I am analyzing a syslog files that have been created as a result of a DDOS attack and would like to a create a list of unique ip connections.Any assistance is greatly appreciated.
Assuming that the IP/Hostname is in field 4:
cat /var/log/messages | cut -d\ -f 4 -|sort|uniq
Example log message:
May 29 18:27:30 10.101.11.31 Myprog[5291]: 20856: Mar 31 06:14:38 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0/29, changed state to up
You may also want to try a tool like LogZilla which will make this much easier for analyzing these things.