How use GeoIP on the command line Centos7
From Brian Nelson Ramblings
Revision as of 23:11, 28 March 2018 by Brian (Talk | contribs) (Created page with "==How use GeoIP on the command line Centos7== When parsing logs, I sometimes want to know more information about the ip address. This can be done using GeoIP and bash. ===I...")
How use GeoIP on the command line Centos7
When parsing logs, I sometimes want to know more information about the ip address. This can be done using GeoIP and bash.
Installing GeoIP
yum install GeoIP GeoIP-data
Sad but true, the GeoIP rpms installed are always out of date and need updated.
geoipupdate
GeoIP on Command Line
geoiplookup 209.126.31.213
GeoIP Country Edition: US, United States
Now you can check your logs and grab ips that you would like checked.
Get a list of ips that hit your site the most
# cat /var/log/apache/access_log | awk '{print $1}' | sort | uniq -c | sort -rn | head 63292 176.9.50.244 45355 75.128.184.187 23009 209.126.31.213 19214 216.244.66.203 17756 216.244.66.250 17359 192.240.191.2 11685 84.201.133.28 8692 23.237.4.26 7912 46.229.168.68 7854 46.229.168.67
Now use it with geoiplookup
# for x in $(cat /var/log/apache/access_log | awk '{print $1}' | sort | uniq -c | sort -rn | head | awk '{print $2}'); do echo "IP ADDRESS: " $x; geoiplookup $x; done IP ADDRESS: 176.9.50.244 GeoIP Country Edition: DE, Germany IP ADDRESS: 75.128.184.187 GeoIP Country Edition: US, United States IP ADDRESS: 209.126.31.213 GeoIP Country Edition: US, United States IP ADDRESS: 216.244.66.203 GeoIP Country Edition: US, United States IP ADDRESS: 216.244.66.250 GeoIP Country Edition: US, United States IP ADDRESS: 192.240.191.2 GeoIP Country Edition: US, United States IP ADDRESS: 84.201.133.28 GeoIP Country Edition: RU, Russian Federation IP ADDRESS: 23.237.4.26 GeoIP Country Edition: US, United States IP ADDRESS: 46.229.168.68 GeoIP Country Edition: US, United States IP ADDRESS: 46.229.168.67 GeoIP Country Edition: US, United States
Now I know the most popular ip address is from Germany!!