Replace an IP address with it's whois using bash
Posted
by
user2099762
on Server Fault
See other posts from Server Fault
or by user2099762
Published on 2013-11-11T12:38:53Z
Indexed on
2013/11/12
3:58 UTC
Read the original article
Hit count: 437
bash
I have a traffic log similar to this
"page visited" for xxx.xxx.xxx.xxx at 2013-10-30
and I would like to replace the ip address with the result of it's whois lookup.
I can export the ip addresses to a separate file and then do a whois on each line, but im struggling to combine them all together.
Ideally i'd like to replace the ip address in the same string and print the new string to a new file.
So it would look like
"page visited" for example.com at 2013-10-30
Can anyone help
Here's what I have so far
grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' clean_cites.txt > iplist.txt
for i in `cat iplist.txt`
do
OUTPUT=$(geoiplookup -f /usr/share/GeoIP/GeoIPOrg.dat $i)
echo $i,$OUTPUT >> visited.txt
done
Like I said,this produces a separate file with a list of ip addresses and their relevant hostnames, so I either need to search for the ip address in file and and replace it with the text in file b (which will give the ip address and hostname) or replace the ip address in place.
Thanks
© Server Fault or respective owner