Count IP address in Nginx access logs

Recently, many referer spam hit on my server, below is the command I used to find and count the IP Address from a Nginx access log file.


$ sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr

Full example.


$ sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr

    210 190.104.220.x
    208 181.119.20.x
    134 66.249.69.x
    129 66.249.69.x
    113 37.58.100.x
    108 66.249.69.x
    108 128.204.204.x
    106 37.58.100.x
     99 110.85.69.x
     89 125.78.199.x
     71 128.204.194.x
     70 210.195.94.x
     60 23.19.34.x
Note
The same trick can apply on Apache server access.log.

Next, use below command to find out the access events for a certain IP, then decide what action should be taken next.


$ sudo cat /var/log/nginx/access.log | grep 190.104.220.x

About the Author

author image
mkyong
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter, or befriend him on Facebook or Google Plus. If you like my tutorials, consider make a donation to these charities.

Comments

avatar
4 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
4 Comment authors
JPLDiego RagazziosgregsTamer SAY Recent comment authors
newest oldest most voted
Diego Ragazzi
Guest
Diego Ragazzi

Thank you, it was very helpful, but I would change your last part to:
sudo grep 190.104.220.x /var/log/nginx/access.log

JPL
Guest
JPL

Hi Mkyong, What do you do for ips in range 172.16.0.0 – 172.31.255.255?

osgregs
Guest
osgregs

thks!

Tamer SAY
Guest
Tamer SAY

thanks for it. When I was intern, I was using this code

cat logfile.log | grep “IPAddress or ServiceName” | awk ‘{if ($6==200 && $8 > 0.1 )print $0}’ | awk ‘{print $0,1}’ | sort | uniq -c -> conc.txt

it creates conc.txt file and writes the results it finds. first awk can be removed and if clause can be changed.. Linux is great.