Count IP address in Nginx access logs
Recently, many referer spam hit on my server, below is the command I used to find and count the IP Address from a Nginx access log file.
$ sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr
Full example.
$ sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr
210 190.104.220.x
208 181.119.20.x
134 66.249.69.x
129 66.249.69.x
113 37.58.100.x
108 66.249.69.x
108 128.204.204.x
106 37.58.100.x
99 110.85.69.x
89 125.78.199.x
71 128.204.194.x
70 210.195.94.x
60 23.19.34.x
Note
The same trick can apply on Apache server access.log.
The same trick can apply on Apache server access.log.
Next, use below command to find out the access events for a certain IP, then decide what action should be taken next.
$ sudo cat /var/log/nginx/access.log | grep 190.104.220.x
Thank you, it was very helpful, but I would change your last part to:
sudo grep 190.104.220.x /var/log/nginx/access.log
thanks for it. When I was intern, I was using this code
cat logfile.log | grep “IPAddress or ServiceName” | awk ‘{if ($6==200 && $8 > 0.1 )print $0}’ | awk ‘{print $0,1}’ | sort | uniq -c -> conc.txt
it creates conc.txt file and writes the results it finds. first awk can be removed and if clause can be changed.. Linux is great.
Is it possible to get only the sum of hit count without ip address.
sudo awk ‘{print $1}’ /var/log/nginx/access.log | sort | uniq -c | sort -nr
210 190.104.220.x
208 181.119.20.x
134 66.249.69.x
210+208+134 = 552
Output should be 552
I know that it is too late for you, but it may be useful to someone in the future.
sudo awk ‘{print $1}’ /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -3 | awk ‘{s+=$1}END{print s}’
Hi Mkyong, What do you do for ips in range 172.16.0.0 – 172.31.255.255?
thks!