I'm trying to sumarize ip hits on a network. but I can't seem to bring it all together as you can see from my output below
I'm after one line per IP with a total like this.
980 8.8.8.8
274 8.8.4.4
54 1.1.1.1
<CODE>
RAW data::
Jan 29 13:48:22 192.168.20.254 : %ASA-4-106023: Deny udp src net-192.168.20.0:192.168.20.250/45223 dst outside:8.8.4.4/53 by access-group "net-192.168.20.0_access_in" [0xdeb24d2f, 0x0]
Jan 29 13:48:22 192.168.20.254 : %ASA-6-302015: Built outbound UDP connection 2693973 for outside:8.8.8.8/53 (8.8.8.8/53) to net-192.168.28.0:192.168.28.9/47032 (172.17.2.7/47032)
Jan 29 13:48:22 192.168.20.254 : %ASA-6-302016: Teardown UDP connection 2693973 for outside:8.8.8.8/53 to net-192.168.28.0:192.168.28.9/47032 duration 0:00:00 bytes 114
Jan 29 13:48:24 192.168.20.254 : %ASA-6-302015: Built outbound UDP connection 2693981 for outside:8.8.8.8/53 (8.8.8.8/53) to net-172.18.22.0:172.18.22.8/26856 (172.17.2.9/26856)
cmdline:
cat SYSLOG/192.168.20.254/local4.log | grep "/53 " | awk -F 'outside:' '{print $2}' | awk -F '/' '{print $1}' | uniq -c | sort -n
output::
22 8.8.8.8
28 8.8.8.8
43 8.8.8.8
45 8.8.8.8
51 8.8.8.8
53 8.8.8.8
57 8.8.8.8
90 8.8.8.8
98 8.8.8.8
105 8.8.8.8
106 8.8.8.8
</CODE>
I'm after one line per IP with a total like this.
980 8.8.8.8
274 8.8.4.4
54 1.1.1.1
<CODE>
RAW data::
Jan 29 13:48:22 192.168.20.254 : %ASA-4-106023: Deny udp src net-192.168.20.0:192.168.20.250/45223 dst outside:8.8.4.4/53 by access-group "net-192.168.20.0_access_in" [0xdeb24d2f, 0x0]
Jan 29 13:48:22 192.168.20.254 : %ASA-6-302015: Built outbound UDP connection 2693973 for outside:8.8.8.8/53 (8.8.8.8/53) to net-192.168.28.0:192.168.28.9/47032 (172.17.2.7/47032)
Jan 29 13:48:22 192.168.20.254 : %ASA-6-302016: Teardown UDP connection 2693973 for outside:8.8.8.8/53 to net-192.168.28.0:192.168.28.9/47032 duration 0:00:00 bytes 114
Jan 29 13:48:24 192.168.20.254 : %ASA-6-302015: Built outbound UDP connection 2693981 for outside:8.8.8.8/53 (8.8.8.8/53) to net-172.18.22.0:172.18.22.8/26856 (172.17.2.9/26856)
cmdline:
cat SYSLOG/192.168.20.254/local4.log | grep "/53 " | awk -F 'outside:' '{print $2}' | awk -F '/' '{print $1}' | uniq -c | sort -n
output::
22 8.8.8.8
28 8.8.8.8
43 8.8.8.8
45 8.8.8.8
51 8.8.8.8
53 8.8.8.8
57 8.8.8.8
90 8.8.8.8
98 8.8.8.8
105 8.8.8.8
106 8.8.8.8
</CODE>