How to break down a grep command
What does this command mean?
grep 'GET / HTTP.*Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' last10m |cut -d ' ' -f1 |sort -n |uniq -c|sort -n|tail Whats the best way to figure out these commands in general? I have a lot of learning to do! |
Hi, welcome to LQ!
I'd suggest you run it, and try to determine what it does by the results; you may find the man-pages of each of the tools a great help in understanding what they do. Cheers, Tink |
Hello dimeetrees, welcome to LQ,
the part Code:
'GET / HTTP.*Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' Code:
man bash |
I'm a complete newbie in the linux terminal, and my hosting provider keeps giving me some commands to use and the output doesn't make it easier, for example:
194 58.91.131.10 198 95.220.68.95 206 200.60.251.151 209 113.22.68.87 225 87.21.218.25 248 109.185.177.60 256 84.94.63.202 275 65.100.210.134 297 95.170.191.6 314 190.178.139.12 There's nothing explaining what the numbers to the left of the ip's mean. When I try to get help in linux it doesn't really make it easier either. Is there some sort of definitive manual you would recommend that makes it easier to figure this stuff out? Quote:
|
suggestion
"grep 'GET / HTTP.*Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' last10m |cut -d ' ' -f1 |sort -n |uniq -c|sort -n|tail"
grep searching the file last10m (a website request log from the looks of it) for the string 'GET / HTTP.*Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1'. Every | starts a new command, and it looks like they are filtering and sorting the results. Tail just shows the last 10 lines of the output, to prevent screen scrolling, or to show the most recent data. Couldn't tell you what exactly the first column means. Try tail last10m and maybe you can figure it out looking at the full entries rather than the filtered output. Brian |
Quote:
Code:
sort -n |uniq -c|sort -n of each IP, and sort that numerically in ascending order. In other words: The whole thing tells you the top 10 IPs visiting your site, and just how often they did visit, w/ the most frequent one at the bottom. Cheers, Tink P.S.: Please, OP, pretty please; do not "top post" - it's a nasty habit in e-Mail, and it's even uglier here because it adds no value whatsoever. |
Thanks for the responses and explanations. Sorry about the top post tinker, I could see what you mean.
|
Would you guys recommend any resources on learning linux inside and out? Something that uses examples and explains all the concepts?
|
Well, install Slackware http://www.slackware.org/ and take a look into the Slackware-part of LQ: http://www.linuxquestions.org/questions/slackware-14/
Also read the Slackbook: http://www.slackbook.org/ This will teach you Linux. Markus |
Quote:
finding out what is going on really is to use the man- page, and then disect the command line. Code:
grep 'GET / HTTP.*Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' last10m |cut -d ' ' -f1 |sort -n |uniq -c|sort -n|tail (or accompanied with) an explanation. So, in the case above, just use the grep by itself initially, and compare that to the actual files content. Read "man grep". Then see what Code:
grep 'GET / HTTP.*Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' last10m |cut -d ' ' -f1 invoked w/ and get a feel for what cut does. Next, try the third one tacked on: Code:
grep 'GET / HTTP.*Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1' last10m |cut -d ' ' -f1 |sort -n bears an actual relation to what you're doing (need to do) it should stick fairly well. Cheers, Tink |
All times are GMT -5. The time now is 05:41 AM. |