Find top visiting ip with Awk

Find top visiting ip with Awk
How to find top visiting ip with Awk list in apache logs in CLI Linux.

You can use the Awk programming language to extract the field you need from the Apache / Httpd access logs.
Then you can chain multiple commands to have the desired output.
You can also modify this to suit your needs.

The commands

cat /var/log/httpd/ssl_acces
s_log | grep "19/Aug/2021" | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -30

Explaining the pipeline

The cat will send the log contents to;
grep that will filter the rows to only keep matching data and send to;
awk which will keep only the IP address from the log record and send it to;
sort -n will sort the data as numbers then pass it to;
uniq -c precedes each IP address with the number of times it was logged;
sort -nr sort numeric reversed to have the higher frequency IPs at the top of the result;
head -30 Shows the first 30 lines of the file / result.

Output sample


You can add more filters as needed.
This is useful to find the top IPs accessing your Apache webserver – usually these are spammers attackers.
If your server is getting a bit slow you can use this to find the source of the problems easy in 1 step.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.