clfsplit - split Common-Log Format web logs based on IP address
clfsplit [--help] [-i input] -d defaultfile -f file -s spec [-f file -s
The clfsplit will split up large CLF format web logs based on IP
address. This is for creating separate log analysis passes for
internal and external users of web pages.
The defaultfile parameter specifies where data goes if it doesn’t match
any of the IP ranges. This could be /dev/null depending on your aims.
The -i input parameter gives the file to take input from (default
The -f file parameter must be given before the list of IP addresses.
The spec parameter is the IP addresses that go to the file in question.
It is of the form start[-end][:start[-end]] where start and end specify
the start and ends of ranges of IPs. Also the CIDR notation can be
used or a single IP address. If there is a large number of IP ranges
then a file name can be given which contains a set of IP ranges, one
range per line.
0 No errors
1 Bad parameters
2 Can’t open input
3 Can’t open/write to output file
4 Can’t open and read from spec file
This program, its manual page, and the Debian package were written by
Russell Coker <email@example.com>.