I have a website thats gets way too many hits than it deserves. How can I get a measure of the problem.
Take the apache access_log, pick out the first field which is the IP, then I can sort them, and run that output through “uniq -c” so it will output “count ip“. Finally sort that so I can see which IP’s are visiting us the most.
cat access_log |awk '{print $1'} |sort |uniq -c |sort -n >/tmp/ips-sorted.txtSo a tail of the output looks like this:
8823 40.77.167.24
8896 207.46.13.203
8951 40.77.167.26
9016 207.46.13.208
9064 157.55.39.127
11959 66.249.76.87
25158 93.158.91.33
46714 ::1
66506 65.108.99.178I can use ipinfo.io to find geolocate a few of them manually, or code it with their api:
#!/usr/bin/env python
import sys
import ipinfo
with open('ips-sorted.txt') as f:
lines = f.readlines()
L=[]
for line in lines:
if '::1' in line or '127.0.0.1' in line:
pass
else:
L.append(line.strip().split())
access_token = '****************'
for l in L:
count,ip_address = l
if int(count) > 4000:
handler = ipinfo.getHandler(access_token)
details = handler.getDetails(ip_address)
print(count, ip_address, details.country, details.city)
sys.exit()
So the output is this.
4117 154.54.249.196 FR Nozay
4446 66.249.76.89 BE Brussels
5349 147.197.108.149 GB Hatfield
5591 95.181.238.74 US New York City
7928 92.236.112.157 GB Edinburgh
8823 40.77.167.24 US Boydton
8896 207.46.13.203 US Quincy
8951 40.77.167.26 US Boydton
9016 207.46.13.208 US Quincy
9064 157.55.39.127 US Quincy
11959 66.249.76.87 BE Brussels
25158 93.158.91.33 SE Stockholm
66506 65.108.99.178 FI Helsinki