Some processing of log files


As you may be aware of this blog is a big pile of more or less unedited things that I found useful.

Here are some commands I've used to process some access logs from our web-servers.



cat access_log_* | sed /CloudFront/d | sed /utm_source/d | grep ".se" | grep "single" | cut -f 3 -d " " | sort | uniq -c | sort -r  > crawlers4.txt

cat allaccess.txt | grep "87.222.222.111"| cut -f 3,9 -d " " | sort | uniq -c | sort -r


grep -Fx -f file1 file2
(intersection between two files)

faster
comm -12 file1 file2


complement (those that are in a but not b)
comm -2 -3 <(cat ips_all_campaigns.txt) <(cat ips_utmsource.txt)



cat access_log_* | grep "CloudFront"| cut -f 3 -d " " | sort -u > ips_cloudfront.txt
cat access_log_* | grep "utm_source"| cut -f 3 -d " " | sort -u > ips_utmsource.txt
cat access_log_* | grep "utm_name"| cut -f 3 -d " " | sort -u > ips_utmname.txt
cat access_log_* | grep "kampagner"| cut -f 3 -d " " | sort -u > ips_kampagner.txt
cat access_log_* | grep "campaigns"| cut -f 3 -d " " | sort -u > ips_campaigns.txt
cat access_log_* | grep "/public/javascripts"| cut -f 3 -d " " | sort -u > ips_downloaded_javascript.txt
cat access_log_* | grep "/profile/track/"| cut -f 3 -d " " | sort -u > ips_profile_track.txt


cat ips_kampagner.txt ips_campaigns.txt > all_campaigns.txt
cat all_campaigns.txt | sort -u > ips_all_campaigns.txt
comm -2 -3 <(cat ips_all_campaigns.txt) <(cat ips_utmsource.txt) > 1.txt <--- those that do not have an utm source
comm -2 -3 <(cat 1.txt) <(cat ips_cloudfront.txt) > 2.txt <-- those that are not cloud front
comm -2 -3 <(cat 2.txt) <(cat ips_utmname.txt) > 3.txt <-- those that are not utmname
comm -2 -3 <(cat 3.txt) <(cat ips_profile_track.txt) > 4.txt <-- of those... check who actually got tracked, and save the rest


sed /campaigns_ajax/d allaccess.txt > allnoajax.txt

grep -F -f 4.txt allaccess.txt > allmatchingloglines.txt

grep -F -f 4.txt allnoajax.txt > allmatchingloglines.txt

cat allmatchingloglines.txt | cut -f 3 -d " " | sort | uniq -c | sort -r > potentialcrawler.txt

Comments

Post a Comment

Popular posts from this blog

Ruby weirdness

This week I'm trying to learn some Ruby (I want to use Chef or Puppet) and this caught my attention: " If you happen to define a method in your subclass that has the same name as a private method in the superclass, you will have inadvertently overridden the superclass's internal utility method, and this will almost certainly cause unintended behavior." Reference:  http://rubylearning.com/satishtalim/ruby_access_control.html How can they call it encapsulation and object-oriented design? Perhaps I'm misunderstanding something, but how on earth can this be acceptable. Now you have to look through the super class source every time it gets updated to make sure there are no conflicts with THE PRIVATE methods. Or you have to get rid of private methods for super classes and separate them into helper classes instead. Hopefully everyone will forget about inheritance and use composition instead :-)
Read more

Running LXD/LXC on WSL2 with Ubuntu 20.04

Download Ubuntu 20.04 from the Microsoft Store sudo apt-get update sudo apt-get upgrade cd ~ git clone https://github.com/DamionGans/ubuntu-wsl2-systemd-script.git cd ubuntu-wsl2-systemd-script/ bash ubuntu-wsl2-systemd-script.sh sudo apt-get install snap (exit the shell and reopen it) Source: https://github.com/damionGans/ubuntu-wsl2-systemd-script To the IPv6 question I answer "none". $ sudo lxd init 2020/08/01 15:55:13 usbid: failed to load: open /usr/share/misc/usb.ids: no such file or directory Would you like to use LXD clustering? (yes/no) [default=no]: Do you want to configure a new storage pool? (yes/no) [default=yes]: Name of the new storage pool [default=default]: Name of the storage backend to use (ceph, btrfs, dir, lvm) [default=btrfs]: Create a new BTRFS pool? (yes/no) [default=yes]: Would you like to use an existing block device? (yes/no) [default=no]: Size in GB of the new loop device (1GB minimum) [default=50GB]: Would you like to connect to a MAAS server? (
Read more

Installing pikvm on raspberry pi zero 2 w

Image
It turns out that Raspberry Pi Zero 2 W is an excellent platform for PiKVM in the wild. Given the right components, you can just plug in HDMI and USB into a target device, and you will be able to remotely view and control the device through a web interface. No need for external power! Components to buy: - HDMI to CSI-2 (i used the model from Geekworm with SKU: 100202, but site refers to https://www.aliexpress.com/item/4000102166176.html - perhaps it's the same) - microSDXC card (i used SanDisk Ultra microSDXC UHS-I Card 128GB) The HDMI to CSI-2 contained both a printboard with HDMI slot as well as a cable. Follow the steps: 1. Download https://pikvm.org/download/ , select the version named "Raspberry Pi Zero 2 W, v2 platform" 2. Follow the steps at https://docs.pikvm.org/flashing_os/ Which for my setup amounts to: 2.1 Download RPi Imager 2.2 Choose Custom image at the button 3. Then follow the steps here for adding a  3.1 Unplug the SD-card and put it back in. 3.2 Add a f
Read more