LinuxQuestions.org - sort grep output

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - sort grep output (https://www.linuxquestions.org/questions/linux-newbie-8/sort-grep-output-240478/)

sort grep output

Hi,

If I grep one of my logfiles for a certain error message I get all the lines that contain that error. However, I'd like to sort those lines by another search criterium such as IP address involved in the error. I'm suspecting there's a very common tool that can do that for me but I have no idea which one.

Any suggestions?

sort?

If you give me a few sample lines I could be a bit more
specific about this ;)

Cheers,
Tink

example? Here's a crude one. A tiny piece of a grep 404 on my acces_log.

211.21.187.205 - - [28/Sep/2004:19:12:24 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
211.245.142.178 - - [29/Sep/2004:00:57:26 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
80.183.107.209 - - [29/Sep/2004:16:40:10 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
219.84.102.18 - - [30/Sep/2004:10:25:17 +0200] "GET /cgi-bin/openwebmail/openwebmail.pl HTTP/1.0" 404 1045 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
211.245.142.178 - - [01/Oct/2004:19:26:53 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
192.168.1.107 - - [01/Oct/2004:21:04:15 +0200] "GET /bram/index.htm HTTP/1.1" 404 1049 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
213.224.13.144 - - [02/Oct/2004:13:15:44 +0200] "GET /peug.jpg HTTP/1.1" 404 1256 "http://www.autoweek.nl/forum/read.php?f=4&i=105049&t=105049" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts; Hotbar 4.5.1.0)"
80.201.207.234 - - [02/Oct/2004:17:31:32 +0200] "GET /peug.jpg HTTP/1.0" 404 1256 "http://www.autoweek.nl/forum/read.php?f=4&i=105049&t=105049" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

Perhaps my english is the problem here. Let me clarify.

As you can see the IP 211.245.142.178 is registered twice in this snippet. Quite possibly it's also present elsewhere in the log.

What I would like to is grep for a 404 and filter the output somehow so that I get all the same ip adresses next to eachother so that ?I can see exactly what 211.245.142.178 has been upto.

just use the sort command, assuming the ip is always at the start, sort will by default sort in alphanumeric order.

grep 404 logfile | sort

Duh! <slap forehead!> well, I learned something again. Thanks man!

Looks better this way:
zilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
195.109.155.69 - - [28/Sep/2004:13:48:05 +0200] "GET /qwrwe HTTP/1.0" 404 1049 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
195.109.155.69 - - [28/Sep/2004:14:10:59 +0200] "GET /webmail/src/compose.php?mailbox=INBOX HTTP/1.0" 200 4047 "http://wijnands.xs4all.nl/webmail/src/right_main.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
195.109.155.69 - - [28/Sep/2004:16:14:59 +0200] "GET /webmail/src/compose.php?mailbox=INBOX HTTP/1.0" 200 4047 "http://wijnands.xs4all.nl/webmail/src/read_body.php?mailbox=INBOX&passed_id=243&startMessage=1&show_more=0&view_hdr=1" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
195.87.69.26 - - [28/Sep/2004:00:42:50 +0200] "POST /cgi-local/formmail.pl HTTP/1.0" 404 1186 "http://wijnands.xs4all.nl/" "-"
207.148.209.99 - - [26/Sep/2004:06:50:02 +0200] "POST /cgi-bin/cgiemail/forms/order.txt HTTP/1.0" 404 1057 "-" "common::Proxtrans/1.00"
211.21.187.205 - - [28/Sep/2004:19:12:24 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
211.245.142.178 - - [01/Oct/2004:19:26:53 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
211.245.142.178 - - [27/Sep/2004:20:36:03 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
211.245.142.178 - - [29/Sep/2004:00:57:26 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"