> classB. Given that: > > Assume the ClassB is "abc.def.X.X" > Assume the ClassC is "123.456.789.Y", > > What would be the easiest way to grep out all allowed classB and classC > addresses (from our remote sites) from the logs before parsing further? > > Seems this can be done on one, maybe two statements
Maybe you're looking for something like: grep -v "^abc.def" access_log | grep -v "^123.456.789" which would match any line NOT (-v) starting (^) with abc.def and pass the result to another grep which would return lines not starting with 123.456.789. I tossed in the ^ to make sure I was getting the hit IP and not something goofy like part of a GET statement later in the line. Something that you might already know but that bit me... If any of the numbers are less than 3 digits you'll have to careful. Grepping my logs with grep "^12" I get 12.x.x.x AND 129.x.x.x. grep "^12\." returns me the wanted 12.x.x.x but not 129.x.x.x So.... all told tail -n 1000 access_log | grep -v "12\." | grep -v "139\.30\.8\." | cut -d " " -f 1 | sort | uniq gives me a list of IPs not in 12. or 139.30.8 (but could still be in .80) in the last 1000 lines of my log. Hope this helps, Michael --------------------------------------------------------------------------- ----------------------------------------------------------------------------
