sometimes I'm getting dates instead of IPs in "Top 20 IP addresses that have been accessing your site:"

jhutar commented 3 years ago

First of all, thank you for the script! :)

Describe the bug

I have noticed that sometimes I'm getting dates instead of IPs in "Top 20 IP addresses that have been accessing your site:" and "Most recent...".

To Reproduce

Just ran the script with my log.

Expected behavior

There should be only IPs there

Screenshots

Most Recent top 20 IP addresses: 
303  2021/05/18   <--- here
167  66.249.66.11
58   213.211.43.129
55   66.249.66.13
50   114.119.156.223
50   114.119.128.46
42   114.119.157.61
42   114.119.144.204
41   66.249.66.15
39   114.119.159.210
35   114.119.128.35
33   114.119.150.149
13   66.249.66.6
11   172.105.250.86
5    66.249.66.8
5    66.249.66.4
4    199.111.229.63
3    74.120.14.53
3    66.249.66.7
2    84.0.240.66

Input log attached (actually just grep '2021/05/18' ... part of it) my.log

bobbyiliev commented 3 years ago

Hi there,

In your case the log seems to have a non-standard format. The script 'assumes that the client IP is the very first column in the log. I might try to patch this and add some checks.

But in the meantime, you could use this single command to get a quick overview:

cat your_log_file.txt | awk -v FS="(client:|, server:)" '{ print $2 }'  | sort | uniq -c | sort -n

jhutar commented 3 years ago

I see! Maybe the issue is the log I have used is actually captured container log, so it mixes both access log and error log (or how is it called). These errors were caused by my Gunicorn miss-configuration. Feel free to reject this if it does not make sense to you.

bobbyiliev commented 3 years ago

Hi @jhutar,

Ah yes the mix of error and access logs would explain the problem. In any case I should add a check if the value is a valid IP or not, will work on this soon!

bobbyiliev / quick_access_logs_summary