Blog

Extract tar.gz and acess all the log files and find the top 5 IP addresses with status 5xx and excluding 127.0.0.1

#!/usr/bin/env bash

rm .intermediate.data &>/dev/null

rm .ips.data &>/dev/null

rm /tmp/report.log &>/dev/null

tar xvf archive.tar.gz

for logfile in $(find .  -name *.log); do

    # echo $logfile

    grep -o "5.. [0-9]+.[0-9]+.[0-9]+.[0-9]+"  $logfile| grep -v "127.0.0.1" >> .intermediate.data

done

grep -o "[0-9]+.[0-9]+.[0-9]+.[0-9]+" .intermediate.data | sort | uniq -c | sort -nr > .ips.data

for i in $(seq 10); do

       read line

       echo $line >> /tmp/report.log

done < .ips.data

rm *.log

exit 0