{"id":22423135,"url":"https://github.com/eth-library/topfive","last_synced_at":"2025-03-27T05:33:01.210Z","repository":{"id":266237212,"uuid":"871091703","full_name":"eth-library/topFive","owner":"eth-library","description":"get top five requesting IPs from Webserver log and e.g. block them","archived":false,"fork":false,"pushed_at":"2025-03-18T16:37:34.000Z","size":62,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-18T17:43:30.895Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eth-library.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-10-11T08:54:53.000Z","updated_at":"2025-03-18T16:37:38.000Z","dependencies_parsed_at":"2024-12-03T09:43:16.848Z","dependency_job_id":null,"html_url":"https://github.com/eth-library/topFive","commit_stats":null,"previous_names":["eth-library/topfive"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eth-library%2FtopFive","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eth-library%2FtopFive/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eth-library%2FtopFive/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eth-library%2FtopFive/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eth-library","download_url":"https://codeload.github.com/eth-library/topFive/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245791919,"owners_count":20672666,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-05T18:09:21.645Z","updated_at":"2025-03-27T05:33:01.204Z","avatar_url":"https://github.com/eth-library.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"topFive\n=======\n\nThis is a simple program that reads a log file and returns the top five IPs with the most requests.\nIt is customized for atmire httpd logs.\n\nNote: It takes the timestamp from the first log entry for the date to analyze\n\n## why it's useful:\nWhen your server get's hammered by requests you have to react quickly without spending the time with searching for the logfile and having to write complex greps to see, who's doing whta on your machine.\n\nInstead just call `topFive` and it will answer with the top five IP addresses with the most requests for the last five minutes. As a first aid you could simply block them.\n\nBut there's more: for further analysis **topFive** will create an output folder and put a file for each of the top five IP addresses into it. Each file contains the request count and the requests with the timestamp, the request type, the request itself and the response code.\n\n**topFive** is a simple binary with no dependecies, uses a bare minimum of ressources when executed, so it won't stress your machine while it's under attack, and **topFive** is fast. It will parse 100MB in under 400 milliseconds.\n\n## Usage\nIn emergency just call the binary `topFive`, it will run with the following defaults:\n- parse the logfile `/var/log/httpd/ssl_access_atmire_log`\n- with the date layout `\"02/Jan/2006:15:04:05 -0700\"` for the datestamps within the logfile to analyze,\n- from the actual time minus five minutes till now\n- compute the top five IP adresses with the most requests during that time range\n- write to the folder `./output`\n- the following six files:\n\n      - xxyyy_aaa.aaa.aaa.aaa.txt\n      - xxyyy_bbb.bbb.bbb.bbb.txt\n      - xxxyy_ccc.ccc.ccc.ccc.txt\n      - xxxyy_ddd.ddd.ddd.ddd.txt\n      - xxxxy_eee.eee.eee.eee.txt\n      - response_codes.txt\n    where xxyyy is the request count, followed by an underscore and the requesting IP address.\n- write a logfile `./logs/YYYYMMDD_hhmmss.log`\n- print out the top five IP adresses with the corresponding request counts\n\n\u003e IMPORTANT: \n\u003e Your Account musst have read rights to the logfile to analyze and access rights to the corresponding folders!\n\n\n## Options\nCustomize the call with the following flags:\n```\n`-c` to provide a custom path to the config file (default: /etc/topFive/conf.d/examplecfg.yml)\n`-l` to provide annother layout for the datestamps within the logfile to analyze (default: 02/Jan/2006:15:04:05 -0700)\n`-f` to provide a custom path to the file  to parse (default: /var/log/httpd/ssl_access_atmire_log)\n`-i` to provide an IP adress to analyze (default: \u003cempty\u003e)\n`-k` to summarize the IP class instead of IP addresses where\n      A means X.255.255.255 \n      B means X.X.255.255 \n      C means X.X.X.255 \n      defaults to IP adresses: X.X.X.X \n`-m` to provide a custom time range (in minutes, default: 5) to analyze, set to zero (0) to do the whole file \n`-n` to provide the number of top IPs to show (default: 5)\n`-q` to provide a query string to restrict the analysis to (default: \u003cempty\u003e)\n`-t` to provide a custom End-Time (e.g. 15:04) to analyze from backwards (default: time.Now())\n`-y` to provide a log type (apache_atmire | rosetta) (default: apache_atmire)\"\n```\n\n### change the date layout (`-l` or DateLayout in the config file)\nThe data layout is specified according to the time package in go. When specifying the layout it is important to keep the date and time values: 02/Jan/2006:15:04:05 -0700\n\n## example call:\nCall `topFive` with a custom config at `conf.d/myConfig.yml` to analyze the file `./ssl_access_my.log.` Analyze **t**ill `9:55` *back* 10 minutes (time range from 9:45 **t**ill 9:55). The Datestamps within the file `./ssl_access_my.log` will be in the format `YYYY-MM-DD hh:mm:ss` without a timezone:\n\n```bash\ntopFive -c conf.d/myConfig.yml -f ./ssl_access_my.log -t 9:55 -m 10 -l \"2006-01-02 15:04:05\"\n```\n\n## configuration example\n\n```yml\nDateLayout: \"02/Jan/2006:15:04:05 -0700\"\nOutputFolder: ./output\nLogType: apache_atmire\nDefaultLog2analyze: /var/log/httpd/ssl_access_atmire_log\n\nLogConfig:\n  LogLevel: Debug\n  LogFolder: ./logs\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feth-library%2Ftopfive","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feth-library%2Ftopfive","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feth-library%2Ftopfive/lists"}