Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
=-+=-+=-+=-+=-+=-+=-+=-+=-+=
List all IP's hitting any domain
=-+=-+=-+=-+=-+=-+=-+=-+=-+=
less /home/*/access-logs/* | awk '{print $1}' | sort | uniq -c | sort -n
=-+=-+=-+=-+=-+=-+=-+=-+=-+=
List all IP's hitting POSTING to any domain
=-+=-+=-+=-+=-+=-+=-+=-+=-+=
grep POST /usr/local/apache/domlogs/* | cut -d ':' -f 2 | cut -d ' ' -f 1 | sort | uniq -c | sort -n
=-+=-+=-+=-+=-+=-+=-+=-+=-+=
View access logs for domain
=-+=-+=-+=-+=-+=-+=-+=-+=-+=
cat /home/%user%/access-logs/%domain% | grep "31/May/2018:02" | less
@samsargent

This comment has been minimized.

Copy link
Owner Author

commented Jul 1, 2019

A better way to track what site an IP is hitting:
grep -H 107.20.91.162 /home/*/access-logs/*
It will put the filename at the start of each line.

@samsargent

This comment has been minimized.

Copy link
Owner Author

commented Jul 1, 2019

If you only want to see IP's hitting any domain for a specific date:

less /home/*/access-logs/* | grep "\[16/Mar/2018:" | awk '{print $1}' | sort | uniq -c | sort -n

If you see an IP with a suspicious amount of requests check the requests using the command below.

cat /home/*/access-logs/* | grep 59.100.22.44 | less

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.