LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 10-09-2004, 02:33 AM   #1
wijnands
Member
 
Registered: Mar 2004
Posts: 132

Rep: Reputation: 15
sort grep output


Hi,

If I grep one of my logfiles for a certain error message I get all the lines that contain that error. However, I'd like to sort those lines by another search criterium such as IP address involved in the error. I'm suspecting there's a very common tool that can do that for me but I have no idea which one.

Any suggestions?
 
Old 10-09-2004, 03:33 AM   #2
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,974
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
sort?

If you give me a few sample lines I could be a bit more
specific about this


Cheers,
Tink
 
Old 10-09-2004, 03:46 AM   #3
wijnands
Member
 
Registered: Mar 2004
Posts: 132

Original Poster
Rep: Reputation: 15
example? Here's a crude one. A tiny piece of a grep 404 on my acces_log.



211.21.187.205 - - [28/Sep/2004:19:12:24 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
211.245.142.178 - - [29/Sep/2004:00:57:26 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
80.183.107.209 - - [29/Sep/2004:16:40:10 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
219.84.102.18 - - [30/Sep/2004:10:25:17 +0200] "GET /cgi-bin/openwebmail/openwebmail.pl HTTP/1.0" 404 1045 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)"
211.245.142.178 - - [01/Oct/2004:19:26:53 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
192.168.1.107 - - [01/Oct/2004:21:04:15 +0200] "GET /bram/index.htm HTTP/1.1" 404 1049 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
213.224.13.144 - - [02/Oct/2004:13:15:44 +0200] "GET /peug.jpg HTTP/1.1" 404 1256 "http://www.autoweek.nl/forum/read.php?f=4&i=105049&t=105049" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FunWebProducts; Hotbar 4.5.1.0)"
80.201.207.234 - - [02/Oct/2004:17:31:32 +0200] "GET /peug.jpg HTTP/1.0" 404 1256 "http://www.autoweek.nl/forum/read.php?f=4&i=105049&t=105049" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)"

Perhaps my english is the problem here. Let me clarify.

As you can see the IP 211.245.142.178 is registered twice in this snippet. Quite possibly it's also present elsewhere in the log.

What I would like to is grep for a 404 and filter the output somehow so that I get all the same ip adresses next to eachother so that ?I can see exactly what 211.245.142.178 has been upto.
 
Old 10-09-2004, 04:30 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,384

Rep: Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963Reputation: 1963
just use the sort command, assuming the ip is always at the start, sort will by default sort in alphanumeric order.

grep 404 logfile | sort
 
Old 10-09-2004, 07:14 AM   #5
wijnands
Member
 
Registered: Mar 2004
Posts: 132

Original Poster
Rep: Reputation: 15
Duh! <slap forehead!> well, I learned something again. Thanks man!

Looks better this way:
zilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
195.109.155.69 - - [28/Sep/2004:13:48:05 +0200] "GET /qwrwe HTTP/1.0" 404 1049 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
195.109.155.69 - - [28/Sep/2004:14:10:59 +0200] "GET /webmail/src/compose.php?mailbox=INBOX HTTP/1.0" 200 4047 "http://wijnands.xs4all.nl/webmail/src/right_main.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
195.109.155.69 - - [28/Sep/2004:16:14:59 +0200] "GET /webmail/src/compose.php?mailbox=INBOX HTTP/1.0" 200 4047 "http://wijnands.xs4all.nl/webmail/src/read_body.php?mailbox=INBOX&passed_id=243&startMessage=1&show_more=0&view_hdr=1" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040707 Firefox/0.9.2"
195.87.69.26 - - [28/Sep/2004:00:42:50 +0200] "POST /cgi-local/formmail.pl HTTP/1.0" 404 1186 "http://wijnands.xs4all.nl/" "-"
207.148.209.99 - - [26/Sep/2004:06:50:02 +0200] "POST /cgi-bin/cgiemail/forms/order.txt HTTP/1.0" 404 1057 "-" "common::Proxtrans/1.00"
211.21.187.205 - - [28/Sep/2004:19:12:24 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
211.245.142.178 - - [01/Oct/2004:19:26:53 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
211.245.142.178 - - [27/Sep/2004:20:36:03 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"
211.245.142.178 - - [29/Sep/2004:00:57:26 +0200] "GET /sumthin HTTP/1.0" 404 1052 "-" "-"

Last edited by wijnands; 10-09-2004 at 07:16 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
how to sort the output of ls bahadur Programming 18 03-28-2005 07:08 PM
output to a file - cat? grep? Godsmacker777 Linux - Newbie 6 12-08-2004 10:06 AM
utf , standard output / input and grep too Fascistchicken Linux - Software 2 11-05-2004 08:52 AM
trying to figure out some output from grep naijaguy Linux - Newbie 8 08-17-2004 12:44 PM
How can I filter the output of grep to exclude certain cases? QtCoder Linux - General 1 03-28-2004 12:05 AM


All times are GMT -5. The time now is 02:11 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration