Find Top 10 IP Addresses Accessing Your server

When running a server that can be accessed from an open or public network such as Internet, then it is always a good System Administration practice to monitor access to your server.

One good thing in monitoring access to your server is the existence of access log file(s) that store information about every access activities that happen in the server.
Working with log files is always very important, because they give you an account of everything that has happened within a system or application in this case your Apache web server. In case of any performance or access related problems, then log files can help you point out what could be wrong or is happening.

The default path for Apache web server log is:

/var/log/http/access_log [For RedHat based systems]
/var/log/apache2/access.log [For Debian based systems]
/var/log/http-access.log [For FreeBSD]

To find out top 10 IP address accessing your Apache web server for domain, just run the following command.

# awk '{ print $1}' access.log.2016-05-08 | sort | uniq -c | sort -nr | head -n 10


5482 103.28.37.178
5356 66.249.78.168
1977 66.249.93.145
1962 157.55.39.251
1924 66.249.93.142
1921 66.249.93.148
1890 64.233.173.178
1860 108.61.183.134
1841 64.233.173.182
1582 157.55.39.251


In the command above:

awk – prints the access.log.2016-05-08 file.
sort – helps to sort lines in a access.log.2016-05-08 file, the -n option compares lines based on the numerical value of strings and -r option reverses the outcome of the comparisons.
uniq – helps to report repeated lines and the -c option helps to prefix lines according to the number of occurrences.

from : http://www.tecmint.com