12-07-2011
Start by looking at the log to see how you would identify a line which contains a connection from an IP address. This will be the rule for your first grep. If the whole log is just connections you don't need this stage.
Then look at sample connection lines and come up with some simple way of defining where the IP address is on that line (e.g. 5th space-delimited field). This will dictate your method to extract the IP address prior to sorting and counting. (If you have not studied "awk" this might just involve using "cut").
If there is no clear rule to fish out the IP address then you could be looking at a grep which finds patterns like nnn.nnn.nnn (or nnn.nnn.nnn.nnn if this is IP6) where nnn is a number 0-255 . Let's hope it is a simple format log.
We don't know what your log file looks like. Can you post a couple of sample lines.
There is a current thread on this board which may get you started on how to count occurances in a list.
https://www.unix.com/unix-dummies-que...xist-file.html
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
This is the file structure:
DESKTOP/Root of Photo Folders/Folder1qweqwasdfsd/*jpg
DESKTOP/Root of Photo Folders/Folder2asdasdasd/*jpg
DESKTOP/Root of Photo Folders/Folder3asdadfhgasdf/*jpg
DESKTOP/Root of Photo Folders/Folder4qwetwdfsdfg/*jpg
DESKTOP/Root of Photo... (4 Replies)
Discussion started by: guptaxpn
4 Replies
2. Solaris
hi sirs
can u tell the difference between /var/log/syslogs and /var/adm/messages
in my working place i am having two servers.
in one servers messages file is empty and syslog file is going on increasing..
and in another servers message file is going on increasing but syslog file is... (2 Replies)
Discussion started by: tv.praveenkumar
2 Replies
3. Solaris
Hello, I recently found that my /var/sadm/install/contents, ~/admin/default, /var/spool/patch and /var/spool/pkg files were empty.
This broke the pkginfo, pkgchk and other package related tools.
The pkgmap no longer points to where the applications have been installed.
I have replaced the... (0 Replies)
Discussion started by: ronin42
0 Replies
4. UNIX for Dummies Questions & Answers
what should be the permissions of the folder var/www in my ubuntu ?
I need it to be safe and at the same time I need ftp users to be able to edit it.
I was wondering if I should create a group with all permissions and add ftp users to this group in unix.
what's the standard way to do it ?... (4 Replies)
Discussion started by: aneuryzma
4 Replies
5. Solaris
what is the difference between tha /var/adm and /var/sadm files in solaris 10 Os
please can any one respond quickly
thanking you (2 Replies)
Discussion started by: wkbn86
2 Replies
6. Solaris
Hi,
Is the contents in /var/log/syslog and /var/adm/messages are same??
Regards (3 Replies)
Discussion started by: vks47
3 Replies
7. Shell Programming and Scripting
I want to scan through all the files in the folder and replace all instances of $file_X within the file with the variable $X defined in my bash script on my debian 6.0 install.
For example, if the file contains $file_dep I want it to be replaced with the value of the variable $dep defined in my... (1 Reply)
Discussion started by: Spadez
1 Replies
8. Shell Programming and Scripting
i try to find way to make string concatenation in csh ( sorry this is what i have )
so i found out i can't do :
set string_buff = ""
foreach line("`cat $source_dir/$f`")
$string_buff = string_buff $line
end
how can i do string concatenation? (1 Reply)
Discussion started by: umen
1 Replies
9. Shell Programming and Scripting
I have been searching and reading about syslog. I would like to know how to Transfer the logs being thrown into /var/log/messages into another file example /var/log/volumelog.
tail -f /var/log/messages
dblogger: msg_to_dbrow: no logtype using missing
dblogger: msg_to_dbrow_str: val ==... (2 Replies)
Discussion started by: kenshinhimura
2 Replies
10. Shell Programming and Scripting
I need help to write shell script to copy files from one server to another server.
Source Directory UAE(inside i have another folder Misc with files inside UAE folder).I have to copy this to another server UAE folder( Files should be copied to UAE folder and Misc files should be copied in target... (3 Replies)
Discussion started by: naresh2389
3 Replies
RNEWS(1) General Commands Manual RNEWS(1)
NAME
rnews - receive news from a UUCP connection
SYNOPSIS
rnews [ -h host ] [ -v ] [ -U ] [ -N ] [ -S master ] [ input ]
DESCRIPTION
Rnews reads messages typically queued by a UUCP newsfeed and sends them to the local InterNetNews server. The message is read from the
specified input file, or standard input if no input is named.
When sent over UUCP, Usenet articles are typically joined in a single batch to reduce the UUCP overhead. Batches can also be compressed,
to reduce the communication time. If a message does not start with a number sign (``#'') and an exclamation point, then the entire input
is taken as a single news article. If it does start with with those two characters, then the first line is read and interpreted as a batch
command.
If the command is ``#! rnews nnn'' where nnn is a number, then the next nnn bytes (starting with the next line) are read as a news article.
If the command is ``#! cunbatch'' then the rest of input is fed to the compress(1) program with the ``-d'' flag to uncompress it, and the
output of this pipe is read as rnews's input. This is for historical compatibility -- there is no program named cunbatch. A compressed
batch will start with a ``#! cunbatch'' line, then contain a series of articles separated by ``#! rnews nnn'' lines.
If the command is any other word, then rnews will try to execute a program with that name in the directory /usr/lib/news/rnews. The batch
will be fed into the program's standard input, and the standard output will be read back as input into rnews.
If rnews detects any problems with an article such as a missing header, or an unintelligible reply from the server, it will save a copy of
the article in the /var/spool/news/in.coming/bad directory.
OPTIONS
-S If the ``-S'' flag is used, then rnews will connect to the specified host. If the flag is not used, it will try to connect to the
server by opening a Unix-domain stream connection. If that fails, it will try to open a TCP connection to the default remote
server.
-U If the server is not available, the message is spooled into a new file created in the /var/spool/news/in.coming directory. The
``-U'' flag may be used to send all spooled messages to the server once it becomes available again, and can be invoked regularly by
cron(8).
-N Normally, if unpacking the input fails it is re-spooled to /var/spool/news/in.coming for another attempt later. If the ``-N'' flag
is used then no such re-spooling is done and rnews exits with status value ``9'' to indicate this.
-v If the ``-v'' flag is used, it will print a notice of all errors on the standard error, naming the input file (if known) and print-
ing the first few characters of the input. Errors are always logged through syslog(3).
-h If the ``-h'' flag is given, or failing that, the enviroment variable UU_MACHINE is set, then rnews will log the Message-ID, and
host, for each article offered to the server via syslog(3). Logging will only be done if the value is not an empty string.
BUGS
Rnews cannot process articles that have embedded 's in them.
HISTORY
Written by Rich $alz <rsalz@uunet.uu.net> for InterNetNews. This is revision 1.23, dated 1996/11/08.
SEE ALSO
innd(8).
RNEWS(1)