Tech@Sakana – A sysadmin’s blog

Perl : Counting occurences of IP addresses in Apache logs

March 2nd, 2010 by Stephane Kattoor

This Perl one-liner is intended to print the 10 most frequent client IP addresses in an Apache log file. It can easily be recycled to count anything, though.

^?View Code TXT

1 2 3 4 5 6 7 8 9 10 11 12

kattoo@roadrunner /files/toSave/home/kattoo/Downloads $ perl -ane '$c{$F[0]}++; END {print map {$_ . "\t->\t" . $c{$_} . "\n"} (sort {$c{$b} <=> $c{$a}} keys %c)[0..9]}' sakana.fr-28-02-2010.log XX.XX.XX.XXX -> 163 XX.XXX.XXX.XXX -> 150 XXX.XXX.XX.XX -> 136 XXX.XX.XXX.XXX -> 134 XX.XXX.XXX.XX -> 116 XX.XXX.XXX.XXX -> 110 XX.XX.XXX.XX -> 104 XX.XXX.XXX.XXX -> 90 XX.XXX.X.XXX -> 75 XXX.XXX.XX.XXX -> 72 kattoo@roadrunner /files/toSave/home/kattoo/Downloads $

Short explanation of the command line switches :

• -a : turns on autosplit, the different fields will then be accessible in the @F variable
• -e : specifies the code to execute
• -n : wraps that code into a loop for each text line of the file to process from the standard input or the files specified on the command line

This is equivalent to Nils’ approach in awk but you know, I’ve always been partial to Perl

Feel free to suggest any improvement… I know there must be many !

Suggested reading

• Programming Perl (3rd Edition) (on Amazon) : The reference guide for Perl programming, written by Perl Gods (Larry Wall, Tom Christiansen, John Orwant).
• Use command-line Perl to make UNIX administration easier (on techrepublic) : Short intro about perl 1-liners

Bookmark to:

Tagged with: apache logs • linux • perl • tip

Related Post

• D-Bus introduction in Perl
• Perl : Convert time from Epoch to local time
• Perl : A module to play with a GSM mobile
• Perl : Optimizing pattern searches with Regexp::Assemble
• Unix : the “script” command
• Gentoo + OpenVPN : getting things started in the correct order
• Perl+Twitter : Getting @mentions from command line

Posted in Dev | 7 Comments »

7 Responses to “Perl : Counting occurences of IP addresses in Apache logs”

1. Iain Says:
   March 7th, 2010 at 21:35

   {$_ . “\t->\t” . $c{$_} . “\n”}

   ->

   {“$_\t->\t$c{$_}\n”}

   That is all.

2. dblackshell Says:
   March 8th, 2010 at 18:50

   awk ‘{ print $1 }’ access.log | uniq -c

3. Stephane Kattoor Says:
   March 9th, 2010 at 22:08

   Iain and dblackshell, thanks for your input !

   Stephane

4. Matt Simmons Says:
   March 11th, 2010 at 17:53

   dblackshell is really close. The problem is that the awk line doesn’t sort.

   You need this:

   awk ‘{print $1}’ access_log | sort | uniq -c | sort -g | tail -n 10

5. Stephane Kattoor Says:
   March 14th, 2010 at 16:43

   Another case when the comments are worth more than the post itself … Thanks to all

   Stephane

6. Alper's blog » top ten occurrences with perl one-liner Says:
   March 31st, 2010 at 0:17

   [...] from Tech@Sakana blog ?View Code PERLperl -ane '$c{$F[0]}++; END {print map {$_ . "t->t" . $c{$_} . [...]

7. Alper Yilmaz Says:
   March 31st, 2010 at 0:28

   The perl way is still valuable, showing very nice usage of map, sort and array range..

Leave a Reply