Home > Blockchain >  How do i redirect a list of IP addresses to a command line function?
How do i redirect a list of IP addresses to a command line function?

Time:03-02

I want to see what countries are trying to access my VPS. I have installed a tool called "goiplookup", which was forked from another effort called "geoiplookup". If I type this at the command line:

goiplookup 8.8.8.8

It returns this:

US, United States

So I figured out how to get a list of IPs that are trying to access my server by using this:

sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}'

Which gives a long list of IPs like this:

1.1.1.1

2.2.2.2

3.3.3.3

(There are not empty line feeds, this is just how it looks on this webpage).

I cannot figure out how to get this list of IPs to be processed by the "goiplookup" tool. I tried this:

sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | goiplookup

but that did not work. I also tried:

sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | xargs -0 goiplookup

CodePudding user response:

I would put it into a file and make a small utility to parse it:

sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort -u > ./file.txt

cat ./file.txt | while read -r line; do
      temp$(echo $line)

      goiplookup $temp
done

This will read through the file one line at a time and execute the goiplookup with each IP.

CodePudding user response:

Try this:

sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort | uniq | xargs -n 1 goiplookup
  • I added | sort | uniq to ensure each IP only appears once
  • and xargs -n 1 so that each found IP is processes by goiplookup

CodePudding user response:

sudo grep disconnect /var/log/auth.log | awk '!/COMMAND/ && !seen[$0]   {system("geoiplookup \""$9"\""}

  • Note that geoiplookup only allows one IP per invocation.

  • The whole thing can be done in awk, but using grep allows the rest to be run unprivileged.

  • Consider whether grep -w (match whole word) is appropriate, and in awk you can do a similar thing with !/(^|[^[:alnum:]_])COMMAND($|[^[:alnum:]_])/.

CodePudding user response:

I just made a shell script, which works.

#!/bin/bash

readarray -t a < <(sudo grep "disconnect" /var/log/auth.log | grep -v COMMAND | awk '{print $9}' | sort | uniq)

for ip in "${a[@]}"

do

:

country=$(/usr/local/bin/goiplookup -c $ip)

echo "$ip $country"

done

Page link:https//www.codepudding.com/Blockchain/320234.html

Prev:Is it possible to trace my shell(bash, fish, zsh)?
Next:git run command if nothing to commit
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding