[Resolu]compter et trier des données de fichiers journal

MaxInux · Le 24/07/2015, à 09:17

Bonjour,

Je dois effectuer une analyse sur un fichier de log comptant + 100 000 lignes; et j'avoue que cela excède mes connaissances en matière de bash.
l'objectif est de regarder si une ou plusieurs personnes, poste de travail, réalisent beaucoup plus de requêtes que les autres, sur par exemple, un proxy.

les données ont cette forme, multiplier par 100.000

 rcvd=4877

je sais juste compter les lignes selon un grep -i "lefichier"

[root@MACHINE local]# grep -i "192.168.201.20" 2015-07-23.log | wc -l
1984
[root@MACHINE local]# grep -i "192.168.202.20" 2015-07-23.log | wc -l
65531

Les proxies à vérifier sont, 192.168.202.20 et 192.168.201.20.
J'ai déjà réalisé ceci ^^

#!/bin/bash
    echo "---------------------------------"
    echo "Requetes excessives sur proxies XXXX"
    echo "adresses des proxys : 192.168.202.20 et 192.168.201.20"
    echo "---------------------------------"

    prox1=192.168.201.20
    prox2=192.168.202.20
    fichier1=/var/log/network/10.1.1.3/local/2015-07-23.log
    fichier1=/var/log/network/10.2.1.3/local/2015-07-23.log

J'ai trouvé un topic qui s'approche certainement de mon besoin, j'ai esayé de l'adapter mais en vain.
https://forum.ubuntu-fr.org/viewtopic.php?id=781721

Je m'excuse d'avance, car je demande une solution toute faite...à ma décharge, je suis vraiment une quiche en matière de scripts élaborés.

Merci @ vous

Dernière modification par MaxInux (Le 26/07/2015, à 01:41)

MaxInux · Le 24/07/2015, à 13:15

Si cela peut aider quelqu'un ou si quelqu'un connait un procédé plus simple ou autre, n'hésitez pas. Vous me rendriez un grand service

Ce que j'ai fait pour approcher du résultat recherché:

#!/bin/bash
echo "---------------------------------"
echo "Requetes excessives sur proxies XXXX"
echo "adresses des proxys : 192.168.202.20 et 192.168.201.20"
echo "---------------------------------"

         prox1=192.168.201.20
         prox2=192.168.202.20
         fichier1=/var/log/network/10.1.1.3/local/2015-07-23.log
         fichier2=/var/log/network/10.2.1.3/local/2015-07-23.log


grep -i $prox1 $fichier1 | grep -i open | grep -i http | awk '{print $15}' | cut -f2 -d "=" | cut -f1 -d ":" | sort -n | uniq -c | sort -nk 1
grep -i $prox2 $fichier2 | grep -i open | grep -i http | awk '{print $15}' | cut -f2 -d "=" | cut -f1 -d ":" | sort -n | uniq -c | sort -nk 1

credenhill · Le 24/07/2015, à 13:32

hello
n'ayant pas beaucoup de données pour tester, essayer

awk -F "dst=" '/192.168.20[12].20/ && /open/ && /http/ {sub(":.*$", "", $2); t[$2]++} END {for (n in t) print n "\t" t[n]}'  $fichier1 $fichier2

MaxInux · Le 24/07/2015, à 13:43

credenhill a écrit :

hello
n'ayant pas beaucoup de données pour tester, essayer

awk -F "dst=" '/192.168.20[12].20/ && /open/ && /http/ {sub(":.*$", "", $2); t[$2]++} END {for (n in t) print n "\t" t[n]}'  $fichier1 $fichier2

Je teste immédiatement. Merci.

Ca ne match pas, aucun retour.

#!/bin/bash
echo "---------------------------------"
echo "Requetes excessives sur proxies XXXX"
echo "adresses des proxys : 192.168.202.20 et 192.168.201.20"
echo "---------------------------------"

         prox1=192.168.201.20
         prox2=192.168.202.20
         fichier1=/var/log/network/10.1.1.3/local/2015-07-23.log
         fichier2=/var/log/network/10.2.1.3/local/2015-07-23.log


grep -i $prox1 $fichier1 | grep -i open | grep -i http | awk '{print $15}' | cut -f2 -d "=" | cut -f1 -d ":" | sort -n | uniq -c | sort -nk 1
grep -i $prox2 $fichier2 | grep -i open | grep -i http | awk '{print $15}' | cut -f2 -d "=" | cut -f1 -d ":" | sort -n | uniq -c | sort -nk 1


# soluce ubuntu-fr
awk -F "dst=" '/192.168.20[12].20/ && /open/ && /http/ {sub(":.*$", "", $2); t[$2]++} END {for (n in t) print n "\t" t[n]}'  $fichier1 $fichier2

si tu veux un peu plus de lignes correspondantes aux fichiers log

2015-07-23T00:03:35+02:00/2015-07-23T00:03:35+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:35" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854170 src=10.1.11.58:52195:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:35+02:00/2015-07-23T00:03:35+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:35" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854170 src=10.1.11.58:52196:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:35+02:00/2015-07-23T00:03:35+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:35" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854170 src=10.1.11.58:52197:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:35+02:00/2015-07-23T00:03:35+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:35" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854170 src=10.1.11.58:52198:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.debug 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:35" fw=132.2.244.74 pri=7 c=512 m=46 msg="Broadcast packet dropped" n=2339441 src=192.168.201.50:0:X3 dst=192.168.201.255:13476 proto=udp/netbios-dgm 
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:35" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854173 src=10.1.33.34:60349:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:35" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854173 src=10.1.33.34:60352:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:35" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854173 src=10.1.33.34:60355:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854175 src=10.1.2.1:60623:X0 dst=213.244.0.15:53:X1 proto=udp/dns   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854175 src=10.1.2.1:62368:X0 dst=213.244.0.15:53:X1 proto=udp/dns   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854177 src=10.1.2.1:61051:X0 dst=213.244.0.15:53:X1 proto=udp/dns   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854177 src=10.1.33.34:60358:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854180 src=192.168.201.31:16464:X3 dst=10.1.2.1:636:X0 proto=tcp/636   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=14 n=545791151 src=192.168.201.31:16464:X3 dst=10.1.2.1:636:X0 proto=tcp/636 sent=812 rcvd=2160   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854180 src=10.1.2.4:58763:X0 dst=23.54.131.21:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854180 src=10.1.2.4:59117:X0 dst=23.54.131.21:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854190 src=10.1.2.4:33846:X0 dst=23.54.131.21:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=10.1.2.4:57621:X0 dst=23.54.131.21:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=192.168.201.31:64945:X3 dst=10.1.2.107:80:X0 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=192.168.201.31:50306:X3 dst=10.1.2.81:80:X0 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=192.168.201.31:16233:X3 dst=10.1.2.1:53:X0 proto=udp/dns   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=192.168.101.40:60141:X2 dst=188.165.43.170:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=192.168.101.40:56257:X2 dst=188.165.43.170:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=192.168.101.40:16830:X2 dst=188.165.43.170:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=192.168.101.40:43531:X2 dst=74.125.195.121:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854191 src=192.168.101.40:55768:X2 dst=188.165.43.170:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854192 src=10.1.33.34:60361:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854192 src=10.1.3.40:2613:X0 dst=195.167.195.49:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854194 src=10.1.33.34:60364:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854194 src=192.168.201.31:34103:X3 dst=10.1.2.107:80:X0 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854200 src=10.1.11.58:52199:X0 dst=132.245.176.66:443:X4 proto=tcp/https   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854200 src=10.1.2.119:62792:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854200 src=10.1.2.119:62793:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854200 src=10.1.2.1:60304:X0 dst=213.244.0.15:53:X1 proto=udp/dns   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854200 src=192.168.101.40:45797:X2 dst=191.232.139.254:443:X1 proto=tcp/https   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854200 src=192.168.101.40:29343:X2 dst=74.125.195.121:80:X1 proto=tcp/http   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=262144 m=98 msg="Connection Opened" n=537854202 src=10.2.2.7:54923:X0 dst=192.168.201.20:443:X3 proto=tcp/https   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=32 n=545791163 src=10.92.69.108:37626:X1 dst=10.1.2.184:161:X0 proto=udp/161 sent=126 rcvd=178 vpnpolicy="ACT400"  
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=9 n=545791163 src=192.168.201.31:30925:X3 dst=10.1.2.80:80:X0 proto=tcp/http sent=408 rcvd=609   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=2 n=545791163 src=192.168.201.31:14572:X3 dst=10.1.2.1:53:X0 proto=udp/dns sent=62 rcvd=142   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" n=545791163 src=10.1.8.57:61780:X0 dst=192.168.201.40:8080:X3 proto=tcp/8080 sent=541 rcvd=2976   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=2 n=545791163 src=10.1.2.1:62398:X0 dst=213.244.0.15:53:X1 proto=udp/dns sent=63 rcvd=79   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=9 n=545791163 src=192.168.201.31:23183:X3 dst=10.1.2.80:80:X0 proto=tcp/http sent=401 rcvd=595   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=9 n=545791163 src=10.1.2.4:34869:X0 dst=23.54.131.21:80:X1 proto=tcp/http sent=475 rcvd=826   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=9 n=545791163 src=10.1.2.4:43008:X0 dst=23.54.131.21:80:X1 proto=tcp/http sent=475 rcvd=708   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=9 n=545791163 src=10.1.2.4:57471:X0 dst=23.54.131.21:80:X1 proto=tcp/http sent=475 rcvd=708   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=9 n=545791163 src=10.1.2.4:38006:X0 dst=23.54.131.21:80:X1 proto=tcp/http sent=475 rcvd=826   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=9 n=545791163 src=10.1.2.4:60428:X0 dst=23.54.131.21:80:X1 proto=tcp/http sent=469 rcvd=853   
2015-07-23T00:03:36+02:00/2015-07-23T00:03:36+02:00 local0.info 10.1.1.3 id=firewall: sn=0017C5152EF4 time="2015-07-23 00:03:36" fw=132.2.244.74 pri=6 c=1024 m=537 msg="Connection Closed" f=9 n=545791163 src=10.1.2.4:38633:X0 dst=23.54.131.21:80:X1 proto=tcp/http sent=469 rcvd=858   ^C

edition: Anonymisation des IPs

Dernière modification par MaxInux (Le 25/07/2015, à 21:17)

credenhill · Le 24/07/2015, à 14:06

essayer

$ awk -F "dst=" -v IGNORECASE=1 '/192.168.20[12].20/ && /open/ && /http/ {sub(":.*$", "", $2); t[$2]++} END {for (n in t) print n "\t" t[n]}' fichier
192.168.201.20	1

MaxInux · Le 24/07/2015, à 14:44

#!/bin/bash
echo "---------------------------------"
echo "Requetes excessives sur proxies XXXX"
echo "adresses des proxys : 192.168.202.20 et 192.168.201.20"
echo "---------------------------------"

         prox1=192.168.201.20
         prox2=192.168.202.20
         fichier1=/var/log/network/10.1.1.3/local/2015-07-23.log
         fichier2=/var/log/network/10.2.1.3/local/2015-07-23.log

         # soluce ubuntu-fr
awk -F "dst=" -v IGNORECASE=1 '/192.168.20[12].20/ && /open/ && /http/ {sub(":.*$", "", $2); t[$2]++} END {for (n in t) print n "\t" t[n]}' $fichier1 $fichier2

Cela fonctionne, on obtient le nombre de requêtes effectuées sur les passerelles, mais pas quelle ip est la plus consommatrice. Je pense pouvoir m'en sortir.

merci et bon week end.

credenhill · Le 24/07/2015, à 15:39

ajouter | sort -rnk 2

Dernière modification par credenhill (Le 24/07/2015, à 15:42)

LeoMajor · Le 24/07/2015, à 16:17

quelle ip est la plus consommatrice

c'est presque identique

awk  'BEGIN { FS="src="}; /dst=192.168.20[12].20/ && /Open/ && /http/ { sub(/:.*/, //, $NF); t[$NF]++};  END {for (n in t) print n "\t" t[n]}' /tmp/test.log
10.2.2.7        3

MaxInux · Le 25/07/2015, à 11:03

Merci à tous.

Bon Week end.

Ubuntu-fr

Navigation

Liens de recherche

Annonce

#1 Le 24/07/2015, à 09:17

[Resolu]compter et trier des données de fichiers journal

#2 Le 24/07/2015, à 13:15

Re : [Resolu]compter et trier des données de fichiers journal

#3 Le 24/07/2015, à 13:32

Re : [Resolu]compter et trier des données de fichiers journal

#4 Le 24/07/2015, à 13:43

Re : [Resolu]compter et trier des données de fichiers journal

#5 Le 24/07/2015, à 14:06

Re : [Resolu]compter et trier des données de fichiers journal

#6 Le 24/07/2015, à 14:44

Re : [Resolu]compter et trier des données de fichiers journal

#7 Le 24/07/2015, à 15:39

Re : [Resolu]compter et trier des données de fichiers journal

#8 Le 24/07/2015, à 16:17

Re : [Resolu]compter et trier des données de fichiers journal

#9 Le 25/07/2015, à 11:03

Re : [Resolu]compter et trier des données de fichiers journal

Pied de page des forums