Skip to content

Instantly share code, notes, and snippets.

@gitfrage

gitfrage/grep-suspicious

Last active March 21, 2017 09:41
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gitfrage/bee9ab58e5f24b663d3e33654f9ab6c4 to your computer and use it in GitHub Desktop.
Save gitfrage/bee9ab58e5f24b663d3e33654f9ab6c4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
grep-suspicious
# IP
cat access.log | awk '{print $1}' | sort | uniq -c | sort -n | tail -fn 100
# string in request
zgrep 'string' *.zip | tee /tmp/suspicious.log
grep 'string' /tmp/suspicious.log | awk '{ print $7 }' | sort | uniq -c | sort -n
# http count zwischen 0:00 uhr und 0:10
zcat access.log.1.gz |grep 21/Mar/2017:00:0 > /tmp/000
awk '{print $1}' < /tmp/000 |sort|uniq -c|sort -n|tail
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment