Default log paths
| /var/log/http/access_log | [For RedHat based systems] |
| /var/log/apache2/access.log | [For Debian based systems] |
| /var/log/http-access.log | [For FreeBSD] |
Command
awk '{ print $1}' access.log | sort | uniq -c | sort -nr | head -n 10Output
5482 103.28.37.178
5356 66.249.78.168
1977 66.249.93.145
1962 157.55.39.251
1924 66.249.93.142
1921 66.249.93.148
1890 64.233.173.178
1860 108.61.183.134
1841 64.233.173.182
1582 157.55.39.251
Command explain
207.46.13.11 - - [29/Mar/2021:06:46:11 +0200] "GET /robots.txt HTTP/1.1" 404 493 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
13.66.139.16 - - [29/Mar/2021:06:46:25 +0200] "GET /kontakt1 HTTP/1.1" 404 493 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 7_0 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11A465 Safari/9537.53 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)"
178.255.168.95 - - [29/Mar/2021:06:46:35 +0200] "-" 408 0 "-" "-"awk ‘{ print $1}’ access.log – take the access.log and print first group (separated by white space)
sort – sort records
uniq -c – omit repeated lines and prefix it with count of occurence
sort -nr – sort records again by number and in reverse order (highest values first)
head -n 10 – print just top 10 lines