Extracting (unique) IPs from logfile

I have been messing around with some logfiles recently (related to honeypots as usual), and the following has been helpful whenever I wanted to extract IP addresses from them:

cat logfile.log | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' | sort -u > /tmp/unique-ips.txt


Skip to comment form

    • blcspt on October 31, 2012 at 7:45 PM
    • Reply

    Grepping for IP addresses that way is awesome!
    Totally forgot about doing it that way as i mostly use grep and awk together

    Extracting IP addresses from kippo.log and listing how many separate connections each of them made:

    cat kippo.log | grep 'New connection:' | awk '{print $6}' | cut -d ':' -f1 | sort | uniq -c | sort -r


      • Ion on November 1, 2012 at 4:15 AM
      • Reply

      Hey Blackie, nice snippet! Thanks for your comment 🙂

    • b0bb3r5 on March 31, 2015 at 12:31 AM
    • Reply

    when i was attacked by a large botnet i found this useful (Updated command as kippo.log is the new log file name)

    cat /home/kippo/kippo/log/kippo.log.* | grep -o ‘[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}’ | sort -u > /tmp/unique-ips.txt

    • Asad on April 24, 2018 at 7:08 AM
    • Reply

    Hi everyone!!!
    I am trying to extract kippo logs into mongodb like kippo2mysql extract logs into mysql. Please help me how could i do that.

      • Ion on April 24, 2018 at 8:19 AM
      • Reply

      You will have to write your own code to do that. Read the file with Python, extract the information you want, create “documents” and store them in MongoDB. Look at this as a start: https://realpython.com/introduction-to-mongodb-and-python/. Having said that, is there a particular reason you don’t want to use Kippo2MySQL? Or even more, why not just use the MySQL logging capabilities of Kippo (or Cowrie which is newer!) directly?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Read previous post:
Σαρκοβόρο για τα malware, στη διάθεσή σας!

Στο άρθρο που αρχίζει από τη σελίδα 40 του τεύχους παρουσιάσαμε το Dionaea, ένα εξαιρετικά αποτελεσματικό malware honeypot για Linux....