Trying to summarize ipv4 for a report

[ml1782r]

I'm trying to sumarize ip hits on a network. but I can't seem to bring it all together as you can see from my output below
I'm after one line per IP with a total like this.
980 8.8.8.8
274 8.8.4.4
54 1.1.1.1

<CODE>
RAW data::
Jan 29 13:48:22 192.168.20.254 : %ASA-4-106023: Deny udp src net-192.168.20.0:192.168.20.250/45223 dst outside:8.8.4.4/53 by access-group "net-192.168.20.0_access_in" [0xdeb24d2f, 0x0]
Jan 29 13:48:22 192.168.20.254 : %ASA-6-302015: Built outbound UDP connection 2693973 for outside:8.8.8.8/53 (8.8.8.8/53) to net-192.168.28.0:192.168.28.9/47032 (172.17.2.7/47032)
Jan 29 13:48:22 192.168.20.254 : %ASA-6-302016: Teardown UDP connection 2693973 for outside:8.8.8.8/53 to net-192.168.28.0:192.168.28.9/47032 duration 0:00:00 bytes 114
Jan 29 13:48:24 192.168.20.254 : %ASA-6-302015: Built outbound UDP connection 2693981 for outside:8.8.8.8/53 (8.8.8.8/53) to net-172.18.22.0:172.18.22.8/26856 (172.17.2.9/26856)

cmdline:
cat SYSLOG/192.168.20.254/local4.log | grep "/53 " | awk -F 'outside:' '{print $2}' | awk -F '/' '{print $1}' | uniq -c | sort -n

output::
22 8.8.8.8
28 8.8.8.8
43 8.8.8.8
45 8.8.8.8
51 8.8.8.8
53 8.8.8.8
57 8.8.8.8
90 8.8.8.8
98 8.8.8.8
105 8.8.8.8
106 8.8.8.8



</CODE>

 

[dos2unix]

Try putting the sort before the uniq.

 

[JasKinasis]

Try putting the sort before the uniq.

I’d second that!

Also, you don’t need to use cat with grep.
Just use grep!

grep "/53 " SYSLOG/192.168.20.254/local4.log  | awk -F 'outside:' '{print $2}' | awk -F '/' '{print $1}' | sort -n | uniq -c

 

[ml1782r]

Try putting the sort before the uniq.

Thank you. everything I had tried but that and that now makes sense.