{"id":15113750,"url":"https://github.com/doncato/ip-log-stats","last_synced_at":"2026-01-19T21:34:09.949Z","repository":{"id":254641065,"uuid":"847130969","full_name":"doncato/ip-log-stats","owner":"doncato","description":"A simple bash script to extract anything that matches an IPv4 or IPv6 from STDIN and outputs the count of occurences for each IP found on STDOUT.","archived":false,"fork":false,"pushed_at":"2024-08-25T22:47:59.000Z","size":23,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-05T18:16:03.302Z","etag":null,"topics":["bash","bash-script","log-analysis"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/doncato.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-25T00:03:28.000Z","updated_at":"2024-08-25T22:48:01.000Z","dependencies_parsed_at":"2024-08-25T01:26:58.811Z","dependency_job_id":"624422db-1483-486a-a1f6-130d9834e4cb","html_url":"https://github.com/doncato/ip-log-stats","commit_stats":null,"previous_names":["doncato/ip-log-stats"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/doncato/ip-log-stats","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncato%2Fip-log-stats","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncato%2Fip-log-stats/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncato%2Fip-log-stats/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncato%2Fip-log-stats/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/doncato","download_url":"https://codeload.github.com/doncato/ip-log-stats/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/doncato%2Fip-log-stats/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28585524,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T20:45:59.482Z","status":"ssl_error","status_checked_at":"2026-01-19T20:45:41.500Z","response_time":67,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bash","bash-script","log-analysis"],"created_at":"2024-09-26T01:23:08.994Z","updated_at":"2026-01-19T21:34:09.931Z","avatar_url":"https://github.com/doncato.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# ip-log-stats\nA simple bash script to extract anything that matches an IPv4 or IPv6 from STDIN and outputs the count of occurences for each IP found on STDOUT.\n\n## Installation\nJust download the `ip-log-stats.sh` script, e.g. by using `wget`:\n\n```sh\nwget https://raw.githubusercontent.com/doncato/ip-log-stats/main/ip-log-stats.sh\n```\n\nIf you want to 'install' it, it's probably a good idea to put it in your PATH:\n\n```sh\nmv ip-log-stats.sh /usr/local/bin/ip-log-stats\n```\n\nAnd finally make sure you can execute it \n```sh\nchmod a+x /usr/local/bin/ip-log-stats\n```\n\n## Usage\nTo use it you can just pipe any log from anywhere into the script, and it will output\nthe number of occurences followed by the ip like this:\n\n```txt\n    152 10.20.20.20\n     54 192.168.178.1\n     11 10.20.2.5\n      5 1.1.1.1\n      2 127.0.0.1\n```\n\n### Usage Examples\n#### Simple showoff\n```sh\n# Will simply output the contents for human consumption\ncat /var/log/syslog | ip-log-stats\n```\n\n#### Email the stats:\n```sh\n# Will mail the results to webmaster@example.com with the subject stats\ncat /var/log/syslog | (echo \"From: IP Log Stats \u003cmonitor@example.com\u003e\"; echo \"To: postmaster@example.com\"; echo \"Subject: IP Log Stats\"; echo \"\"; ip-log-stats) | sendmail -F \"IP Log Stats \u003cmonitor@example.com\u003e\" postmaster@example.com\n```\n\n#### Get only IPs\n```sh\n# Will filter to output to just print the ips without the count\ncat /var/log/syslog | ip-log-stats | awk '$1=$1;1' | cut -d\" \" -f2\n````\n\n#### Display total sum:\n```sh\n# Will output how many occurences were found in total\ncat /var/log/syslog | ip-log-stats | awk '$1=$1;1' | cut -d\" \" -f1 | awk '{ sum += $1 } END { print sum }'\n```\n\n## Limitations\n\nThis script was meant to be kinda dumb, the motivation was that it doesn't matter in which\ncontext an IP is found because often there can be many different applications and cases\nwhere something is reported and everything is reported in a different format, so the aim was\nto get a very simple statistic.\n\nAs a result there are some things that are to be considered during usage:\n\n(These are not necessarily limitations but can also common reasons for misinterpretation)\n\n### Self-reporting / local IPs\nObviously your own IP (the host IP of the syslog) will end up getting counted along all others\nthis is due to the fact that you often get logs like this:\n\n```txt\n[Date] Accepted connection remote_ip:X.X.X.X local_ip:Y.Y.Y.Y\n```\n\n### False Detections\nCertain things in log messages sometimes look like an IP Address while they aren't an actual\nIP, the script will report it regardless, an example can be the Version number of the\nBrowser reported in the User Agent of Webserver logs. So the User agent could contain\nsomething like `(Windows NT 10.0; Win64; x64) Chrome/128.0.0.0` where `128.0.0.0` would\nbe falsely reported\n\n### Counting Interpretation\nObviously the count of occurences counts how often an IP was found, it is hard to tell\nhow many requests or connections any IP actually made using this script. For example\nif you have `fail2ban` set up, an IP may get reported twice or even more often just\nfor one connection, because `fail2ban` also reports that it has found the IP and \nfor example banned it. Such things obviously increase the number this IP appears in your logs\n\n## Contributing\n\nFeel free to contribute through the usual ways (e.g. opening Issues or submitting Pull Requests)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoncato%2Fip-log-stats","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdoncato%2Fip-log-stats","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdoncato%2Fip-log-stats/lists"}