Bronze IIWeb Log Analysis: Ep.5 – Searching Web Server Logs using Linux CLI
In the access logs, how many requests were successful and resulted in a 200 HTTP status code from the identified IP address?
I've tried the following solutions which are not correct. What obvious thing am I missing?
I assume GET HEAD OPTION are all valid request in the context of the above question, there is at least one log line which relates to X11 and not the vuln scanner found in the previous question.
linux@web-log-analysis:~/Log-Files$ grep -E '193.37.225.202' access.log* | grep -E 'HTTP/1\.1\" 200' | sort | wc -l
235
linux@web-log-analysis:~/Log-Files$ grep -E '193.37.225.202' access.log* | grep -i GET | grep -E 'HTTP/1\.1\" 200' | sort | wc -l
221
Hi CM,
It looks like you're close, but there are a couple of things to simplify and focus on.
First, consider the most straightforward way to search for the IP and the HTTP status code. You don't need to filter by the request method (like GET or HEAD) unless specified, as the question only asks for the status code and IP address.
Secondly, think about whether you need to escape characters like the HTTP/1.1. Sometimes, a simpler search pattern can achieve the same result without extra complexity.
Take a step back and try to focus on filtering for just the IP address and the 200 status code directly in the log.
