Re: Egreping for Addressed

["Michael Patrick" <lists () techiesplace com>]

> classB.  Given that:
>
> Assume the ClassB is "abc.def.X.X"
> Assume the ClassC is "123.456.789.Y",
>
> What would be the easiest way to grep out all allowed classB and classC
> addresses (from our remote sites) from the logs before parsing further?
>
> Seems this can be done on one, maybe two statements

Maybe you're looking for something like:

grep -v "^abc.def" access_log | grep -v "^123.456.789"

which would match any line NOT (-v) starting (^) with abc.def and pass the
result to another grep which would return lines not starting with
123.456.789.  I tossed in the ^ to make sure I was getting the hit IP and
not something goofy like part of a GET statement later in the line.

Something that you might already know but that bit me... If any of the
numbers are less than 3 digits you'll have to careful.

Grepping my logs with

grep "^12"

I get 12.x.x.x AND 129.x.x.x.

grep "^12\." returns me the wanted 12.x.x.x but not 129.x.x.x


So.... all told

tail -n 1000 access_log | grep -v "12\." | grep -v "139\.30\.8\." | cut -d
" " -f 1 | sort | uniq

gives me a list of IPs not in 12. or 139.30.8 (but could still be in .80)
in the last 1000 lines of my log.

Hope this helps,

Michael



---------------------------------------------------------------------------
----------------------------------------------------------------------------