Parse logs between times
sed -n '/31\/Mar\/2020:09:00/,/31\/Mar\/2020:13:00/ p' domain_com.loggrep "01/APR/2020:16:3[5-9]" domain_com.logGrep IPs causing 403s
grep -v DBM domain_com.log | grep "Access denied with code 403" | awk -F\" '{print $2}' | sort | uniq -c | sort -nFind redirects – parse to file
awk '($7 == "/" && $9 ~ "30")' domain_com.access.log > domain-redirects-onfrontpage.txtzGrep and (re)Grep
zgrep "Uptime" domain_com.access.log | grep '" 503'Display top 10 IP addresses
zcat /domain_com.access.log.gz | awk -F"-" '{print $1}' | sort | uniq -dc | sort -nr | head -10Display top 10 URLs – how many times it appeared on log and also ignoring query string
zcat /domain_com.access.log.gz | awk -F'"' '{print $2}' | awk '{print $2}' | awk -F'?' '{print $1}' | sort | uniq -c | sort -nr | head -10Display top 10 user-agents
zcat /domain_com.access.log.gz | awk -F'"' '{print $6}' | sort | uniq -dc | sort -nr | head -10Display top 10 referrer
zcat /domain_com.access.log.gz | awk '{print $11}' | sort | uniq -c | sort -nr | head -10Display top 10 response code
zcat /domain_com.access.log.gz | awk '{print $9}' | sort | uniq -c | sort -nr | head -10Display top 10 http methods
zcat /domain_com.access.log.gz | awk -F'"' '{print $2}' | awk '{print $1}' | sort | uniq -dc | sort -nr | head -10Tail listing events by IP
tail -n 50000 /domain_com.access.log | awk '{print $7}' | sort | uniq -c | sort -nr
50000 /Tail listing events by Class C subnet
tail -n 100000 /domain_com.access.log | awk -F\. '{print $1"."$2"."$3}' | sort | uniq -c | sort -nr | awk '{print $2,"\t",$1}'ZGrep IP per minute and per hour
zgrep "X.X.X.X" domain.log.gz | awk {'print $4'} | sed 's/^.//' | cut -d: -f1-3 | uniq -c
zgrep "X.X.X.X" domain.log.gz | awk {'print $4'} | sed 's/^.//' | cut -d: -f1-2 | uniq -c