clfsplit(1) split Common-Log Format web logs based on IP address


clfsplit [--help] [-i input] -d defaultfile -f file -s spec [-f file -s spec]


The clfsplit will split up large CLF format web logs based on IP address. This is for creating separate log analysis passes for internal and external users of web pages.


The defaultfile parameter specifies where data goes if it doesn't match any of the IP ranges. This could be /dev/null depending on your aims.

The -i input parameter gives the file to take input from (default standard input).

The -f file parameter must be given before the list of IP addresses.

The spec parameter is the IP addresses that go to the file in question. It is of the form start[-end][:start[-end]] where start and end specify the start and ends of ranges of IPs. Also the CIDR notation can be used or a single IP address. If there is a large number of IP ranges then a file name can be given which contains a set of IP ranges, one range per line.


0 No errors

1 Bad parameters

2 Can't open input

3 Can't open/write to output file

4 Can't open and read from spec file


This program, its manual page, and the Debian package were written by Russell Coker <[email protected]>.