Command line – top IP list from apache access log

on

Linux (or Unix) command line utilities like awk, sort, uniq, can be used to analyze apache log to get interesting stats. One use case is to find top IP addresses hitting your web site. Here is handy command for that and its outcome on a sample data.

$ cat /var/log/apache2/access_log.2016-02-04 | awk '{print $1}' | sort | uniq -c | sort -rn | head
    397 52.8.183.64
     23 157.55.39.29
     20 157.55.39.178
     17 157.55.39.176
     15 157.55.39.101
     11 157.55.39.177
     10 185.45.13.148
      9 157.55.39.179
      8 117.207.192.224
      7 141.8.143.217

Note that the access file location is based on Apache installed on Ubuntu Linux.

Few points to note

  1. sort can handle fairly large amount of data even on low RAM machine.
  2. uniq -c will output unique entries with count. It works only on sorted data.
  3. sort -rn does a reverse numeric sort

Suggested posts:

  1. PHP – How to log custom data in apache access log
  2. prevent wordpress xmlrpc.php attack
  3. Monitor apache using mod_status on Ubuntu
  4. Why and how to log Content-Type in apache access log
  5. Apache – add basic auth to a location or directory
  6. How to setup svn repository on AWS Ubuntu Linux with apache simple auth
  7. Disable directory listing in apache
  8. Apache – list loaded modules on Ubuntu
Share this article: share on facebook share on linkedin tweet this submit to reddit
Posted in | Tagged , , , , ,