|
Count number of occourences of a IP address in a log file.
Hi guys, i have a log file that normally is many many many IP's in it.
However sometimes i get attacked by a single IP and it slows down the system. The log file shows this IP more than any other. What i was thinking of was a script that could check teh file, if it has shed loads of the same IP it woudl do something ( mail me ) i can do the mail part, but the actual looking and working with part im stuck on. Has anyone got any idea how to do the below? Check file.log to see if an IP is repeated lets say 1000 times or more. If so then do Blaaaaa. Else do nothing. I cant get it to look for an IP ie 1.1.1.1 as it changes, so somehow it will need to be able to identify what it looks like? Any info would be GReeeeeaaaat. -Graham |
Re: Count number of occourences of a IP address in a log file.
You want something called a hash table. In other languages, this data type has other synonyms. In Perl, it's an "associative array". In Python, it's a "dictionary". Etc etc.
If you plan on using Perl, read up on how to use an associative array. Then you will implement pseudocode that looks something like this: :
for each ip address in the log fileYou will also need to think of a way to incorporate time into account, since someone could view your page 1000 times over the span of a month, and your program would consider it an attack. Unless your log file already flushes daily. Then you're set. |
Re: Count number of occourences of a IP address in a log file.
Cool, thanks ill take a look.
yeah the logfile rotates, so it purges old entrys at the bottom. So hopefully it shouldnt give any faulse posivives however even those wouldnt be to much of a problem as some monitoring of it is better then none :) Thanks again |
Re: Count number of occourences of a IP address in a log file.
perl is too powerful to loop through a log file counting up instances of different ip addresses. just use something like this.
:
|
Re: Count number of occourences of a IP address in a log file.
An O(N^2) algorithm? What if the file is 100kb?
Even if it compared 10,240 bytes per second. It would still take 12 days to run it only once. :
print (100*1024)**2/10240.0/3600.0/24.0That's one of the worst implementations for such a simple problem I've ever come across. An O(N) algorithm, such as using an associative array, is just as simple to implement, and will take 10 seconds under the exact same circumstances... :
print (100*1024)/10240.0 |
Re: Count number of occourences of a IP address in a log file.
And in case you think 100kb is unreasonably large for a log file... a request every 13 seconds can fill that up in less than one day. :icon_neutral:
:
print ( 3600*24 ) / ( 100*1024/16.0 ) |
Re: Count number of occourences of a IP address in a log file.
it is a delicate balance between whos time is more valuable. this is not a great example of it seeing that your solution would be rather simple to implement also, but:
my time * my salaray > (my cpu's time ^ 2) * my cpu's salaray i wager that my algorithm could count a 1MB file in less than ten minutes under the worst case of no ip address duplicates. |
Re: Count number of occourences of a IP address in a log file.
Quote:
|
Re: Count number of occourences of a IP address in a log file.
post a 1MB log file
|
Re: Count number of occourences of a IP address in a log file.
1 Attachment(s)
I wrote a quick C++ program using the Boost.Random libraries to generate a text file with 100,000 IP addresses.
Have fun. :) |
| All times are GMT -5. The time now is 2:17 PM. |
Powered by vBulletin® Version 3.7.0, Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Copyright ©2007 DaniWeb® LLC