story
------------------------
The file is a.out, it consist a set of logs from user access to my system ( email system)
question
--------------------------
using shell script, how can we extract 2 sets of IP output from the a.out log by separate the IP, determine human and non-human access base on rules of multiple same IP access within maximum 4 sec time.
the rules,
1) multiple same IP access that maximum time more than 4 second time = human
2) multiple same IP access within maximum 4 second time = non-human
output
-------------------
output should be in b.out and c.out
meaning
1) b.out = IP list with rule 1
2) c.out = IP list with rule 2
more a.out log details,
Jan 9, 2013 2:32:29 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:220.255.2.108:null:login successful
Jan 9, 2013 2:34:31 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:116.197.5.39:null:login successful
Jan 9, 2013 2:36:51 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:210.186.188.172:null:login successful
Jan 9, 2013 2:37:00 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:202.162.27.126:null:login successful
Jan 9, 2013 2:37:12 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:220.255.2.128:null:login successful
Jan 9, 2013 2:38:11 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:210.186.241.248:null:login successful
Jan 9, 2013 2:41:06 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:220.255.2.159:null:login successful
Jan 9, 2013 2:42:34 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:124.13.171.171:null:login successful
Jan 9, 2013 2:45:28 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:202.188.41.226:null:login successful
Jan 9, 2013 2:48:08 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:210.195.222.207:null:login successful
Jan 9, 2013 2:49:22 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:60.52.28.59:null:login successful
Jan 9, 2013 2:52:39 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:41.138.175.227:null:login successful
Jan 9, 2013 2:55:36 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:116.197.5.39:null:login successful
Jan 9, 2013 2:56:04 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:175.144.156.85:null:login successful
Jan 9, 2013 2:58:17 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:58.71.157.170:null:login successful
Jan 9, 2013 3:01:36 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:41.203.67.54:null:login successful
Jan 9, 2013 3:08:25 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:175.136.58.228:null:login successful
Jan 9, 2013 3:17:03 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:41.138.180.156:null:login successful
Jan 9, 2013 3:19:10 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:41.138.180.156:null:login successful
Jan 9, 2013 3:26:57 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:41.138.180.156:null:login successful
Jan 9, 2013 3:28:53 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:49.249.114.228:null:login successful
Jan 9, 2013 3:30:30 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:41.138.180.156:null:login successful
Jan 9, 2013 3:43:08 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:188.52.46.85:null:login successful
Jan 9, 2013 3:47:46 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:58.27.85.20:null:login successful
Jan 9, 2013 3:47:47 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:202.162.27.126:null:login successful
Jan 9, 2013 3:49:22 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:175.140.126.74:null:login successful
Jan 9, 2013 3:49:35 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:58.27.85.20:null:login successful
Jan 9, 2013 3:49:54 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:58.27.85.20:null:login successful
Jan 9, 2013 3:51:45 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:60.50.3.143:null:login successful
Jan 9, 2013 3:52:32 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:175.141.95.105:null:login successful
Jan 9, 2013 3:54:25 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:175.143.242.152:null:login successful
Jan 9, 2013 3:56:09 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:175.143.242.152:null:login successful
Jan 9, 2013 3:59:38 AM com.sun.uwc.common.auth.IdentitySSOAuthFilter doFilter INFO login:124.13.188.59:null:login successful