Bash-sorting-apache

From I Will Fear No Evil
Jump to navigation Jump to search

Example of how to sort a logfile for top hits (apache in this case)

Why is this useful? Think making a case statement and stuff that is a script kiddie attack gets auto-blocked via fail2ban. 

awk '$9 == "404" {print $7}' access.log |sort|uniq -c|sort -rn| head -n 30
Bonus: do this for nginx logs now :P
SRC: https://twitter.com/climagic/status/1448297516571762691

Something like this could be used to further update fail2ban-flies

Returned:
      7 /.env
      6 /ecp/Current/exporttool/microsoft.exchange.ediscovery.exporttool.application
      5 /GponForm/diag_Form?style/
      3 /owa/auth/x.js
      3 /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f
      3 /owa/auth/logon.aspx
      3 /actuator/health
      2 /wp-includes/js/jquery/jquery.js
      2 /vendor/phpunit/phpunit/build.xml
      2 /plugins/system/debug/debug.xml
      2 /OA_HTML/AppsLocalLogin.jsp
      2 /nice%20ports%2C/Tri%6Eity.txt%2ebak
      2 /misc/ajax.js
      2 /login
      2 /js/header-rollup-554.js
      2 /images/editor/separator.gif
      2 /.git/config
      2 /fckeditor/editor/filemanager/connectors/php/upload.php?Type=Media
      2 /admin/view/javascript/common.js
      2 /administrator/language/en-GB/install.xml
      2 /administrator/help/en-GB/toc.json
      2 /administrator/
      2 /admin/includes/general.js
      2 /aab9
      2 /aaa9
      1 /xmrlpc.php?daksldlkdsadas=1
      1 /wp-login.php
      1 /wp-includes/css/buttons.css
      1 /.well-known/security.txt
      1 /ucmdb-api/connect
Retrieved from "https://wiki.iwillfearnoevil.com/mediawiki/index.php?title=Bash-sorting-apache&oldid=676"