This command will parse an Apache or Nginx log file and print-out the 50 highest occurring IP’s, along with the number of occurrences, to the shell prompt.
machine:~ User$ cat access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -50
- cat – reads the file
- access.log – is the log file
- awk ‘{print $1}’ – prints the IP address from the log file
- sort -n – sorts the IP addresses numerically
- uniq -c – counts the number of times the IP appears and prints it out
- sort -nr – sorts by the counted IP number from uniq -c
- head -50 – only show the top 50