[olug] Sorting IP addresses

William Mihalo wmihalo at gmail.com
Mon Mar 13 12:14:15 CDT 2017 

I had to monitor break-in attempts at one of the national labs and used
msort to go through hundreds of ip addresses. Msort is part of fedora/rhel
repos.

Here's an example from https://www.linux.com/news/sorting-your-data-msort
In the following example you are sorting on the SRC field.

cat ips.txt
Apr 29 20:14:58 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.3.4 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.4
DST=192.168.4.12 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.0.33 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth1 OUT=eth0 SRC=192.168.3.3
DST=192.168.3.33 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.4
DST=192.168.0.33 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.0.33 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.0.133 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.1.33 LEN=76...
[wmihalo at asusdesk ~]$ msort  -l -t SRC= -c h -t DST= -c h ips.txt
Key 1 obligatory     tag SRC=     Increasing hybrid
Key 2 obligatory     tag DST=     Increasing hybrid
Reading from ips.txt.
Records processed:                          8
Sorting...
Records written:                            0Apr 29 20:15:48 fots kernel:
invalides IN=eth2 OUT=eth0 SRC=192.168.3.2 DST=192.168.0.33 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.0.33 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.0.133 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.1.33 LEN=76...
Apr 29 20:14:58 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.2
DST=192.168.3.4 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth1 OUT=eth0 SRC=192.168.3.3
DST=192.168.3.33 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.4
DST=192.168.0.33 LEN=76...
Apr 29 20:15:48 fots kernel: invalides IN=eth2 OUT=eth0 SRC=192.168.3.4
DST=192.168.4.12 LEN=76...

Bill Mihalo

More information about the OLUG mailing list