I am trying to extract a list of username's and the IP addresses they logged in from out of a FileZilla log.
(000099) 11/29/2013 9:20:26 AM - user_one (145.194.40.65)> 230 Logged on
I have already gotten a list of all IP's that have had a valid login by using this:
cat FileZilla\ Server.log | grep "Logged on" | awk '{match($0,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/); ip = substr($0,RSTART,RLENGTH); print ip}' | sort | uniq -c
But how can I match both the username and the IP address? So the output would look something like this when finished:
5 user_one 10.1.1.1
3 user_one 10.5.1.1
2 user_two 10.1.1.1
3 user_two 10.8.8.8
I've spent a few hours on this one, so any tips or tricks would be greatly appreciated.
You can try the following command:
gawk -f a.awk FileZilla\ Server.log
where a.awk is:
/Logged on/{
match($0,/[0-9]?[0-9]:[0-9][0-9]:[0-9][0-9] .. . ([^ ]*) \(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\)/,a)
b[(a[1]" "a[2])]++
}
END {
for (i in b) {
print b[i], i
}
}
If you want to sort the result, it can be done in Gnu Awk version 4, using PROCINFO["sorted_in"] as
END {
PROCINFO["sorted_in"]="@ind_str_asc"
for (i in b) {
print b[i], i
}
}