Looking for #log4j encoded user agents in Apache "combined" access log format: "cat access.log | sed 's/.*"\([^"]*\)"$/\1/' | sort | uniq -c | sort -rn" Histogram of all user agents in descending order (unique encoded user agents right above your shell prompt)

Dec 14, 2021 · 3:14 PM UTC

1
5
5
Encoded #log4j user agents are longer than normal user agent strings: "cat access.log | sed 's/.*"\([^"]*\)"$/\1/' | sort -u | while read str; do len=$(echo $str | wc -c); echo -e $len\\t$str; done | sort -n" Sort unique user agent strings by length, ascending
1
1
2
You can also use these pipelines for other data sources. The ""cat access.log | sed 's/.*"\([^"]*\)"$/\1/'" is how I'm extracting the user agent strings from the Apache log format. Everything after that is shell idioms you can apply to any data.
1
1