current community

your communities

more stack exchange communities

Stack Exchange
tour help
Take the 2-minute tour ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems.. It's 100% free, no registration required.
up vote -1 down vote favorite

We have a script that runs several commands and rolls up all the output and inserts in into a log file. One of the commands it runs is "netstat -anp". I'd like to be able to search this file for all runs of the command and filter for certain IP's. Is this possible with sed or awk if so what would the command look like?

share|improve this question

2 Answers 2

up vote 2 down vote

For filtering data from file is better to use grep. For example:

grep <search string> <filename>

With awk you can use something like:

awk '/string/ {command}' <filename>

To get IPs counted you can use

uniq -c <filename>

This will provide you uniq IPs with count

share|improve this answer
    
Not sure if grep is going to do what I need. And I cant get the awk example to output anything. But let me clarify what I am trying to accomplish. I am wanting to search for all runs of the netstat -anp command and filter for a certain IP address, then have it list a total number of times it was seen. Right now I'm just interested in established connections. –  user53029 2 days ago
1  
I think I got it - "grep 'netstat -anp' | awk '/IP_Adrress/' logfile | wc -l" does the job. Thanks for the help! –  user53029 2 days ago
    
That being said, in the script the command is run every ten minutes. It would be nice to know how to list the total times the IP address was seen at each interval, in order to find patterns or upticks as time goes on. Anyone know of a way to do this? –  user53029 2 days ago
    
Check please my edited answer for uniq IP count –  Romeo Ninov 2 days ago
up vote 0 down vote

I take it that "rolls up" means that all newlines are removed and the output of each command is thus "rolled up" to a single line. If so, your grep ... | awk ... will work, but you don't need both commands ("never use two when one will suffice" is generally a good idea). In addition, your command line has a couple issues (like no input for grep but a filename given to awk, means the grep is non-functional, and no reason for using wc when grep has a -c option).

ipaddr=192.168.0.1
grep -c "netstat -anp.*$ipaddr" logfile

Edit: Your latest comment says you want to count how many times the IP address appears within a given interval. Since the netstat command is run multiple times within the interval and since they're all on one line, a simple uniq -c won't suffice. In fact, without resorting to perl, this is the first thing I came up with:

ipaddr=192.168.0.1
grep "netstat -anp.*$ipaddr" logfile |
    tr -cs '0-9.' '\012' |
    grep -c "$ipaddr"

I'm assuming a POSIX or BSD-style tr command. In addition, the second grep is necessary because there could be many other IP addresses other than the one you're looking for (that would be typical for netstat output).

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.