Originally Posted by HappyTux
I just copied your output to a test file and something like the below should get you the IPs.
>$ grep - test.txt | cut -d " " -f4
Try it using the honey.d log in place of test.txt and see what it says you should get similar out to what I did.
Thank you so much for that one, i never thought it would that simple, I should better get a bash book to ease out a bit some of my administration task. Anyway, i took the manual task of deleting duplicate entries and put it somewhere on the iptables script file where the previous administrator has a script there that reads IPs from a file. So for my last Q, is it ok to have duplicates on the iptables firewall, and does iptables performance gets cranky when that file get bigger? (in my perception, yes).