Nice script.
The reason your script does not stop is because you never decrement you test variable $left. If you add that line to the end of your function then it works correctly.
I noticed that you most of your file names began with d_. I'm guess you did this because you needed to cut out the d_ from the output of wc? Is that correcet? You could also cut it out with the following line.
Code:
NUM=`wc -l | awk ' { print $1 } '
This way you can name your files whatever you wanted.
Noticing how long the script took to execute. ( I have a P100) I took a stab at a possibly faster way to do this. My method was about 10 seconds faster on my machine with my given data set; however, it seems to be more costly if there are many hits from one IP.
Code:
#!/bin/bash
grep DENY /var/log/messages.010407 | cut -d' ' -f12 | cut -d: -f1 > ip_list
sort ip_list > sorted_ip
echo > stat_deny
COUNT=1
LAST=0.0.0.0
for i in `cat sorted_ip`; do
if [ $LAST = $i ]; then
COUNT=`expr $COUNT + 1`
else
echo "$LAST was blocked $COUNT time(s)." | tee -a stat_deny
COUNT=1
fi
LAST=$i
done
Gary