User Tools

Site Tools


howtos:count_repeating_ip_s_in_list

This will take a list of entries (IP's in this case), and count there occurrences:

cat fail2ban.log |grep -i warning | awk '{print $7}' | awk '{arr[$1]++} END { for (var in arr) print var, "blocked", arr[var]," times" }'
awk '{print $7}'

This takes the 7th object in the list (in our case where the IP address is present)

awk '{arr[$1]++} 

This takes the first object (the filtered IP) and put into the array called “arr” as an index value and count the value up with one (the ++ syntax).

END { for (var in arr) print var, "blocked", arr[var]," times" }'

This part is executed last when the entire IP list has been digested (the END parameter is a kind of tag which holds a part of the script which is run when everything else has completed). The END part is a for-loop that traverse the array and for each object in the array print out the index (the IP address) and the accumulated value (how many times we saw it in the list ++). The “var” is the local variable which gets populated with the current IP address (index) and the statement “arr[var]” gets the value of the index (how many times we saw it). The rest is just text.

Example

“fail2ban.log”:

2016-07-11 06:26:22,166 fail2ban.actions: WARNING [ssh] Ban 121.18.238.22
2016-07-11 06:30:07,449 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 06:32:36,647 fail2ban.actions: WARNING [ssh] Ban 121.18.238.32
2016-07-11 06:32:44,662 fail2ban.actions: WARNING [ssh] Unban 221.194.44.227
2016-07-11 06:35:58,911 fail2ban.actions: WARNING [ssh] Ban 221.194.44.219
2016-07-11 06:36:22,948 fail2ban.actions: WARNING [ssh] Unban 121.18.238.22
2016-07-11 06:40:08,238 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 06:42:37,428 fail2ban.actions: WARNING [ssh] Unban 121.18.238.32
2016-07-11 06:45:59,675 fail2ban.actions: WARNING [ssh] Unban 221.194.44.219
2016-07-11 06:52:17,140 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 07:02:17,877 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 07:19:00,099 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 07:29:00,852 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 07:36:20,406 fail2ban.actions: WARNING [ssh] Ban 121.18.238.9
2016-07-11 07:39:54,676 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 07:46:21,151 fail2ban.actions: WARNING [ssh] Unban 121.18.238.9
2016-07-11 07:49:55,414 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 07:50:46,484 fail2ban.actions: WARNING [ssh] Ban 221.194.44.216
2016-07-11 07:51:46,564 fail2ban.actions: WARNING [ssh] Ban 121.18.238.20
2016-07-11 08:00:47,238 fail2ban.actions: WARNING [ssh] Unban 221.194.44.216
2016-07-11 08:01:47,318 fail2ban.actions: WARNING [ssh] Unban 121.18.238.20
2016-07-11 08:05:55,633 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 08:15:56,392 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 08:25:42,117 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 08:35:42,865 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 08:37:36,012 fail2ban.actions: WARNING [ssh] Ban 121.18.238.29
2016-07-11 08:45:12,625 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 08:47:36,813 fail2ban.actions: WARNING [ssh] Unban 121.18.238.29
2016-07-11 08:55:13,386 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 09:07:19,274 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 09:14:25,813 fail2ban.actions: WARNING [ssh] Ban 121.18.238.19
2016-07-11 09:17:20,044 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 09:24:26,597 fail2ban.actions: WARNING [ssh] Unban 121.18.238.19
2016-07-11 09:42:43,012 fail2ban.actions: WARNING [ssh] Ban 121.18.238.32
2016-07-11 09:52:43,786 fail2ban.actions: WARNING [ssh] Unban 121.18.238.32
2016-07-11 10:09:53,092 fail2ban.actions: WARNING [ssh] Ban 91.224.160.108
2016-07-11 10:19:53,850 fail2ban.actions: WARNING [ssh] Unban 91.224.160.108
2016-07-11 10:20:13,880 fail2ban.actions: WARNING [ssh] Ban 221.194.44.218
2016-07-11 10:21:46,005 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 10:29:29,596 fail2ban.actions: WARNING [ssh] Ban 221.194.44.194
2016-07-11 10:30:14,684 fail2ban.actions: WARNING [ssh] Unban 221.194.44.218
2016-07-11 10:31:46,821 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 10:38:53,361 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 10:39:30,415 fail2ban.actions: WARNING [ssh] Unban 221.194.44.194
2016-07-11 10:48:54,123 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 11:02:43,159 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 11:12:43,923 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 11:26:09,927 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 11:32:50,450 fail2ban.actions: WARNING [ssh] Ban 121.18.238.22
2016-07-11 11:36:10,710 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 11:37:04,793 fail2ban.actions: WARNING [ssh] Ban 221.194.44.218
2016-07-11 11:42:51,248 fail2ban.actions: WARNING [ssh] Unban 121.18.238.22
2016-07-11 11:47:05,574 fail2ban.actions: WARNING [ssh] Unban 221.194.44.218
2016-07-11 11:49:18,741 fail2ban.actions: WARNING [ssh] Ban 221.194.44.223
2016-07-11 11:52:12,968 fail2ban.actions: WARNING [ssh] Ban 185.110.132.76
2016-07-11 11:55:25,223 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 11:59:19,556 fail2ban.actions: WARNING [ssh] Unban 221.194.44.223
2016-07-11 12:02:13,798 fail2ban.actions: WARNING [ssh] Unban 185.110.132.76
2016-07-11 12:02:30,824 fail2ban.actions: WARNING [ssh] Ban 185.110.132.76
2016-07-11 12:05:26,051 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 12:12:31,600 fail2ban.actions: WARNING [ssh] Unban 185.110.132.76
2016-07-11 12:18:06,017 fail2ban.actions: WARNING [ssh] Ban 121.18.238.29
2016-07-11 12:24:48,510 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 12:28:06,759 fail2ban.actions: WARNING [ssh] Unban 121.18.238.29
2016-07-11 12:31:53,062 fail2ban.actions: WARNING [ssh] Ban 91.224.160.184
2016-07-11 12:34:49,284 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 12:41:53,815 fail2ban.actions: WARNING [ssh] Unban 91.224.160.184
2016-07-11 12:46:01,116 fail2ban.actions: WARNING [ssh] Ban 121.18.238.20
2016-07-11 12:51:28,532 fail2ban.actions: WARNING [ssh] Ban 221.194.44.216
2016-07-11 12:56:01,871 fail2ban.actions: WARNING [ssh] Unban 121.18.238.20
2016-07-11 12:58:13,039 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 13:01:29,284 fail2ban.actions: WARNING [ssh] Unban 221.194.44.216
2016-07-11 13:08:13,791 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 13:13:08,158 fail2ban.actions: WARNING [ssh] Ban 221.194.44.194
2016-07-11 13:23:08,891 fail2ban.actions: WARNING [ssh] Unban 221.194.44.194
2016-07-11 13:27:51,233 fail2ban.actions: WARNING [ssh] Ban 172.98.202.165
2016-07-11 13:29:56,394 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 13:37:51,981 fail2ban.actions: WARNING [ssh] Unban 172.98.202.165
2016-07-11 13:39:57,139 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 13:58:55,545 fail2ban.actions: WARNING [ssh] Ban 121.18.238.19
2016-07-11 14:04:18,951 fail2ban.actions: WARNING [ssh] Ban 221.194.44.218
2016-07-11 14:04:19,957 fail2ban.actions: WARNING [ssh] Ban 121.18.238.32
2016-07-11 14:08:56,296 fail2ban.actions: WARNING [ssh] Unban 121.18.238.19
2016-07-11 14:14:19,691 fail2ban.actions: WARNING [ssh] Unban 221.194.44.218
2016-07-11 14:14:20,697 fail2ban.actions: WARNING [ssh] Unban 121.18.238.32
2016-07-11 14:15:44,813 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 14:25:45,562 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 14:43:07,836 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 14:53:08,578 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 15:10:35,854 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 15:16:25,310 fail2ban.actions: WARNING [ssh] Ban 221.194.44.227
2016-07-11 15:20:36,633 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 15:26:26,057 fail2ban.actions: WARNING [ssh] Unban 221.194.44.227
2016-07-11 15:37:08,839 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 15:47:09,578 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 16:07:34,068 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 16:07:34,073 fail2ban.actions: WARNING [ssh] Ban 121.18.238.19
2016-07-11 16:13:41,530 fail2ban.actions: WARNING [ssh] Ban 221.194.44.216
2016-07-11 16:17:34,823 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 16:17:34,828 fail2ban.actions: WARNING [ssh] Unban 121.18.238.19
2016-07-11 16:23:42,298 fail2ban.actions: WARNING [ssh] Unban 221.194.44.216
2016-07-11 16:28:56,690 fail2ban.actions: WARNING [ssh] Ban 221.194.44.227
2016-07-11 16:34:16,097 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 16:38:57,454 fail2ban.actions: WARNING [ssh] Unban 221.194.44.227
2016-07-11 16:40:34,582 fail2ban.actions: WARNING [ssh] Ban 121.18.238.29
2016-07-11 16:44:16,867 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 16:50:35,358 fail2ban.actions: WARNING [ssh] Unban 121.18.238.29
2016-07-11 16:58:54,980 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 17:04:39,426 fail2ban.actions: WARNING [ssh] Ban 185.56.82.82
2016-07-11 17:08:55,780 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 17:14:40,234 fail2ban.actions: WARNING [ssh] Unban 185.56.82.82
2016-07-11 17:33:42,596 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 17:43:43,346 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 17:53:32,062 fail2ban.actions: WARNING [ssh] Ban 121.18.238.22
2016-07-11 17:58:32,431 fail2ban.actions: WARNING [ssh] Ban 221.194.44.219
2016-07-11 18:03:32,806 fail2ban.actions: WARNING [ssh] Unban 121.18.238.22
2016-07-11 18:08:33,177 fail2ban.actions: WARNING [ssh] Unban 221.194.44.219
2016-07-11 18:10:46,341 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 18:20:47,080 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 18:33:42,015 fail2ban.actions: WARNING [ssh] Ban 121.18.238.32
2016-07-11 18:41:33,596 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 18:43:42,758 fail2ban.actions: WARNING [ssh] Unban 121.18.238.32
2016-07-11 18:51:34,340 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 19:24:50,751 fail2ban.actions: WARNING [ssh] Ban 103.207.36.166
2016-07-11 19:34:51,489 fail2ban.actions: WARNING [ssh] Unban 103.207.36.166
2016-07-11 19:42:35,053 fail2ban.actions: WARNING [ssh] Ban 91.224.160.10
2016-07-11 19:47:33,421 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 19:52:35,785 fail2ban.actions: WARNING [ssh] Unban 91.224.160.10
2016-07-11 19:57:34,153 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 20:23:31,021 fail2ban.actions: WARNING [ssh] Ban 121.18.238.20
2016-07-11 20:27:01,280 fail2ban.actions: WARNING [ssh] Ban 221.194.44.219
2016-07-11 20:27:05,291 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 20:33:31,783 fail2ban.actions: WARNING [ssh] Unban 121.18.238.20
2016-07-11 20:37:02,044 fail2ban.actions: WARNING [ssh] Unban 221.194.44.219
2016-07-11 20:37:06,055 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 20:56:40,471 fail2ban.actions: WARNING [ssh] Ban 121.18.238.29
2016-07-11 21:06:41,215 fail2ban.actions: WARNING [ssh] Unban 121.18.238.29
2016-07-11 21:09:46,444 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 21:19:47,178 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 21:53:37,663 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 22:03:38,388 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 22:12:32,048 fail2ban.actions: WARNING [ssh] Ban 121.18.238.20
2016-07-11 22:12:45,071 fail2ban.actions: WARNING [ssh] Ban 221.194.44.223
2016-07-11 22:14:18,187 fail2ban.actions: WARNING [ssh] Ban 221.194.44.216
2016-07-11 22:22:32,792 fail2ban.actions: WARNING [ssh] Unban 121.18.238.20
2016-07-11 22:22:45,821 fail2ban.actions: WARNING [ssh] Unban 221.194.44.223
2016-07-11 22:24:18,941 fail2ban.actions: WARNING [ssh] Unban 221.194.44.216
2016-07-11 22:41:12,174 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 22:51:12,912 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-11 23:26:23,430 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-11 23:36:24,165 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 00:16:27,048 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 00:26:27,771 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 00:26:49,803 fail2ban.actions: WARNING [ssh] Ban 121.18.238.19
2016-07-12 00:36:44,522 fail2ban.actions: WARNING [ssh] Ban 91.224.160.131
2016-07-12 00:36:50,535 fail2ban.actions: WARNING [ssh] Unban 121.18.238.19
2016-07-12 00:42:11,937 fail2ban.actions: WARNING [ssh] Ban 221.194.44.227
2016-07-12 00:46:45,267 fail2ban.actions: WARNING [ssh] Unban 91.224.160.131
2016-07-12 00:52:12,659 fail2ban.actions: WARNING [ssh] Unban 221.194.44.227
2016-07-12 01:06:28,693 fail2ban.actions: WARNING [ssh] Ban 121.18.238.9
2016-07-12 01:08:52,873 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 01:16:29,436 fail2ban.actions: WARNING [ssh] Unban 121.18.238.9
2016-07-12 01:18:53,615 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 01:52:55,069 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 02:02:55,815 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 02:11:07,431 fail2ban.actions: WARNING [ssh] Ban 121.18.238.19
2016-07-12 02:21:08,172 fail2ban.actions: WARNING [ssh] Unban 121.18.238.19
2016-07-12 02:23:24,347 fail2ban.actions: WARNING [ssh] Ban 221.194.44.216
2016-07-12 02:31:24,939 fail2ban.actions: WARNING [ssh] Ban 221.194.44.223
2016-07-12 02:33:25,091 fail2ban.actions: WARNING [ssh] Unban 221.194.44.216
2016-07-12 02:41:25,675 fail2ban.actions: WARNING [ssh] Unban 221.194.44.223
2016-07-12 02:41:59,724 fail2ban.actions: WARNING [ssh] Ban 42.157.10.94
2016-07-12 02:43:36,849 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 02:52:00,475 fail2ban.actions: WARNING [ssh] Unban 42.157.10.94
2016-07-12 02:53:37,610 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 03:30:35,371 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 03:40:36,143 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 03:58:36,472 fail2ban.actions: WARNING [ssh] Ban 121.18.238.19
2016-07-12 04:08:37,215 fail2ban.actions: WARNING [ssh] Unban 121.18.238.19
2016-07-12 04:14:53,663 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 04:24:54,404 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 04:47:15,037 fail2ban.actions: WARNING [ssh] Ban 221.194.44.219
2016-07-12 04:50:34,296 fail2ban.actions: WARNING [ssh] Ban 121.18.238.32
2016-07-12 04:57:15,789 fail2ban.actions: WARNING [ssh] Unban 221.194.44.219
2016-07-12 04:58:01,851 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 05:00:35,049 fail2ban.actions: WARNING [ssh] Unban 121.18.238.32
2016-07-12 05:08:02,601 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 05:36:38,677 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 05:46:39,418 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 06:18:08,662 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 06:28:09,443 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 06:36:48,089 fail2ban.actions: WARNING [ssh] Ban 221.194.44.216
2016-07-12 06:37:01,111 fail2ban.actions: WARNING [ssh] Ban 121.18.238.19
2016-07-12 06:41:00,429 fail2ban.actions: WARNING [ssh] Ban 42.157.10.94
2016-07-12 06:46:48,863 fail2ban.actions: WARNING [ssh] Unban 221.194.44.216
2016-07-12 06:47:01,883 fail2ban.actions: WARNING [ssh] Unban 121.18.238.19
2016-07-12 06:51:01,177 fail2ban.actions: WARNING [ssh] Unban 42.157.10.94
2016-07-12 06:53:32,366 fail2ban.actions: WARNING [ssh] Ban 221.194.44.223
2016-07-12 07:03:33,106 fail2ban.actions: WARNING [ssh] Unban 221.194.44.223
2016-07-12 07:05:45,283 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 07:15:46,024 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 07:31:36,171 fail2ban.actions: WARNING [ssh] Ban 111.207.221.12
2016-07-12 07:41:36,919 fail2ban.actions: WARNING [ssh] Unban 111.207.221.12
2016-07-12 07:46:15,269 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 07:53:30,812 fail2ban.actions: WARNING [ssh] Ban 220.124.151.130
2016-07-12 07:56:16,027 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 08:03:31,580 fail2ban.actions: WARNING [ssh] Unban 220.124.151.130
2016-07-12 08:18:25,662 fail2ban.actions: WARNING [ssh] Ban 111.207.221.12
2016-07-12 08:25:49,218 fail2ban.actions: WARNING [ssh] Ban 221.194.44.219
2016-07-12 08:25:50,224 fail2ban.actions: WARNING [ssh] Ban 121.18.238.19
2016-07-12 08:28:26,418 fail2ban.actions: WARNING [ssh] Unban 111.207.221.12
2016-07-12 08:32:56,757 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 08:35:49,980 fail2ban.actions: WARNING [ssh] Unban 221.194.44.219
2016-07-12 08:35:50,986 fail2ban.actions: WARNING [ssh] Unban 121.18.238.19
2016-07-12 08:42:57,509 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 08:47:45,871 fail2ban.actions: WARNING [ssh] Ban 221.194.44.227
2016-07-12 08:57:46,599 fail2ban.actions: WARNING [ssh] Unban 221.194.44.227
2016-07-12 09:07:02,320 fail2ban.actions: WARNING [ssh] Ban 111.207.221.12
2016-07-12 09:08:32,474 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 09:11:57,761 fail2ban.actions: WARNING [ssh] Ban 121.18.238.32
2016-07-12 09:17:03,207 fail2ban.actions: WARNING [ssh] Unban 111.207.221.12
2016-07-12 09:18:33,331 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 09:21:58,612 fail2ban.actions: WARNING [ssh] Unban 121.18.238.32
2016-07-12 09:29:41,259 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 09:39:42,121 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 09:54:09,235 fail2ban.actions: WARNING [ssh] Ban 111.207.221.12
2016-07-12 10:04:09,994 fail2ban.actions: WARNING [ssh] Unban 111.207.221.12
2016-07-12 10:18:29,071 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 10:28:29,861 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 10:52:27,638 fail2ban.actions: WARNING [ssh] Ban 121.18.238.22
2016-07-12 10:54:32,810 fail2ban.actions: WARNING [ssh] Ban 221.194.44.218
2016-07-12 11:02:28,402 fail2ban.actions: WARNING [ssh] Unban 121.18.238.22
2016-07-12 11:04:33,560 fail2ban.actions: WARNING [ssh] Unban 221.194.44.218
2016-07-12 11:04:53,588 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 11:13:53,271 fail2ban.actions: WARNING [ssh] Ban 121.18.238.29
2016-07-12 11:13:53,279 fail2ban.actions: WARNING [ssh] Ban 221.194.44.227
2016-07-12 11:14:40,348 fail2ban.actions: WARNING [ssh] Ban 185.130.6.86
2016-07-12 11:14:54,371 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 11:23:54,063 fail2ban.actions: WARNING [ssh] Unban 121.18.238.29
2016-07-12 11:23:54,068 fail2ban.actions: WARNING [ssh] Unban 221.194.44.227
2016-07-12 11:24:41,129 fail2ban.actions: WARNING [ssh] Unban 185.130.6.86
2016-07-12 12:04:07,049 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 12:14:07,830 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 12:17:25,072 fail2ban.actions: WARNING [ssh] Ban 103.207.38.11
2016-07-12 12:27:25,832 fail2ban.actions: WARNING [ssh] Unban 103.207.38.11
2016-07-12 12:50:59,533 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 12:55:23,864 fail2ban.actions: WARNING [ssh] Ban 64.95.100.89
2016-07-12 13:01:00,282 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 13:05:24,603 fail2ban.actions: WARNING [ssh] Unban 64.95.100.89
2016-07-12 13:46:49,601 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 13:56:50,344 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 14:36:56,284 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 14:46:57,024 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 14:48:02,107 fail2ban.actions: WARNING [ssh] Ban 218.65.30.57
2016-07-12 14:58:02,855 fail2ban.actions: WARNING [ssh] Unban 218.65.30.57
2016-07-12 15:27:39,004 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 15:37:39,747 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 16:02:32,623 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 16:12:33,370 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 16:27:44,472 fail2ban.actions: WARNING [ssh] Ban 64.95.100.89
2016-07-12 16:37:45,201 fail2ban.actions: WARNING [ssh] Unban 64.95.100.89
2016-07-12 16:41:25,487 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 16:51:26,232 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 17:25:57,721 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-12 17:35:58,461 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-12 17:46:41,255 fail2ban.actions: WARNING [ssh] Ban 61.145.118.173
2016-07-12 17:56:33,977 fail2ban.actions: WARNING [ssh] Ban 5.152.214.240
2016-07-12 17:56:41,992 fail2ban.actions: WARNING [ssh] Unban 61.145.118.173
2016-07-12 18:06:34,716 fail2ban.actions: WARNING [ssh] Unban 5.152.214.240
2016-07-12 18:09:16,924 fail2ban.actions: WARNING [ssh] Ban 91.224.160.131
2016-07-12 18:16:08,428 fail2ban.actions: WARNING [ssh] Ban 61.145.118.173
2016-07-12 18:19:17,656 fail2ban.actions: WARNING [ssh] Unban 91.224.160.131
2016-07-12 18:26:09,166 fail2ban.actions: WARNING [ssh] Unban 61.145.118.173
2016-07-12 18:56:19,340 fail2ban.actions: WARNING [ssh] Ban 61.145.118.173
2016-07-12 19:06:20,081 fail2ban.actions: WARNING [ssh] Unban 61.145.118.173
2016-07-12 19:21:59,224 fail2ban.actions: WARNING [ssh] Ban 212.129.28.10
2016-07-12 19:25:22,487 fail2ban.actions: WARNING [ssh] Ban 61.145.118.173
2016-07-12 19:31:59,972 fail2ban.actions: WARNING [ssh] Unban 212.129.28.10
2016-07-12 19:35:23,220 fail2ban.actions: WARNING [ssh] Unban 61.145.118.173
2016-07-12 19:54:50,634 fail2ban.actions: WARNING [ssh] Ban 61.145.118.173
2016-07-12 20:04:51,386 fail2ban.actions: WARNING [ssh] Unban 61.145.118.173
2016-07-12 20:34:54,620 fail2ban.actions: WARNING [ssh] Ban 61.145.118.173
2016-07-12 20:38:27,890 fail2ban.actions: WARNING [ssh] Ban 62.210.151.50
2016-07-12 20:44:55,379 fail2ban.actions: WARNING [ssh] Unban 61.145.118.173
2016-07-12 20:48:28,644 fail2ban.actions: WARNING [ssh] Unban 62.210.151.50
2016-07-12 20:50:23,797 fail2ban.actions: WARNING [ssh] Ban 91.98.180.191
2016-07-12 21:00:24,540 fail2ban.actions: WARNING [ssh] Unban 91.98.180.191
2016-07-12 21:13:31,530 fail2ban.actions: WARNING [ssh] Ban 64.95.100.85
2016-07-12 21:23:32,279 fail2ban.actions: WARNING [ssh] Unban 64.95.100.85
2016-07-12 22:38:47,903 fail2ban.actions: WARNING [ssh] Ban 91.224.160.131
2016-07-12 22:48:48,186 fail2ban.actions: WARNING [ssh] Unban 91.224.160.131
2016-07-13 01:35:10,718 fail2ban.actions: WARNING [ssh] Ban 91.224.160.184
2016-07-13 01:45:11,000 fail2ban.actions: WARNING [ssh] Unban 91.224.160.184
2016-07-13 02:39:10,530 fail2ban.actions: WARNING [ssh] Ban 121.14.212.10
2016-07-13 02:49:10,820 fail2ban.actions: WARNING [ssh] Unban 121.14.212.10
2016-07-13 03:06:57,308 fail2ban.actions: WARNING [ssh] Ban 121.14.212.10
2016-07-13 03:16:57,599 fail2ban.actions: WARNING [ssh] Unban 121.14.212.10
2016-07-13 03:35:05,095 fail2ban.actions: WARNING [ssh] Ban 121.14.212.10
2016-07-13 03:45:05,441 fail2ban.actions: WARNING [ssh] Unban 121.14.212.10
2016-07-13 03:47:23,507 fail2ban.actions: WARNING [ssh] Ban 142.0.42.36
2016-07-13 03:57:23,795 fail2ban.actions: WARNING [ssh] Unban 142.0.42.36
2016-07-13 04:03:55,987 fail2ban.actions: WARNING [ssh] Ban 121.14.212.10
2016-07-13 04:13:56,314 fail2ban.actions: WARNING [ssh] Unban 121.14.212.10
2016-07-13 04:33:10,820 fail2ban.actions: WARNING [ssh] Ban 121.14.212.10
2016-07-13 04:43:11,087 fail2ban.actions: WARNING [ssh] Unban 121.14.212.10
2016-07-13 04:46:36,186 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 04:56:36,471 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 05:18:13,089 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 05:28:13,374 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 05:47:46,917 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 05:57:47,199 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 06:14:26,667 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 06:24:26,964 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 06:42:27,503 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 06:52:27,801 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 07:12:11,360 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 07:22:11,678 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 07:42:26,273 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 07:52:26,587 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 08:14:24,240 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 08:24:24,565 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 08:40:21,042 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 08:50:21,347 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 09:01:50,681 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 09:11:51,035 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 09:29:07,562 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 09:39:07,912 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 09:41:27,982 fail2ban.actions: WARNING [ssh] Ban 218.188.213.5
2016-07-13 09:51:28,289 fail2ban.actions: WARNING [ssh] Unban 218.188.213.5
2016-07-13 10:00:21,610 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 10:07:48,863 fail2ban.actions: WARNING [ssh] Ban 218.188.213.5
2016-07-13 10:10:21,954 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 10:17:49,195 fail2ban.actions: WARNING [ssh] Unban 218.188.213.5
2016-07-13 10:26:55,499 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 10:34:08,720 fail2ban.actions: WARNING [ssh] Ban 218.188.213.5
2016-07-13 10:36:55,821 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 10:44:09,071 fail2ban.actions: WARNING [ssh] Unban 218.188.213.5
2016-07-13 10:48:19,201 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 10:58:19,501 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 11:00:30,578 fail2ban.actions: WARNING [ssh] Ban 218.188.213.5
2016-07-13 11:10:30,885 fail2ban.actions: WARNING [ssh] Unban 218.188.213.5
2016-07-13 11:16:09,101 fail2ban.actions: WARNING [ssh] Ban 116.31.116.49
2016-07-13 11:26:09,417 fail2ban.actions: WARNING [ssh] Unban 116.31.116.49
2016-07-13 11:26:52,443 fail2ban.actions: WARNING [ssh] Ban 218.188.213.5
2016-07-13 11:36:52,796 fail2ban.actions: WARNING [ssh] Unban 218.188.213.5
2016-07-13 11:53:05,269 fail2ban.actions: WARNING [ssh] Ban 218.188.213.5
2016-07-13 11:58:21,429 fail2ban.actions: WARNING [ssh] Ban 112.217.150.112
2016-07-13 12:02:22,572 fail2ban.actions: WARNING [ssh] Ban 209.92.176.23
2016-07-13 12:03:05,597 fail2ban.actions: WARNING [ssh] Unban 218.188.213.5
2016-07-13 12:04:55,656 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 12:08:21,771 fail2ban.actions: WARNING [ssh] Unban 112.217.150.112
2016-07-13 12:12:22,901 fail2ban.actions: WARNING [ssh] Unban 209.92.176.23
2016-07-13 12:14:55,990 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 12:19:15,181 fail2ban.actions: WARNING [ssh] Ban 218.188.213.5
2016-07-13 12:29:15,507 fail2ban.actions: WARNING [ssh] Unban 218.188.213.5
2016-07-13 12:35:10,687 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 12:45:10,994 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 13:06:13,626 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 13:16:13,946 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 13:31:45,416 fail2ban.actions: WARNING [ssh] Ban 42.81.45.235
2016-07-13 13:41:14,703 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 13:41:45,723 fail2ban.actions: WARNING [ssh] Unban 42.81.45.235
2016-07-13 13:48:46,961 fail2ban.actions: WARNING [ssh] Ban 64.95.100.85
2016-07-13 13:51:15,034 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 13:58:47,253 fail2ban.actions: WARNING [ssh] Unban 64.95.100.85
2016-07-13 14:09:33,574 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 14:19:33,900 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 14:37:23,393 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 14:47:23,707 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 14:57:02,001 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 15:07:02,285 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 15:18:12,613 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 15:28:12,905 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 15:43:30,334 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 15:53:30,600 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 16:08:11,999 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 16:18:12,295 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 16:30:21,666 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 16:40:21,967 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 16:51:32,288 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 17:01:32,580 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 17:16:53,007 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 17:26:53,318 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 17:45:32,840 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 17:55:33,133 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 18:11:29,582 fail2ban.actions: WARNING [ssh] Ban 114.255.117.165
2016-07-13 18:18:22,782 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 18:21:29,871 fail2ban.actions: WARNING [ssh] Unban 114.255.117.165
2016-07-13 18:28:23,085 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 18:40:08,416 fail2ban.actions: WARNING [ssh] Ban 114.255.117.165
2016-07-13 18:50:08,721 fail2ban.actions: WARNING [ssh] Unban 114.255.117.165
2016-07-13 18:50:22,732 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 19:00:23,014 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 19:29:36,792 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 19:39:37,071 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43
2016-07-13 19:44:42,123 fail2ban.actions: WARNING [ssh] Ban 217.160.167.115
2016-07-13 19:47:44,376 fail2ban.actions: WARNING [ssh] Ban 114.255.117.165
2016-07-13 19:49:08,483 fail2ban.actions: WARNING [ssh] Unban 217.160.167.115
2016-07-13 19:49:08,488 fail2ban.actions: WARNING [ssh] Unban 114.255.117.165
2016-07-13 19:49:45,738 fail2ban.actions: WARNING [ssh] Ban 217.160.167.115
2016-07-13 19:59:45,812 fail2ban.actions: WARNING [ssh] Unban 217.160.167.115
2016-07-13 19:59:53,833 fail2ban.actions: WARNING [ssh] Ban 217.160.167.115
2016-07-13 20:05:59,320 fail2ban.actions: WARNING [ssh] Ban 116.31.116.43
2016-07-13 20:09:54,638 fail2ban.actions: WARNING [ssh] Unban 217.160.167.115
2016-07-13 20:16:00,097 fail2ban.actions: WARNING [ssh] Unban 116.31.116.43

Result of script execution:

cat fail2ban.log |grep -i warning | awk '{print $7}' | awk '{arr[$1]++} END { for (var in arr) print var, "blocked", arr[var]," times" }'
221.194.44.223 blocked 8  times
42.157.10.94 blocked 4  times
121.18.238.29 blocked 10  times
121.18.238.19 blocked 16  times
121.18.238.32 blocked 12  times
121.18.238.22 blocked 8  times
212.129.28.10 blocked 2  times
121.18.238.20 blocked 8  times
185.110.132.76 blocked 4  times
91.98.180.191 blocked 2  times
103.207.38.11 blocked 2  times
209.92.176.23 blocked 2  times
91.224.160.184 blocked 4  times
218.65.30.57 blocked 2  times
91.224.160.10 blocked 2  times
62.210.151.50 blocked 2  times
61.145.118.173 blocked 12  times
91.224.160.108 blocked 2  times
42.81.45.235 blocked 2  times
221.194.44.194 blocked 4  times
142.0.42.36 blocked 2  times
91.224.160.131 blocked 6  times
121.18.238.9 blocked 4  times
217.160.167.115 blocked 6  times
111.207.221.12 blocked 8  times
114.255.117.165 blocked 6  times
220.124.151.130 blocked 2  times
103.207.36.166 blocked 2  times
112.217.150.112 blocked 2  times
121.14.212.10 blocked 10  times
185.56.82.82 blocked 2  times
185.130.6.86 blocked 2  times
172.98.202.165 blocked 2  times
218.188.213.5 blocked 14  times
5.152.214.240 blocked 2  times
64.95.100.89 blocked 4  times
116.31.116.49 blocked 142  times
64.95.100.85 blocked 4  times
116.31.116.43 blocked 36  times
221.194.44.219 blocked 10  times
221.194.44.227 blocked 11  times
221.194.44.218 blocked 8  times
221.194.44.216 blocked 12  times

To get the most agressive IPs in the top, this will do the sorting:

sort -nr -t" " -k 3

The trick here is to sort by the 3rd value (our count value), here we use the flag “-k 3”. But to get the right delimiter we need supply the “-t” with the space value as the delimiter.

To sort in reverse and numerical correct (the real size of the value number) we use “-rn”.

Output is now:

cat fail2ban.log |grep -i warning | awk '{print $7}' | awk '{arr[$1]++} END { for (var in arr) print var, "blocked", arr[var]," times" }'| sort -nr -t" " -k 3
116.31.116.49 blocked 142  times
116.31.116.43 blocked 36  times
121.18.238.19 blocked 16  times
218.188.213.5 blocked 14  times
61.145.118.173 blocked 12  times
221.194.44.216 blocked 12  times
121.18.238.32 blocked 12  times
221.194.44.227 blocked 11  times
221.194.44.219 blocked 10  times
121.18.238.29 blocked 10  times
121.14.212.10 blocked 10  times
221.194.44.223 blocked 8  times
221.194.44.218 blocked 8  times
121.18.238.22 blocked 8  times
121.18.238.20 blocked 8  times
111.207.221.12 blocked 8  times
91.224.160.131 blocked 6  times
217.160.167.115 blocked 6  times
114.255.117.165 blocked 6  times
91.224.160.184 blocked 4  times
64.95.100.89 blocked 4  times
64.95.100.85 blocked 4  times
42.157.10.94 blocked 4  times
221.194.44.194 blocked 4  times
185.110.132.76 blocked 4  times
121.18.238.9 blocked 4  times
91.98.180.191 blocked 2  times
91.224.160.108 blocked 2  times
91.224.160.10 blocked 2  times
62.210.151.50 blocked 2  times
5.152.214.240 blocked 2  times
42.81.45.235 blocked 2  times
220.124.151.130 blocked 2  times
218.65.30.57 blocked 2  times
212.129.28.10 blocked 2  times
209.92.176.23 blocked 2  times
185.56.82.82 blocked 2  times
185.130.6.86 blocked 2  times
172.98.202.165 blocked 2  times
142.0.42.36 blocked 2  times
112.217.150.112 blocked 2  times
103.207.38.11 blocked 2  times
103.207.36.166 blocked 2  times
howtos/count_repeating_ip_s_in_list.txt · Last modified: 02/12/2018 21:34 by 127.0.0.1