Nested command line functions

[Cybex1]

I am trying to keep this to a one-liner... How can I take the IP addresses as the are looping through and push them into another command? I have this part already.

netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ips[ip], ip | "sort -k1 -nr"}'

I am am trying to also incorporate a "geoiplookup" for each of the IP's into the loop.

I am trying to get the output to look like this:

6 168.123.123.123 DE, Germany
5 134.23.43.56 US, United States
1 45.65.7.32 US, United States


The closest I have gotten so far will run the IP's but the variable of the IP is lost and can not be written out properly;

netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ip | "sort -k1 -nr"}'| xargs -I{} geoiplookup {}

Thanks!

 

[LKBrwnDBA]

Try this:

netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ip}' | sort -k1 -nr | xargs -I^ geoiplookup ^

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[Cybex1]

Thanks LKBrwnDBA,

I was able to get to that point as well but the problem is that the output does not show the IP related to the geoip return. So I am not able to correlate 123.23.43.125 to Germany. All I see in the output is Germany and then if I want to know which IP was the one that points back to Germany I would have to run them one-by-one. See the problem?

I was wondering if the geoiplookup could be moved into the awk statement and executed as a nested command with the output written in a format as I drafted above.

 

[LKBrwnDBA]

Unfortunately I do not have the geoiplookup program installed and cannot test it.
But if you could explain the input parameters and expected output I may be able to simulate it...



----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[LKBrwnDBA]

No prob...found the definition, but still do not have the program...

geoiplookup(1) - Linux man page
Name
geoiplookup - look up country using IP Address or hostname

Synopsis
geoiplookup [-d directory] [-f filename] [-v] <ipaddress|hostname>

Description
geoiplookup uses the GeoIP library and database to find the Country that an IP address or hostname originates from.

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[LKBrwnDBA]

Got it:

netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ip}' | sort -k1 -nr | xargs -I^ echo "^ `geoiplookup` ^"

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb

 

[LKBrwnDBA]

Ooops, typo fixed:

netstat -antu | awk '$5 ~ /[0-9]:/{split($5, a, ":"); ips[a[1]]++} END {for (ip in ips) print ip}' | sort -k1 -nr | xargs -I^ echo "^ `geoiplookup ^`"

----------------------------------------------------------------------------
The person who says it can't be done should not interrupt the person doing it. -- Chinese proverb