Find Top 10 IP Addresses Accessing Your server

When running a server that can be accessed from an open or public network such as Internet, then it is always a good System Administration practice to monitor access to your server.

One good thing in monitoring access to your server is the existence of access log file(s) that store information about every access activities that happen in the server.
Working with log files is always very important, because they give you an account of everything that has happened within a system or application in this case your Apache web server. In case of any performance or access related problems, then log files can help you point out what could be wrong or is happening.

The default path for Apache web server log is:

/var/log/http/access_log [For RedHat based systems]
/var/log/apache2/access.log [For Debian based systems]
/var/log/http-access.log [For FreeBSD]

To find out top 10 IP address accessing your Apache web server for domain, just run the following command.

# awk '{ print $1}' access.log.2016-05-08 | sort | uniq -c | sort -nr | head -n 10


In the command above:

awk – prints the access.log.2016-05-08 file.
sort – helps to sort lines in a access.log.2016-05-08 file, the -n option compares lines based on the numerical value of strings and -r option reverses the outcome of the comparisons.
uniq – helps to report repeated lines and the -c option helps to prefix lines according to the number of occurrences.


from :