I have a file that have entries like this among other lines
Feb 16 17:30:18 ns1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<[email protected]>, method=PLAIN, rip=200.250.9.210, lip=10.10.10.10, session=<Sed519rVnADI+gnS> Every time one line like this is found, I want to extract the IPs associated on the rip part but I want to extract IPs that shows at least 3 times.
I am trying to use grep to do this.
This is the grep I have
more /var/log/maillog-20130217 | grep "auth failed" | grep -o '(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4 ][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)' this grep shows all IPs that are in the matching lines
How do I limit this grep to just show IPs if I have at least 3 matching lines with that IP and just unique IPs?
I mean this. Suppose my log has this
Feb 16 17:30:18 ns1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<[email protected]>, method=PLAIN, rip=200.250.9.210, lip=10.10.10.10, session=<Sed519rVnADI+gnS> Feb 16 17:30:18 ns1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<[email protected]>, method=PLAIN, rip=200.250.9.210, lip=10.10.10.10, session=<Sed519rVnADI+gnS> Feb 16 17:30:18 ns1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<[email protected]>, method=PLAIN, rip=20.20.20.20, lip=10.10.10.10, session=<Sed519rVnADI+gnS> Feb 16 17:30:18 ns1 dovecot: pop3-login: Disconnected (auth failed, 1 attempts in 17 secs): user=<[email protected]>, method=PLAIN, rip=200.250.9.210, lip=10.10.10.10, session=<Sed519rVnADI+gnS> I would like to use grep and obtain 200.250.9.210 because I have 3 lines there with this IP, but not 20.20.20.20 that appears just one time.
What I have when I run my grep I have is this
200.250.9.210 200.250.9.210 20.20.20.20 200.250.9.210 or in other words, it is listing all IPs that are in matching lines.
thanks.
