I have a log file like:
135.148.41.73 - [11/Dec/2022:12:21:11 0100] - "-" code=400 upstream="-" req=0.449 up=- ua="-"
135.148.41.73 - [11/Dec/2022:12:21:14 0100] - "-" code=400 upstream="-" req=0.413 up=- ua="-"
135.148.41.73 - [11/Dec/2022:12:21:15 0100] - "-" code=400 upstream="-" req=1.001 up=- ua="-"
135.148.41.73 - [11/Dec/2022:12:21:16 0100] - "-" code=400 upstream="-" req=1.002 up=- ua="-"
45.87.212.41 - [11/Dec/2022:12:22:50 0100] - "-" code=400 upstream="-" req=0.004 up=- ua="-"
I need to perform some action if IP appears more than X times on the logs.
Using awk '{print $1}' access.log | sort | uniq -c | sort -rn I can count them, but how do I perform action on it using bash?
Like:
- For each IP that appears more than 5 times in access.log, do something.
Thanks.
CodePudding user response:
#!/usr/bin/env bash
while IFS= read -r ip; do
some_command "$ip"
done < <(awk ' cnt[$1] == 5{print $1}' file)
Replace some_command with whatever it is you want to do with that IP.
CodePudding user response:
I've managed to do it this way:
for ip in $(sort access.log | awk '{print $1}' | uniq -cd | awk -v limit=10 '$1 > limit{print $2}'); do
// Do something on "$ip"
done
CodePudding user response:
An alternative form to the answer of Ed Morton, you can also make use of xargs:
$ awk '( cnt[$1] == 5){ print $1 }' file | xargs -n 1 some_command