Advanced VI Question - Grab IP Addresses out of log file?
Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Advanced VI Question - Grab IP Addresses out of log file?
Hello,
I have a lot of people slamming my postfix server and I want to ban them completely with iptables. What I'd like to do is grab one of my log files and I'm quite sure that VI has the ability to grab the ip addresses out of the log file and pipe them into another one. I'm just unsure of the syntax. I have tried a ton of ways and I'm just not getting it, so I thought I'd post my question here. Here's an example of what I'd like to do.
Jun 17 08:04:28 hostname postfix/smtpd[12919]: NOQUEUE: reject: RCPT from mail.skyeassociates.com[64.105.201.130]: 450 <+._-xfllbhq@mydomain.com>: Recipient address rejected: User unknown in local reci pient table; from=<> to=<+._-xfllbhq@mydomain.com> proto=ESMTP helo=<mail.skyeassociates.com>
The domain names have been changed to protect the guilty. But what I'd like to know is, is there a way for vi to grab just the ip addresses out of this one line and pipe it into another file? Of course, I have thousands of entries like this one, so whatever VI command that needs to happen, needs to happen on a global scale.
This doesn't exactly answer your question, but I think fail2ban already does (among other things) exactly what you want to do.
If you want to do it yourself anyway, I would think the tool you want would be sed rather than vi, but I haven't put any thought into what regular expression you would need. I quick google search led me to believe that fail2ban harvests its info from log files with regular expressions, so even if you want to roll your own, it might be instructive to see what regular expression they use.
Honestly, vi is not the tool that you need. vi is a visual interactive text editor, if you want automation you have to use a non interactive text editor, this is the case of sed, for example. grep can be used as well, it have regular expression suport.
If you need a regex to find an IP address just say, I can right it for you, thats something not so complicated!
I terribly apologize for me not getting back with you. But your code did set me on the right path. Also, the above mentioned fail2ban worked REALLY well. It banned more spammers then I knew were hitting me. We now ban approximately 800 spam ip's a day. It's REALLY great! Thank you guys for all your help! I appreciate it!
This doesn't exactly answer your question, but I think fail2ban already does (among other things) exactly what you want to do.
If you want to do it yourself anyway, I would think the tool you want would be sed rather than vi, but I haven't put any thought into what regular expression you would need. I quick google search led me to believe that fail2ban harvests its info from log files with regular expressions, so even if you want to roll your own, it might be instructive to see what regular expression they use.
Thank you very much for the suggestion. Fail2ban worked better then I could have imagined.
was the line that worked flawlessly for me. Just thought I'd let you know what worked for me. I use fail2ban along side of the above mentioned code to weed out continual spammers. I have my mail server to automatically ban ip's that hit our mail server with false email addresses like jeff1112@mydomain.com which doesn't exist, 5 times in 10 minutes. It will ban that ip for 24 hours. However, I have continual spammers who I see every 24 hours, so I do a reverse lookup to see who they are and if it isn't someone important that we usually deal with (maybe someone who's machine is unknowingly being a spam zombie, they are permanently banned via "iptables -I INPUT -s ipaddress -j DROP"
I just thought I'd share how I'm set up with everyone else in case it was helpful to them as well. Thank you all very much for your help!
As an addition (I also use fail2ban to great effect) the grepping out of IP addresses is fairly simple in perl and works very flawlessly in helping set up other scripts -- such as banning blocked IPs that recur more than 3x a week or the like. Might want to take a look at it.
As an addition (I also use fail2ban to great effect) the grepping out of IP addresses is fairly simple in perl and works very flawlessly in helping set up other scripts -- such as banning blocked IPs that recur more than 3x a week or the like. Might want to take a look at it.
Do you have something already set up in Perl? Care to share it? My Perl skills leave a lot to be desired. Thanks for the tip too!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.