[bash] how to put nslookup result next to ip in file

kriezo · 02-21-2008, 04:12 AM

hi guys..
I just make a stat file from my maillog to get all ip and make them unique to find spam pattern and pipe out to a file ips.txt like this :

Code:

    718     718 xx.xx.xx.xx
    371     371 xxx.xxx.xx.xxx
    327     327 xxx.xx.xx.xxx

which 718,371,327 is the total connection made my x ips.Anyway now i want to do nslookup to each ip. I just found the script here :

Code:

while read IP ; do

        LOOKUP_RES=$(nslookup $IP | sed -n 's/.*arpa.*name = \(.*\)/\1/p')
        test -z "$LOOKUP_RES" && LOOKUP_RES="Failed"

        echo -e "$IP\t$LOOKUP_RES"

done < ips.txt

I try enhance the script make the nslookup result will be put next to the ip in new file or the ips.txt file (doesn't matter) but failed.

Somebody please help me here..

jschiwal · 02-21-2008, 04:32 AM

You could use : while read num1 num2 IP; do
...
done <ip.txt

This will get rid of the numbers before the IP.

For the sed command, select a line that has /arpa/ in it:
sed -n '/arpa/s/.*arpa.*name = $.*$/\1/p'

You might want to add some error correction before the nslookup command. If IP were empty, nslookup would enter the interactive mode.

Put the echo arguments in double quotes.

kriezo · 02-21-2008, 05:07 AM

thanks jschiwal,
but how can i write or print that result beside the ip?
Can u show me the way?

jschiwal · 02-21-2008, 05:38 AM

This line: echo -e "$IP\t$LOOKUP_RES" prints both the IP address and the FQDN. Or do you want the number from your original list printed also?

echo -e "$num1\t$IP\t$LOOKUP_RES"

jschiwal · 02-21-2008, 10:56 PM

Maybe I misunderstood what you are asking. Here is a sample iplist.txt file. The modified program and the output. One thing I don't understand is why the number before the IP is listed twice on the input file or if they represent different values. I didn't reference num2 in the output, but I read it in simply to read in the IP address into the $IP variable. If you want a different output, use a better sample and post what the output should look like given that sample.

Code:

jschiwal@hpmedia:~> cat iplist.txt
100 100 75.126.6.188
101 101 64.233.167.104
102 102 75.126.6.188

Code:

jschiwal@hpmedia:~> cat getfq
while read num1 num2 IP; do
        LOOKUP_RES=$(nslookup $IP | sed -n '/arpa/s/.*arpa.*name = \(.*\)/\1/p')

        test -z "$LOOKUP_RES" && LOOKUP_RES="Failed"

        echo -e "$num1\t$IP\t$LOOKUP_RES"
done < iplist.txt

Code:

jschiwal@hpmedia:~> ./getfq
100     75.126.6.188    twit.tv.
101     64.233.167.104  py-in-f104.google.com.
102     75.126.6.188    twit.tv.

kriezo · 02-25-2008, 12:48 AM

thank you again jschiwal

I used the code exactly that you've given before and it's work. The reason why the total have become twice coz first i pipeout all the ip into a file, then i sort it into another file using | uniq -c and then i sort the 2nd file using sort file | uniq -c | sort -nr to sort it deceasing the total unique ip number..

all seem find now excepts if i want to get the total unique ip until 50 and leave all total ip below that, can you help me out with the script? I've try out but don't work..