Parse Filezilla log with awk, IP and Logins

Question

I am trying to extract a list of username's and the IP addresses they logged in from out of a FileZilla log.

(000099) 11/29/2013 9:20:26 AM - user_one (145.194.40.65)> 230 Logged on

I have already gotten a list of all IP's that have had a valid login by using this:

cat FileZilla\ Server.log | grep "Logged on" | awk '{match($0,/[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/); ip = substr($0,RSTART,RLENGTH); print ip}' | sort | uniq -c

But how can I match both the username and the IP address? So the output would look something like this when finished:

5 user_one 10.1.1.1
3 user_one 10.5.1.1
2 user_two 10.1.1.1
3 user_two 10.8.8.8

I've spent a few hours on this one, so any tips or tricks would be greatly appreciated.

Answer 1

You can try the following command:

gawk -f a.awk FileZilla\ Server.log

where a.awk is:

/Logged on/{
    match($0,/[0-9]?[0-9]:[0-9][0-9]:[0-9][0-9] .. . ([^ ]*) \(([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)\)/,a)
    b[(a[1]" "a[2])]++
}
END {
    for (i in b) {
        print b[i], i
    }
}

If you want to sort the result, it can be done in Gnu Awk version 4, using PROCINFO["sorted_in"] as

END {
    PROCINFO["sorted_in"]="@ind_str_asc"
    for (i in b) {
        print b[i], i
    }
}