How use GeoIP on the command line Centos7

From Brian Nelson Ramblings
Revision as of 23:12, 28 March 2018 by Brian (Talk | contribs) (GeoIP on Command Line)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How use GeoIP on the command line Centos7

When parsing logs, I sometimes want to know more information about the ip address. This can be done using GeoIP and bash.

Installing GeoIP

yum install GeoIP GeoIP-data

Sad but true, the GeoIP rpms installed are always out of date and need updated.

geoipupdate

GeoIP on Command Line

geoiplookup 209.126.31.213

GeoIP Country Edition: US, United States

Now you can check your logs and grab ips that you would like checked.

Get a list of ips that hit your site the most

# cat /var/log/apache/access_log | awk '{print $1}' | sort | uniq -c | sort -rn | head
 63292 176.9.50.244
 45355 75.128.184.187
 23009 209.126.31.213
 19214 216.244.66.203
 17756 216.244.66.250
 17359 192.240.191.2
 11685 84.201.133.28
  8692 23.237.4.26
  7912 46.229.168.68
  7854 46.229.168.67

Now use it with geoiplookup

# for x in $(cat /var/log/apache/access_log | awk '{print $1}' | sort | uniq -c | sort -rn | head | awk '{print $2}'); do echo "IP ADDRESS: " $x; geoiplookup $x; done

IP ADDRESS:  176.9.50.244
GeoIP Country Edition: DE, Germany
IP ADDRESS:  75.128.184.187 
GeoIP Country Edition: US, United States
IP ADDRESS:  209.126.31.213 
GeoIP Country Edition: US, United States
IP ADDRESS:  216.244.66.203 
GeoIP Country Edition: US, United States
IP ADDRESS:  216.244.66.250
GeoIP Country Edition: US, United States
IP ADDRESS:  192.240.191.2
GeoIP Country Edition: US, United States
IP ADDRESS:  84.201.133.28
GeoIP Country Edition: RU, Russian Federation
IP ADDRESS:  23.237.4.26
GeoIP Country Edition: US, United States
IP ADDRESS:  46.229.168.68
GeoIP Country Edition: US, United States
IP ADDRESS:  46.229.168.67
GeoIP Country Edition: US, United States

Now I know the most popular ip address is from Germany!!