AWK分析pix防火墙的单一IP连接数-wfeng-ChinaUnix博客

AWK分析pix防火墙的单一IP连接数

pix的单一IP数: 由大到小排序:

ip.txt 的内容由命令 pix> show conn long 产生时:

TCP outside:125.221.46.212/45590 (125.221.46.212/45590) inside:10.0.0.153/80 (210.192.126.153/80) flags UfrIOB idle 0:07:10 bytes 11807
TCP outside:125.221.46.212/59707 (125.221.46.212/59707) inside:10.0.0.153/80 (210.192.126.153/80) flags UfrIOB idle 0:07:30 bytes 1217
TCP outside:125.221.46.212/58553 (125.221.46.212/58553) inside:10.0.0.153/80 (210.192.126.153/80) flags UfrIOB idle 0:07:26 bytes 1116
TCP outside:125.221.46.212/56210 (125.221.46.212/56210) inside:10.0.0.153/80 (210.192.126.153/80) flags UfrIOB idle 0:07:42 bytes 1326
TCP outside:125.221.46.212/49019 (125.221.46.212/49019) inside:10.0.0.153/80 (210.192.126.153/80) flags UfrIOB idle 0:07:10 bytes 8756
TCP outside:125.221.46.212/55298 (125.221.46.212/55298) inside:10.0.0.153/80 (210.192.126.153/80) flags UIB idle 0:07:54 bytes 597
TCP outside:125.221.46.212/44795 (125.221.46.212/44795) inside:10.0.0.153/80 (210.192.126.153/80) flags UfrIOB idle 0:07:52 bytes 1774
TCP outside:125.221.46.212/54476 (125.221.46.212/54476) inside:10.0.0.153/80 (210.192.126.153/80) flags UIB idle 0:08:51 bytes 545
TCP outside:125.221.46.212/55743 (125.221.46.212/55743) inside:10.0.0.153/80 (210.192.126.153/80) flags UfrIOB idle 0:08:56 bytes 599

============================

[oracle@123456 ~]$ awk '{print $2}' ip.txt|awk -F: '{print $2}'|awk -F '/' '{print $1}' |sort -n|awk 'BEGIN{i=1;ip="";}{
if($1 == ip)
{
     i++;
}
else
{
     if(length(ip) > 0){
       print i" "ip;
     }
     i=1;
     ip=$1;
}
}'|sort -rn > ip_new.txt

结果如下:

[oracle@localhost ~]$ head ip_new.txt
716     61.129.13.143
401    61.129.13.142
307   121.14.35.13
276    121.14.35.4
248   121.11.159.70
85      121.11.159.71
76       218.4.237.178

=========================================================

ip.txt 的内容由命令 pix> show conn 产生时:

TCP out 218.30.111.182:25 in 10.0.0.125:11063 idle 0:00:00 bytes 165 flags UIO
TCP out 218.4.237.170:1521 in 10.0.0.125:24500 idle 0:00:00 bytes 4577 flags UIO
TCP out 218.4.237.170:1521 in 10.0.0.125:24499 idle 0:00:01 bytes 4577 flags UIO
UDP out 192.5.5.241:53 in 10.0.0.125:23013 idle 0:00:01 flags -
UDP out 192.5.5.241:53 in 10.0.0.125:16582 idle 0:00:01 flags -
UDP out 192.5.5.241:53 in 10.0.0.125:39020 idle 0:00:01 flags -
UDP out 192.5.5.241:53 in 10.0.0.125:17393 idle 0:00:01 flags -
UDP out 192.5.5.241:53 in 10.0.0.125:39094 idle 0:00:01 flags -
UDP out 192.5.5.241:53 in 10.0.0.125:34117 idle 0:00:01 flags -
TCP out 218.4.237.170:1521 in 10.0.0.125:24498 idle 0:00:01 bytes 4577 flags UIO
TCP out 218.4.237.170:1521 in 10.0.0.125:24497 idle 0:00:01 bytes 4578 flags UIO

awk '{print $3}' ip.txt|awk -F: '{print $1}'|sort -n|awk 'BEGIN{i=1;ip="";}{
if($1 == ip)
{
     i++;
}
else
{
     if(length(ip) > 0){
       print i" "ip;
     }
     i=1;
     ip=$1;
}
}'|sort -rn > ip_new.txt

文章转载至