Command line – top IP list from apache access log

on

Linux (or Unix) command line utilities like awk, sort, uniq, can be used to analyze apache log to get interesting stats. One use case is to find top IP addresses hitting your web site. Here is handy command for that and its outcome on a sample data.

$ cat /var/log/apache2/access_log.2016-02-04 | awk '{print $1}' | sort | uniq -c | sort -rn | head
    397 52.8.183.64
     23 157.55.39.29
     20 157.55.39.178
     17 157.55.39.176
     15 157.55.39.101
     11 157.55.39.177
     10 185.45.13.148
      9 157.55.39.179
      8 117.207.192.224
      7 141.8.143.217

Note that the access file location is based on Apache installed on Ubuntu Linux.

Few points to note

  1. sort can handle fairly large amount of data even on low RAM machine.
  2. uniq -c will output unique entries with count. It works only on sorted data.
  3. sort -rn does a reverse numeric sort

Suggested posts:

  1. Linux – find files containing specific text
  2. How to zip/unzip a directory with password
  3. Block directory access using htaccess 404
  4. PHP sort associative array using custom compare function
  5. Linux – Yesterday’s Date in YYYYMMDD format
  6. How to use ssh port forwarding to surf a site from different location
  7. PHP regex – match word character (letter, number or underscore)
  8. Disable directory listing in apache
Share this article: share on facebook share on linkedin tweet this submit to reddit
Posted in | Tagged , , , , ,