script to extract IP address from a honeypot log txt file
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I managed to get it to work, now my next question is, how could i get the script to count duplicate IP addresses and eliminate 172 and 192 addresses within it? also i'm getting alot of 00.00.00.0.0 addresses.
I managed to get it to work, now my next question is, how could i get the script to count duplicate IP addresses and eliminate 172 and 192 addresses within it? also i'm getting alot of 00.00.00.0.0 addresses.
Please use [code] tags when posting code or output. Thanks!
I found this regexp on the 'net
it only matches 'valid' IP addresses, so that should elminate the 00.00.00.00
Pipe your output to
Code:
sort -u
to get a unique list. See man sort. That won't give you a count, tho. Pipe to just sort then iterate the resulting list and count the duplicates. You could also eliminate those beginning with 172 and 192 then, too.
@newtolinux2020, you need to understand any solutions you find - use them to learn if you don't. Use it as a base for your own solutions as shown above.
You also need to think about what you care about in your data - better to just toss the zero records before complicating things unnecessarily IMHO. Personally I would use a tool that has the logic to handle the summing as it processes the data - awk, perl, python, ... pick your favourite
it only matches 'valid' IP addresses, so that should elminate the 00.00.00.00
Pipe your output to
Code:
sort -u
to get a unique list. See man sort. That won't give you a count, tho. Pipe to just sort then iterate the resulting list and count the duplicates. You could also eliminate those beginning with 172 and 192 then, too.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.