5

grep, count and sort iptables log to get IPs qty and DPT?

view full story
linux-howto

http://serverfault.com – How can i grep count and sort iptables log to get IPs qty and DPT? like i used this oneliner to get top IP qty egrep -w "Invalid Packet" ipfirewall.log | grep -o '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\.[0-9]*' | sort | uniq -c | sort -r -n | head but how to get ip by DPT? so it will be 250 192.168.1.1 DPT=3306 150 192.168.1.2 DPT=445 50 192.168.1.3 DPT=23 20 192.168.1.4 DPT=22 log format Jul 19 04:50:28 server1 kernel: IN=eth0 OUT= MAC=xx:xx SRC=124.153.186.56 DST=xx.xx.xx.xx LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=19312 DF PROTO=TCP SPT=4379 DPT=23 WINDOW=5840 RES=0x00 S (HowTos)