Main Tutorials

Count IP address in Nginx access logs

author image
By |
Viewed: 6,501 (+29 pv/w)
Tags:

Recently, many referer spam hit on my server, below is the command I used to find and count the IP Address from a Nginx access log file.


$ sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr

Full example.


$ sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr

    210 190.104.220.x
    208 181.119.20.x
    134 66.249.69.x
    129 66.249.69.x
    113 37.58.100.x
    108 66.249.69.x
    108 128.204.204.x
    106 37.58.100.x
     99 110.85.69.x
     89 125.78.199.x
     71 128.204.194.x
     70 210.195.94.x
     60 23.19.34.x
Note
The same trick can apply on Apache server access.log.

Next, use below command to find out the access events for a certain IP, then decide what action should be taken next.


$ sudo cat /var/log/nginx/access.log | grep 190.104.220.x

About Author

author image
Founder of Mkyong.com, love Java and open source stuff. Follow him on Twitter. If you like my tutorials, consider make a donation to these charities.

Comments

Subscribe
Notify of
6 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Diego Ragazzi
6 years ago

Thank you, it was very helpful, but I would change your last part to:
sudo grep 190.104.220.x /var/log/nginx/access.log

1
Reply
Tamer SAY
9 years ago

thanks for it. When I was intern, I was using this code

cat logfile.log | grep “IPAddress or ServiceName” | awk ‘{if ($6==200 && $8 > 0.1 )print $0}’ | awk ‘{print $0,1}’ | sort | uniq -c -> conc.txt

it creates conc.txt file and writes the results it finds. first awk can be removed and if clause can be changed.. Linux is great.

1
Reply
PKS
5 years ago
Reply to  Tamer SAY

Is it possible to get only the sum of hit count without ip address.
sudo awk ‘{print $1}’ /var/log/nginx/access.log | sort | uniq -c | sort -nr
210 190.104.220.x
208 181.119.20.x
134 66.249.69.x

210+208+134 = 552

Output should be 552

0
Reply
ilija
2 years ago
Reply to  PKS 
sudo awk '{print $1}' /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -3 | awk '{s+=$1}END{print s}'

I know that it is too late for you, but it may be useful to someone in the future.



sudo awk ‘{print $1}’ /var/log/nginx/access.log | sort | uniq -c | sort -nr | head -3 | awk ‘{s+=$1}END{print s}’



Last edited 2 years ago by ilija

    

    

    

        
    

    
0

    

        
    



    

    
    Reply


    

    
    






    
    

    

    

    JPL


    

    
    5 years ago


    
    
    

    

    





    
    

    
Hi Mkyong, What do you do for ips in range 172.16.0.0 – 172.31.255.255?




    

    

    

        
    

    
0

    

        
    



    

    
    Reply


    

    
    






    
    

    

    

    osgregs


    

    
    7 years ago


    
    
    

    

    





    
    

    
thks!




    

    

    

        
    

    
-1

    

        
    



    

    
    Reply