Identify IPs from Apache logs during DDoS attack

DDoS attacks can be frustrating. More challenging is to find out the IPs from the lengthy apache logs who are putting load on your server.

Below is a command that can help you to identify the IPs and their request counts present in your log file.

grep ‘DD\/MMM’ access_log | awk -F’ ‘ ‘{ print $1 }’| sort | uniq -c | sort -r

Replace DD and MMM with the date you want to look up. Replace the “access_log” with your Apache access log path.