses.

None of the answers presented here worked for me, so here is a working one:

cat yourlogs.txt | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | sort | uniq -c | sort

it uses grep to isolate all ips. then sorts them, counts them, and sorts that result again.

Counting IP Addresses in a Log File, Counting IP Addresses in a Log File. October 11, 2019. linux. I've been using grep to search through files on linux / mac for years, but one flag I didn't use much​  The next screen will give you an “IP logger link for collecting statistics” and “link for viewing statistics.” Copy the “viewing statistics” link to a safe spot. This is what you’ll use to see the person’s IP address and location afterward. The link for “collecting statistics” is the one with IP tracking in it.

you can do the following (where datafile is the name of the log file)

egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}' datafile | sort | uniq -c

edit: missed the part about counting address, now added

How to grep all unique ip address in /var/log/messages and send , Your quoting/escaping is tripping you up I think. Single quotes tend to make things easier: grep 'named' /var/log/messages | grep -Eo '([0-9]{1  It greps out addresses from apache access logs. I just tried it running Ubuntu 11.10 (oneiric) 3.0.0-32-generic #51-Ubuntu SMP Thu Mar 21 15:51:26 UTC 2013 i686 i686 i386 GNU/Linux It works fine. Use Gvim or Vim to read the resulting file, which will be called unique_visits, which will list the unique ips in a column.

egrep '[[:digit:]]{1,3}(.[[:digit:]]{1,3}){3}' |awk '{print $1}'|sort|uniq -c

Grepping logs for IP addresses - grep - jQuery, Grepping logs for IP addresses - grep. 1/' -e t -e d access.log | sort | uniq -c Which will print each IP (will only work with ipv4 though), sorted prefixed with the​  IP Logger URL shortener web service helps to track IP addresses of the visitors on your website, blog or forum. Using IP Logger unique services you can find what is your IP address, lookup ip address, check ip location and check any URL for redirects and safety.

The following is a script I wrote several years ago. It greps out addresses from apache access logs. I just tried it running Ubuntu 11.10 (oneiric) 3.0.0-32-generic #51-Ubuntu SMP Thu Mar 21 15:51:26 UTC 2013 i686 i686 i386 GNU/Linux It works fine. Use Gvim or Vim to read the resulting file, which will be called unique_visits, which will list the unique ips in a column. The key to this is in the lines used with grep. Those expressions work to extract the ip address numbers. IPV4 only. You may need to go through and update browser version numbers. Another similar script that I wrote for a Slackware system is here: http://www.perpetualpc.net/srtd_bkmrk.html

#!/bin/sh
#eliminate search engine referals and zombie hunters. combined_log is the original file
egrep '(google)|(yahoo)|(mamma)|(query)|(msn)|(ask.com)|(search)|(altavista)|(images.google)|(xb1)|(cmd.exe)|(trexmod)|(robots.txt)|(copernic.com)|(POST)' combined_log > search
#now sort them to eliminate duplicates and put them in order
sort -un search > search_sort
#do the same with original file
sort -un combined_log > combined_log_sort
#now get all the ip addresses. only the numbers
grep -o '[0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*' search_sort > search_sort_ip
grep -o '[0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*' combined_log_sort > combined_log_sort_ip
sdiff -s combined_log_sort_ip search_sort_ip > final_result_ip
#get rid of the extra column
grep -o '^\|[0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*[.][0-9][0-9]*' final_result_ip > bookmarked_ip
#remove stuff like browser versions and system versions
egrep -v '(4.4.2.0)|(1.6.3.1)|(0.9.2.1)|(4.0.0.42)|(4.1.8.0)|(1.305.2.109)|(1.305.2.12)|(0.0.43.45)|(5.0.0.0)|(1.6.2.0)|(4.4.5.0)|(1.305.2.137)|(4.3.5.0)|(1.2.0.7)|(4.1.5.0)|(5.0.2.6)|(4.4.9.0)|(6.1.0.1)|(4.4.9.0)|(5.0.8.6)|(5.0.2.4)|(4.4.8.0)|(4.4.6.0)' bookmarked_ip > unique_visits

exit 0

RegEx: Find IP Addresses in a File Using Grep, The following regular expressions match IPv4 addresses. Matched IP addresses can be extracted from a file using grep command. In this article  These logs can provide valuable information like source and destination IP addresses, port numbers, and protocols. You can also use the Windows Firewall log file to monitor TCP and UDP connections and packets that are blocked by the firewall.

Linux: Grep IP addresses, Here are a few commands I use for this. First if you want to search for an IP address in a log file, you can just use grep: grep 18.194.233.1 /var/  Since most internet users have ISPs using dynamic IP addresses (e.g. someone gets a new external IP address every few days) are there any laws requiring the ISPs to keep logs associating an IP address on a certain day with a certain individual? For example if someone hacks a website and their IP address is found, can anything be done about it?

Extract IP Address from Log File, I have a log file with several IP addresses in it:- pre { overflow:scroll; grep: illegal option -- E grep: illegal option -- o Usage: grep -hblcnsviw pattern file . Find out what your public IPv4 and IPv6 address is revealing about you! My IP address information shows your location; city, region, country, ISP and location on a map.

Viewing live Apache logs with tail, grep and egrep, The -f flag is what makes the tail command output additional data as it is appended to the log. Viewing everything from a specific IP address. Tail can be combined  access_log These regexes ignore IP addresses that include leading zeros, such as 192.168.001.001 , which isn't a problem in Apache log files but could be in other log files. Printers in particular seem to like the leading zeroes.

Comments
  • Have a look at my answer in unix stackexchange: unix.stackexchange.com/a/389565/249079
  • This fails, as egrep will print the whole line including timestamps, and each line will be unique, you need to single out the IP address and remove the rest of the line (or in some other way consider only the IP when checking uniqueness)
  • This might actually fail, as Dave Tarsi points out, it'll catch stuff like browser versions which are valid IP addresses. You need to know where the IP address is on the line (beginning), and only select those lines.
  • This might actually fail, as Dave Tarsi points out, it'll catch stuff like browser versions which are valid IP addresses. You need to know where the IP address is on the line (beginning), and only select those lines.