I'm trying to remove all duplicated lines based in a specific pattern, below you can see a small sample of my file:
Jul 22 12:43:57 localhost haproxy[24190]: <IP_ADDRESS>:56232 [22/Jul/2021:12:43:57.862] http-ap~ rpc-ap/localhost 0/0/0/3/3 200 402 - - ---- 110/108/8/8/0 0/0 "POST / HTTP/1.1" getAccountInfo api.mainnet-beta.solana.com foundation chrome-extension://adlbhecpgmnfllbdnbhlk chrome-extension://adlbhecpgmnfllbdnbhlkobnbpdkcdod application/json
Jul 22 12:44:02 localhost haproxy[24190]: <IP_ADDRESS>:56232 [22/Jul/2021:12:44:02.436] http-ap~ rpc-ap/localhost 0/0/0/0/0 200 400 - - ---- 111/109/4/4/0 0/0 "POST / HTTP/1.1" getTokenAccountsByOwner api.mainnet-beta.solana.com foundation chrome-extension://adlbhecpgmnfllbdnbhlk chrome-extension://adlbhecpgmnfllbdnbhlkobnbpdkcdod application/json
Jul 22 12:44:03 localhost haproxy[24190]: <IP_ADDRESS>:56232 [22/Jul/2021:12:44:03.033] http-ap~ rpc-ap/localhost 0/0/0/0/0 200 402 - - ---- 111/109/4/4/0 0/0 "POST / HTTP/1.1" getAccountInfo api.mainnet-beta.solana.com foundation chrome-extension://adlbhecpgmnfllbdnbhlk chrome-extension://adlbhecpgmnfllbdnbhlkobnbpdkcdod application/json
Jul 22 14:11:56 localhost haproxy[24190]: <IP_ADDRESS>:37086 [22/Jul/2021:14:11:56.959] http-ap~ rpc-ap/localhost 0/0/0/0/0 200 400 - - ---- 144/142/4/4/0 0/0 "POST / HTTP/1.1" getTokenAccountsByOwner api.mainnet-beta.solana.com foundation chrome-extension://bfnaelmomeimhlpmgjnjo chrome-extension://bfnaelmomeimhlpmgjnjophhpkkoljpa application/json
Jul 22 14:11:57 localhost haproxy[24190]: <IP_ADDRESS>:37086 [22/Jul/2021:14:11:57.559] http-ap~ rpc-ap/localhost 0/0/0/3/3 200 402 - - ---- 136/134/4/4/0 0/0 "POST / HTTP/1.1" getAccountInfo api.mainnet-beta.solana.com foundation chrome-extension://bfnaelmomeimhlpmgjnjo chrome-extension://bfnaelmomeimhlpmgjnjophhpkkoljpa application/json
The only information I care is the chrome-extension ID for example: chrome-extension://adlbhecpgmnfllbdnbhlkobnbpdkcdod
Note:if you guys notice I have 2 patters with chrome-extension://something in the same line, one with ID truncated and another with the ID complete, I wish to perform this operation matching the complete one.
in this example above I have only 5 entries, but in my real file a have a lot of them, I would like to find "chrome-extension://" and remove all lines that have the value of it duplicated.
In this example above my result could be:
Jul 22 12:44:03 localhost haproxy[24190]: <IP_ADDRESS>:56232 [22/Jul/2021:12:44:03.033] http-ap~ rpc-ap/localhost 0/0/0/0/0 200 402 - - ---- 111/109/4/4/0 0/0 "POST / HTTP/1.1" getAccountInfo api.mainnet-beta.solana.com foundation chrome-extension://adlbhecpgmnfllbdnbhlk chrome-extension://adlbhecpgmnfllbdnbhlkobnbpdkcdod application/json
Jul 22 14:11:57 localhost haproxy[24190]: <IP_ADDRESS>:37086 [22/Jul/2021:14:11:57.559] http-ap~ rpc-ap/localhost 0/0/0/3/3 200 402 - - ---- 136/134/4/4/0 0/0 "POST / HTTP/1.1" getAccountInfo api.mainnet-beta.solana.com foundation chrome-extension://bfnaelmomeimhlpmgjnjo chrome-extension://bfnaelmomeimhlpmgjnjophhpkkoljpa application/json
But it could be any of the 5 entries above, I don't care about which line it will be, it could be sorted, the important thing is to get only one line for each chrome ID.
I tried a few things with awk, sed, sort and uniq, but I'm a noob in Linux and regex, so I would be really grateful if you guys could give me a light.
If the input is sorted, uniq can be told to ignore the first 24 fields using the -f option.
sort file-sample | uniq -f 24
This might work for you (GNU sed):
sed -E '/chrome-extension/{G;/chrome-extension(\S* ).*\1/d;P;s/chrome-extension//g;h;d}' file
If a line contains chrome-extension, append previous extensions and try and match.
If a match is found, a duplicate exists, so delete the line.
Otherwise, print the line, remove the literal(s) chrome-extension, make a copy and then delete the line.
$ awk '!seen[$25]++' file
Jul 22 12:43:57 localhost haproxy[24190]: <IP_ADDRESS>:56232 [22/Jul/2021:12:43:57.862] http-ap~ rpc-ap/localhost 0/0/0/3/3 200 402 - - ---- 110/108/8/8/0 0/0 "POST / HTTP/1.1" getAccountInfo api.mainnet-beta.solana.com foundation chrome-extension://adlbhecpgmnfllbdnbhlk chrome-extension://adlbhecpgmnfllbdnbhlkobnbpdkcdod application/json
Jul 22 14:11:56 localhost haproxy[24190]: <IP_ADDRESS>:37086 [22/Jul/2021:14:11:56.959] http-ap~ rpc-ap/localhost 0/0/0/0/0 200 400 - - ---- 144/142/4/4/0 0/0 "POST / HTTP/1.1" getTokenAccountsByOwner api.mainnet-beta.solana.com foundation chrome-extension://bfnaelmomeimhlpmgjnjo chrome-extension://bfnaelmomeimhlpmgjnjophhpkkoljpa application/json
or if you prefer:
$ sort -k25,25 file | uniq -df24
Jul 22 12:43:57 localhost haproxy[24190]: <IP_ADDRESS>:56232 [22/Jul/2021:12:43:57.862] http-ap~ rpc-ap/localhost 0/0/0/3/3 200 402 - - ---- 110/108/8/8/0 0/0 "POST / HTTP/1.1" getAccountInfo api.mainnet-beta.solana.com foundation chrome-extension://adlbhecpgmnfllbdnbhlk chrome-extension://adlbhecpgmnfllbdnbhlkobnbpdkcdod application/json
Jul 22 14:11:56 localhost haproxy[24190]: <IP_ADDRESS>:37086 [22/Jul/2021:14:11:56.959] http-ap~ rpc-ap/localhost 0/0/0/0/0 200 400 - - ---- 144/142/4/4/0 0/0 "POST / HTTP/1.1" getTokenAccountsByOwner api.mainnet-beta.solana.com foundation chrome-extension://bfnaelmomeimhlpmgjnjo chrome-extension://bfnaelmomeimhlpmgjnjophhpkkoljpa application/json
Related
I am using OpenStack Ocata release installed on my own servers. Long time all worked well.
A few days ago OpenStack dashboard starts frequently sign out users. And I can't figure out what is wrong.
Why httpd return 302 redirect to the login page? And how to debug what is wrong?
Httpd access logs:
10.0.0.2 - - [21/Mar/2018:08:29:26 +0000] "POST /dashboard/auth/login/ HTTP/1.1" 302 - "http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:27 +0000] "GET /dashboard/ HTTP/1.1" 302 - "http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:27 +0000] "GET /dashboard/identity/ HTTP/1.1" 200 53953 "http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/" "Mozilla/5.0 ... Firefox/59.0"
193.169.81.251 - - [21/Mar/2018:08:29:29 +0000] "GET /dashboard/i18n/js/horizon+openstack_dashboard/ HTTP/1.1" 200 2372 "http://dashboard.example.com/dashboard/identity/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:33 +0000] "GET /dashboard/project/ HTTP/1.1" 302 - "http://dashboard.example.com/dashboard/identity/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:33 +0000] "GET /dashboard/auth/login/?next=/dashboard/project/ HTTP/1.1" 200 9041 "http://dashboard.example.com/dashboard/identity/" "Mozilla/5.0 ... Firefox/59.0"
10.0.0.2 - - [21/Mar/2018:08:29:34 +0000] "GET /dashboard/i18n/js/horizon+openstack_dashboard/ HTTP/1.1" 200 2372 "http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/project/" "Mozilla/5.0 ... Firefox/59.0"
Httpd error logs:
[Wed Mar 21 08:29:26.646941 2018] [:error] [pid 41571] Attempted scope to domain default failed, will attemptto scope to another domain.
[Wed Mar 21 08:29:26.851412 2018] [:error] [pid 41571] Login successful for user "exampeuser", remote address 10.0.0.2.
[Wed Mar 21 08:29:27.161127 2018] [authz_core:error] [pid 25877] [client 10.0.0.2:44688] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public, referer: http://dashboard.example.com/dashboard/auth/login/?next=/dashboard/
The problem was related to Memcached.
In my case, Memcached was DoSed from externally.
To resolve this I bind Memcached to local management interface instead any (0.0.0.0)
Setup Varnish cache on LAMP
When visiting my website -> www.arintoker.com getting the error below.
Error 503 Service Unavailable
Service Unavailable
Guru Meditation:
XID: 529248319
when I run varnishlog I get the following output
132 FetchError - http first read error: -1 11 (Resource temporarily unavailable)
133 BackendClose - default
132 VCL_call - error
132 VCL_return - deliver
132 VCL_call - deliver
132 VCL_return - deliver
132 TxProtocol - HTTP/1.1
132 TxStatus - 503
132 TxResponse - Service Unavailable
132 TxHeader - Server: Varnish
132 TxHeader - Content-Type: text/html; charset=utf-8
132 TxHeader - Retry-After: 5
132 TxHeader - Content-Length: 418
132 TxHeader - Accept-Ranges: bytes
132 TxHeader - Date: Sat, 27 Aug 2016 20:07:36 GMT
132 TxHeader - X-Varnish: 529248853
132 TxHeader - Age: 17
132 TxHeader - Via: 1.1 varnish
132 TxHeader - Connection: close
132 Length - 418
132 ReqEnd - 529248853 1472328439.180813074 1472328456.191231966 0.000165224 17.010340691 0.000078201
132 SessionClose - error
When I setup Varnish Cache I followed the guide on DigitalOcean(link)
*Let me know what other reports/resources could be helpful for resolving this issue. Thanks in advance for any help!
Old post but I manage to solve this error by increasing the timeout.
sudo nano /etc/varnish/default.vcl
and having the following config settings:
backend default {
.host = "127..0.0.1";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
}
Although 600s as timeout is probably too much, you can have much lower setting which can work for you. For further help read this thread.
PS: I am on Ubuntu 14.04.
I guess Varnish can not talk to your backend. Maybe this can help:
http://www.technoreply.com/solving-dreaded-varnish-503-error/
I was actually able to solve this. My website is a WordPress website so it often that the system receives a brute force attack on the /wp-admin panel. But this time I also noticed the same memory and CPU > 90% alerts from New Relic.
So I ran netstat -natp | grep varnishto figure out which IP was attacking me.
then proceeded to permanently block the IP with my server firewall.
This resolved the issue. Hope this helps someone!
On Front End below screen comes up when we enter into kuali Student login UI with admin/admin account.
HTTP Status 404 - /ks-with-rice-bundled/kew/ActionList.do
type Status report
message /ks-with-rice-bundled/kew/ActionList.do
description The requested resource is not available.
This is the error I get in the log file:
192.168.0.134 - - [21/Jan/2016:15:33:00 +0530] "POST /ks-with-rice-bundled-2.0.3-cm/org.kuali.student.lum.lu.ui.main.LUMMain/rpcservices/ServerPropertiesRpcService HTTP/1.1" 200 46
192.168.0.134 - - [21/Jan/2016:15:33:00 +0530] "POST /ks-with-rice-bundled-2.0.3-cm/org.kuali.student.lum.lu.ui.main.LUMMain/rpcservices/SecurityRpcService HTTP/1.1" 200 21
192.168.0.134 - - [21/Jan/2016:15:33:00 +0530] "POST /ks-with-rice-bundled-2.0.3-cm/org.kuali.student.lum.lu.ui.main.LUMMain/rpcservices/MetadataRpcService HTTP/1.1" 200 4745
192.168.0.134 - - [21/Jan/2016:15:33:00 +0530] "POST /ks-with-rice-bundled-2.0.3-cm/org.kuali.student.lum.lu.ui.main.LUMMain/rpcservices/ServerPropertiesRpcService HTTP/1.1" 200 355
192.168.0.134 - - [21/Jan/2016:15:33:00 +0530] "POST /ks-with-rice-bundled-2.0.3-cm/org.kuali.student.lum.lu.ui.main.LUMMain/rpcservices/ServerPropertiesRpcService HTTP/1.1" 200 179
192.168.0.134 - - [21/Jan/2016:15:33:00 +0530] "POST /ks-with-rice-bundled-2.0.3-cm/org.kuali.student.lum.lu.ui.main.LUMMain/rpcservices/SecurityRpcService HTTP/1.1" 200 204
192.168.0.134 - - [21/Jan/2016:15:33:00 +0530] "GET /ks-with-rice-bundled/kew/ActionList.do HTTP/1.1" 404 1027
192.168.0.134 - - [21/Jan/2016:15:33:01 +0530] "POST /ks-with-rice-bundled-2.0.3-cm/org.kuali.student.lum.lu.ui.main.LUMMain/rpcservices/SecurityRpcService HTTP/1.1" 200 287
Cataline.out logs gives below one:
2016-01-21 15:33:00,760 [http-bio-8080-exec-2] u:/d: INFO org.kuali.student.common.ui.server.gwt.ServerPropertiesRpcGwtServlet - Property not found, looking in Context: ks.rice.actionList.serviceAddress with value: http://kuali.localdomain:8080/ks-with-rice-bundled/kew/ActionList.do
2016-01-21 15:33:00,804 [http-bio-8080-exec-5] u:/d: INFO org.kuali.student.common.ws.ServletWrappingController - handleRequestInternal : SecurityGwtServlet
2016-01-21 15:33:00,818 [http-bio-8080-exec-7] u:/d: INFO org.kuali.student.common.ws.ServletWrappingController - handleRequestInternal : SecurityGwtServlet
I can see in the error, what is it, however I don't know how to solve it.
All of your successful POSTs are to /ks-with-rice-bundled-2.0.3-cm/... but the 404 is on /ks-with-rice-bundled. Rice configuration is leading to a redirect to the incorrect location.
I would either deploy the application to /ks-with-rice-bundled or add
<param name="app.code">ks-with-rice-bundled-2.0.3-cm</param>
to your local ks-config.xml.
I have a WCF cloud service running on Azure. There is an interface exposed with two functions func1() and func2(). The issue I am facing is that I am getting multiple requests from my client application on one of the APIs.
Initially we thought its a bug in the client and the fact that we cannot get logs from client application (as its already in the market) made it even more difficult for us to analyze the issue.
I read a post here and I thought the issue is similar to mine. The client application is coded in such a way that in a day only one call to functions happens each day. But I am getting around 60 calls within a span of few seconds. Client, in ideal conditions, will not send so many requests.
Can anyone help me out in this issue. Its really causing problem for us and we are not able to debug the issue. Here I am posting the IIS logs:
2015-03-05 05:41:53 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1244 825
2015-03-05 05:41:53 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1244 943
2015-03-05 05:41:53 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 462
2015-03-05 05:41:53 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1220 550
2015-03-05 05:41:53 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 489
2015-03-05 05:41:54 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1220 492
2015-03-05 05:41:54 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 643
2015-03-05 05:41:54 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1220 587
2015-03-05 05:41:55 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1220 591
2015-03-05 05:41:55 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1168 1414 851
2015-03-05 05:41:55 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1220 408
2015-03-05 05:41:55 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1220 392
2015-03-05 05:41:56 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 507
2015-03-05 05:41:56 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 390
2015-03-05 05:41:56 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 404
2015-03-05 05:41:58 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 621
2015-03-05 05:41:58 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 594
2015-03-05 05:41:59 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 544
2015-03-05 05:41:59 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 444
2015-03-05 05:42:00 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 656
2015-03-05 05:42:00 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 453
2015-03-05 05:42:00 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 484
2015-03-05 05:42:01 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 500
2015-03-05 05:42:01 W3SVC1234567890 RD000D11111111 XX.XX.XX.XX POST /XYZ.svc - 443 - yy.yy.yy.yy HTTP/1.1 - - - abcd.cloudapp.net 200 0 0 1288 1223 393
i have a webserver running with some applications. I do a grep from the server in order to see all the IP's that have been connected to the server. I achieved it but the HTML looks like this:
172.17.100.37 172.17.100.45 172.17.222.158
And I would like to see it like this:
172.17.100.37
172.17.100.45
172.17.222.158
To get these values I do this:
cmd = "grep -o '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}' /var/log/apache2/access.log | sort | uniq "
Any idea about what could I do?
EDIT: The access.log shows like this:
172.17.222.158 - - [30/Jan/2014:09:33:11 +0000] "GET /cgi-bin/right.cgi HTTP/1.1" 204 219 "http://172.17.223.72/index2.html?fname=172.17.223.75" "Mozilla/5.$
172.17.222.158 - - [30/Jan/2014:09:33:11 +0000] "GET /cgi-bin/stop.cgi HTTP/1.1" 204 218 "http://172.17.223.72/index2.html?fname=172.17.223.75" "Mozilla/5.0$
172.17.222.158 - - [30/Jan/2014:09:33:12 +0000] "GET /cgi-bin/right.cgi HTTP/1.1" 204 218 "http://172.17.223.72/index2.html?fname=172.17.223.75" "Mozilla/5.$
172.17.222.158 - - [30/Jan/2014:09:33:12 +0000] "GET /cgi-bin/stop.cgi HTTP/1.1" 204
and so on...
As I understand you paste the ouput of your grep-command into a HTML-file.
To get the linefeeds you may use the pre-tag:
<pre> (your output goes here) </pre>
This will show your linefeeds even in HTML.
Using tr
echo "172.17.100.37 172.17.100.45 172.17.222.158" | tr ' ' '\n'
172.17.100.37
172.17.100.45
172.17.222.158
Using awk
cat file
172.17.222.158 - - [30/Jan/2014:09:33:11 +0000] "GET /cgi-bin/right.cgi HTTP/1.1" 204 219 "http://172.17.223.72/index2.html?fname=172.17.223.75" "Mozilla/5.$
172.17.222.158 - - [30/Jan/2014:09:33:11 +0000] "GET /cgi-bin/stop.cgi HTTP/1.1" 204 218 "http://172.17.223.72/index2.html?fname=172.17.223.75" "Mozilla/5.0$
172.17.222.158 - - [30/Jan/2014:09:33:12 +0000] "GET /cgi-bin/right.cgi HTTP/1.1" 204 218 "http://172.17.223.72/index2.html?fname=172.17.223.75" "Mozilla/5.$
172.17.222.158 - - [30/Jan/2014:09:33:12 +0000] "GET /cgi-bin/stop.cgi HTTP/1.1" 204
awk -F/ '{print $8}' file
172.17.223.72
172.17.223.72
172.17.223.72