how can I combine the following command:
netstat -atun | awk '{print $ 5}' | cut-d: f1 | -e sed '/ ^ $ / d' | sort | uniq-c | sort-n
and "geoiplookup" listing something like "Con. Number, IP, Country"
I am using this lib:
http://kbeezie.com/geoiplookup-command-line/
Thank you for your help!
best regards
You should be able to get it with something like this:
netstat -an -f inet | awk '{print $ 5}' | sed -e '/^\*\.\*$/d' | awk 'sub(/\.[0-9]+$/,"")' | uniq | sort -n | xargs -n 1 geoiplookup { } | sort | uniq -c | sort -n | sed -r 's/ GeoIP Country Edition://g'
netstat -an -f inet - shows all network related data structures with network addresses as numbers and pulls the inet address family
awk '{print $ 5}' - takes that input and presents only the ip address with port from the prior.
sed -e '/^\*\.\*$/d' - strips out all of the . lines
awk 'sub(/\.[0-9]+$/,"")' - strips the port number leaving the ip address alone
uniq - gets rid of the duplicate ips
sort -n - performs a numeric sort (not necessary)
xargs -n 1 geoiplookup { } - takes the first input an performs the lookup for the country
sort - sorts based on country name
uniq -c - groups the country names with a count
sort -n - organizes the countries based on the count
sed -r 's/ GeoIP Country Edition://g' - Strips the phrasing "GeoIP Country Edition:"
This has little to do with brute force, other than telling you which country the connections are coming from.
Related
I have a file of newline-separated JSON lists, the total of which I would like to count. I can do this with two invocations of jq as such:
cat file.nsj | jq -s ".[] | length" | jq -s "add"
But I would prefer to do it in a single jq invocation. Is this possible?
If your goal is just to count the number of objects in the file full of lists, you could do this:
$ jq -n 'reduce inputs as $i (0; . + ($i | length))' file.nsj
Here's a variation of Jeff's solution which uses -n, inputs and length and add.
jq -n '[ inputs | length ] | add' file.nsj
Often times I have to do so commandline thing where I pipe to grep and want matches for two different expressions. ( An OR match A OR B. )
For example I want to grep the output of generate_out for either foo[0-9]+ or bar[0-9]+. I of course could just execute twice:
generate_out| grep "foo[0-9]+"
generate_out| grep "bar[0-9]+"
but often generate_out is expensive and I would rather not want to run it twice ( or store it's output ). Rather I would like to just use one expression:
generate_out| grep "foo[0-9]+ OR bar[0-9]+"
of course this will not work but I would like the equivalent expression which will.
use grep's -e option to specify multiple patterns that are "OR'ed":
$ seq 15 | grep -e 5 -e 3
3
5
13
15
Use an alternation in your regex:
generate_out | grep -E '(foo|bar)[0-9]+'
The use of -E enables ERE features, of this which is one. (By default, grep only supports BRE; some implementations of BRE -- such as GNU's -- may have special syntax for enabling ERE features; in the GNU case, \| in BRE is equivalent to | in ERE; however, it's not portable to rely on such extensions instead of just turning on ERE properly).
egrep is a backwards-compatibility synonym for grep -E; however, only the latter is specified as a requirement by POSIX.
Use awk for simplicity:
generate_out| awk '/foo[0-9]+/ || /bar[0-9]+/'
which of course could be simplified in this particular case to:
generate_out| awk '/(foo|bar)[0-9]+/'
but in general you want to use awk for simple, consistent ORs and ANDs of regexps:
cmd | grep -E 'foo.*bar|bar.*foo'
cmd | awk '/foo/ && /bar/'
cmd | grep 'foo' | grep -v 'bar'
cmd | awk '/foo/ && !/bar/'
cmd | grep -E 'foo|bar'
cmd | awk '/foo/ || /bar/' (or awk '/foo|bar/')
cmd | grep -E 'foo|bar' | grep -E -v 'foo.*bar|bar.*foo'
cmd | awk '(/foo/ && !/bar/) || (/bar/ && !/foo/)'
I'm running this command on OS X to pull the logic board ID:
ioreg -l | grep board-id
which gives me this output:
| "board-id" = <"Mac-FC02E91DDD3FA6A4">
The only part I'm interested in is the "Mac-FC02E91DDD3FA6A4". Is there a way to filter the results from grep to only show me this part? OR is there a second step I could do to clean up the grep results?
Using awk you can do this
ioreg -l | awk -F\" '/board-id/ {print $4}
Mac-FC02E91DDD3FA6A4
This search for board-id, divide output by " and then print part 4
ioreg -l | grep "board-id" | cut -d \" -f 4
one way still with grep, try this line:
ioreg -l|grep -Po 'board-id".*<"\K[^"]*'
This command gives me the following output:
cat /proc/net/dev | awk '{print $1}'
Inter-|
face
eth0:
lo:
wlan0:
Is there a way to dismiss the lines inter-|, face so i can get only the names of the interfaces?
Tweaking your awk a little bit:
awk 'NR>2{print $1}' /proc/net/dev
tail -n +3 /proc/net/dev | awk...
tail -n {+whatever} (note the plus sign) can be used to dump files starting from the nth line.
There are many ways of doing this. If you just need it work for that specific case I'd do something simple like this:
cat /proc/net/dev | awk '{print $1}' | sed -e '1,2d'
Sed '1,2d' just means delete lines 1 and 2.
In addition to the other answers:
just in case you don't want to use awk with tail, you can do also this:
tail -n +3 /proc/net/dev | cut -d':' -f1
zgrep -i XXX XXX | grep -o "RID=[0-9|A-Z]*" |
uniq | cut -d "=" -f2 |
xargs -0 -I string echo "RequestID="string
My output is
RequestID=121212112
8127127128
8129129812
But my requirement is to have the request ID prefixed before all the output.
Any help is appreciated
I had a similar task and this worked for me. It might be what you are looking for:
zgrep -i XXX XXX | grep -o "RID=[0-9|A-Z]*" |
uniq | cut -d "=" -f2 |
xargs -I {} echo "RequestID="{}
Try -n option of xargs.
-n max-args
Use at most max-args arguments per command line. Fewer than max-args arguments will be used if the size (see the -s option)
is exceeded,
unless the -x option is given, in which case xargs will exit.
Example:
$ echo -e '1\n2' | xargs echo 'str ='
str = 1 2
$ echo -e '1\n2' | xargs -n 1 echo 'str ='
str = 1
str = 2