Apache logs how to count number of hits per IP

So I get this a lot… Want to figure out of if you have a DDoS going on… the best way is the apache logs.  Use this code to count and sort by IP:

 

cut -f1 -d ” ” access_log | sort | uniq -c

 

Just replace access_log with your log name.

More complex you can also try :

 

awk ‘{!a[$1]++}END{for(i in a) if ( a[i] >10 ) print a[i],i }’

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.