
                                   grepip

                                Release 1.0

                IP-   

             Copyright (C) 2003 Alex Tutubalin, [1]lexa@lexa.ru

  

   grepip [options] [-f pattern-file|PATTERN] file1 file2....

   : grepip 192.168.0.0/16 /var/log/maillog
         /var/log/maillog  
     192.168.0.0-192.168.255.255

    

     *   IP-     
        (perl/pcre style).
     *        , 
             .
     *   -    IP-
          ,    . ,
       
       grepip -p -P -f cbl -f dsbl /var/log/maillog
        -  :
cbl: Nov 23 00:29:10 www postfix/smtpd[24629]: reject: RCPT from unknown[4.4.24
7.81]: 550...
dsbl: Nov 23 00:29:10 www postfix/smtpd[24559]: connect from user-0cetocb.cable
.mindspring.com[24.238.225.139]...
dsbl: Nov 23 00:29:13 www postfix/smtpd[24559]: 9CBB355FF: client=user-0cetocb.
cable.mindspring.com[24.238.225.139]
cbl: Nov 23 00:29:16 www postfix/smtpd[24629]: lost connection after RCPT from
unknown[4.4.247.81]..
                IP -
       cbl  dsbl.
     *    IP- ( 
          ,      best
       match).
     *       IP,   
              .
     *   .   P4-3.0Ghz 
          IP-     
        350000/sec (,    
         ),      -
       80000-500000    (   
       ,  ,    IP  ..).
          IP (,  RBL) 
        ""  .

  

        :
     *   -    IP-  .
     *   -     IP- 
        .
     *   -    .
     *   - ,    .

     

   grepip  IP-,    
   prefix/bitlen,       4 ,
   :
192.168.0.0/16
224.0.0.0/8

          ,  
     .       
    IP   :
   grepip '192.168.0.0/16 private space' file

      IP     
    :

   -e PATTERN
             IP-  . 
          IP-   ,    ""
          (    ) ,   
           IP.
           :
          grepip -e '192.168.0.0/24 private' '127.0.0.0/8 localhost'
          logfile



   -f patterns-file
                 
          IP-.    <-b>-f ,  
             (PATTERN) -  , 
               -e



   -s
              IP-:

          +  a.b.c.d   a.b.c.d/32
          + a.b.c=>a.b.c.0/24
          + a.b=>a.b.0.0/16
          + a=>a.0.0.0/8

     

     IP-     
     Perl/PCRE-.
   -  regexp
   \b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b
          
    :

   -l
           ""  
          (\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}),   
           IP 222.222.222.122   
          1222.222.222.12222222,       
            ,    .



   -s
             (\S+),   
          "",      -c  
          IP-     .



   -c N
                N-
              . , 
           -s -c 2   2-   ,
              IP    -  
            IP-.



   -R regexp
             regexp.   
            ,    IP- 
               (: -R
          '\[(\d+\.\d+\.\d+\.\d+)\]').    regex , 
              IP-  ( 
          , ,     -l/-s  regexp
          -).
                
           !.

     

            PATTERN,
       (   -f).   
   ,     stdin.

     

   -,   .     
       ,    : .
     -     :

   -v
                

   -h
                 

   -d
             PATTERNS     
          ( )

   -p
                  
          IP-

   -P
                 IP- (
              -f)

   

    1.      http-loge

   ,     ripe.ranges,   RIPE db 
     :
9.20.0.0/17 GB
15.0.0.0/8 FR
...

   -  IP -  .
   :
grepip -w -c 1 -p -f ripe.ranges -e '0.0.0.0/0 WORLD' apache/logs/access_log

     -  :
LT: 81.7.96.143 - - [25/Nov/2003:00:12:49 +0300] "GET /image/letter.....
LT: 81.7.96.143 - - [25/Nov/2003:00:12:49 +0300] "GET /image/big_p.gif....
WORLD: 66.196.90.119 - - [25/Nov/2003:00:12:50 +0300] "GET /inet-admins/msg0795
6...
RU: 212.58.199.6 - - [25/Nov/2003:00:12:58 +0300] "GET /image/....

      :
     * -w -c 1 -  regexp,      1-
         (IP-)
     * -p -  ,    
     * -e '0.0.0.0/0 WORLD' -   'best match win' 
        ,    ripe.alloc    
       WORLD

    2.       RBL

   ,        RBL (c  
     )   .  :
grepip -s -p -P -f dsbl -f cbl -f dul.ru /var/log/maillog

      :
cbl: Nov 23 00:29:10 www postfix/smtpd[24629]: reject: RCPT from unknown[4.4.24
7.81]: 550...
dsbl: Nov 23 00:29:10 www postfix/smtpd[24559]: connect from user-0cetocb.cable
.mindspring.com[24.238.225.139]...
dsbl: Nov 23 00:29:13 www postfix/smtpd[24559]: 9CBB355FF: client=user-0cetocb.
cable.mindspring.com[24.238.225.139]
cbl: Nov 23 00:29:16 www postfix/smtpd[24629]: lost connection after RCPT from
unknown[4.4.247.81]..

      -p -P,   " ,
           IP-".

    

    1.        [2]pcre
    2.   :
          +   (tar xzvf grepip-x.yy.tar.gz)
          +  ,    pcre.h  libpcre
            (-  /usr/local/include  /usr/local/lib)
          +  make
    3.    make install  
       ipgrep  /usr/local/bin

  Copyright

   Copyright (C) 2003 Alex Tutubalin, lexa@lexa.ru

   , ,    
     ,  [3]Apache License -  
         [4]http://www.lexa.ru/lexa.
        grepip.

         .

   Grepip   libpatricia, Copyright (c) 1997, 1998,
   1999
   The Regents of the University of Michigan ("The Regents") and Merit
   Network, Inc. All rights reserved.

References

   1. mailto:lexa@lexa.ru
   2. http://www.pcre.org/
   3. http://www.apache.org/LICENSE.txt
   4. http://www.lexa.ru/lexa/
