Trying to summarize ipv4 for a report

ml1782r

New Member
Joined
Jan 29, 2022
Messages
2
Reaction score
0
Credits
26
I'm trying to sumarize ip hits on a network. but I can't seem to bring it all together as you can see from my output below
I'm after one line per IP with a total like this.
980 8.8.8.8
274 8.8.4.4
54 1.1.1.1

<CODE>
RAW data::
Jan 29 13:48:22 192.168.20.254 : %ASA-4-106023: Deny udp src net-192.168.20.0:192.168.20.250/45223 dst outside:8.8.4.4/53 by access-group "net-192.168.20.0_access_in" [0xdeb24d2f, 0x0]
Jan 29 13:48:22 192.168.20.254 : %ASA-6-302015: Built outbound UDP connection 2693973 for outside:8.8.8.8/53 (8.8.8.8/53) to net-192.168.28.0:192.168.28.9/47032 (172.17.2.7/47032)
Jan 29 13:48:22 192.168.20.254 : %ASA-6-302016: Teardown UDP connection 2693973 for outside:8.8.8.8/53 to net-192.168.28.0:192.168.28.9/47032 duration 0:00:00 bytes 114
Jan 29 13:48:24 192.168.20.254 : %ASA-6-302015: Built outbound UDP connection 2693981 for outside:8.8.8.8/53 (8.8.8.8/53) to net-172.18.22.0:172.18.22.8/26856 (172.17.2.9/26856)

cmdline:
cat SYSLOG/192.168.20.254/local4.log | grep "/53 " | awk -F 'outside:' '{print $2}' | awk -F '/' '{print $1}' | uniq -c | sort -n

output::
22 8.8.8.8
28 8.8.8.8
43 8.8.8.8
45 8.8.8.8
51 8.8.8.8
53 8.8.8.8
57 8.8.8.8
90 8.8.8.8
98 8.8.8.8
105 8.8.8.8
106 8.8.8.8



</CODE>
 


JasKinasis

Well-Known Member
Joined
Apr 25, 2017
Messages
1,464
Reaction score
2,082
Credits
10,249
Try putting the sort before the uniq.

I’d second that!

Also, you don’t need to use cat with grep.
Just use grep!
Bash:
grep "/53 " SYSLOG/192.168.20.254/local4.log  | awk -F 'outside:' '{print $2}' | awk -F '/' '{print $1}' | sort -n | uniq -c
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Staff online


Top