Cleaning data out of a text file?

As per previous post, I’ve been on holiday. Just tried this out on:

[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 23:54:51
[DoS Attack: SYN/ACK Scan] from source: 213.5.229.18, port 3306, Saturday, September 25, 2021 23:14:09
[DoS Attack: SYN/ACK Scan] from source: 23.234.229.19, port 80, Saturday, September 25, 2021 23:06:51
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 23:04:37
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 23:04:35
[DoS Attack: SYN/ACK Scan] from source: 35.186.220.63, port 80, Saturday, September 25, 2021 22:48:11
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 22:40:32
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 22:04:26
[DoS Attack: SYN/ACK Scan] from source: 104.82.149.182, port 443, Saturday, September 25, 2021 21:31:44
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 21:04:35
[DoS Attack: SYN/ACK Scan] from source: 213.186.33.2, port 443, Saturday, September 25, 2021 21:03:42
[DoS Attack: RST Scan] from source: 177.234.152.194, port 7172, Saturday, September 25, 2021 20:40:06
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 20:37:54
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 20:32:18
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 20:21:40
[DoS Attack: TCP/UDP Chargen] from source: 185.94.111.1, port 39702, Saturday, September 25, 2021 20:13:36
[DoS Attack: SYN/ACK Scan] from source: 192.124.249.107, port 443, Saturday, September 25, 2021 20:02:23
[DoS Attack: SYN/ACK Scan] from source: 198.23.200.243, port 80, Saturday, September 25, 2021 19:55:25
[DoS Attack: SYN/ACK Scan] from source: 192.124.249.107, port 443, Saturday, September 25, 2021 19:54:22
[DoS Attack: SYN/ACK Scan] from source: 23.234.229.19, port 80, Saturday, September 25, 2021 19:22:39
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 19:13:39
[DoS Attack: SYN/ACK Scan] from source: 204.74.99.100, port 80, Saturday, September 25, 2021 19:11:08
[DoS Attack: SYN/ACK Scan] from source: 192.124.249.107, port 443, Saturday, September 25, 2021 19:08:48
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 19:00:24
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 18:43:43
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 18:40:48
[DoS Attack: RST Scan] from source: 52.113.194.133, port 80, Saturday, September 25, 2021 18:38:02
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 18:36:19
[DoS Attack: SYN/ACK Scan] from source: 2.16.75.200, port 443, Saturday, September 25, 2021 18:35:17
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 18:30:39
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 18:28:35
[DoS Attack: SYN/ACK Scan] from source: 192.124.249.107, port 443, Saturday, September 25, 2021 18:21:14
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 18:13:02
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 18:07:35
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 17:58:44
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 17:44:24
[DoS Attack: ACK Scan] from source: 79.174.70.178, port 443, Saturday, September 25, 2021 17:38:10
[DoS Attack: ACK Scan] from source: 79.174.70.178, port 443, Saturday, September 25, 2021 17:26:02
[DoS Attack: SYN/ACK Scan] from source: 95.217.83.105, port 25565, Saturday, September 25, 2021 17:20:48
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 17:07:14
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 16:40:03
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 16:39:38
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 16:39:31
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 16:39:20
[DoS Attack: ACK Scan] from source: 79.174.70.178, port 443, Saturday, September 25, 2021 16:36:36
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 16:29:50
[DoS Attack: ACK Scan] from source: 45.85.218.56, port 80, Saturday, September 25, 2021 16:20:26
[DoS Attack: ACK Scan] from source: 45.85.218.56, port 80, Saturday, September 25, 2021 16:20:20
[DoS Attack: ACK Scan] from source: 79.174.70.178, port 443, Saturday, September 25, 2021 16:12:32
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 16:09:27
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 15:24:34
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 14:57:55
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 14:04:37
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 13:44:11
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 13:11:19
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 12:48:06
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 12:11:35
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 11:54:58
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 10:54:20
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 10:54:03
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 10:40:16
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 10:32:38
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 10:28:51
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 09:46:08
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 09:13:35
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 09:08:57
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 08:56:27
[DoS Attack: UDP Port Scan] from source: 103.145.13.56, port 5261, Saturday, September 25, 2021 08:36:32
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 08:29:44
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Saturday, September 25, 2021 08:23:29
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 08:05:04
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 07:50:01
[DoS Attack: SYN/ACK Scan] from source: 104.21.192.109, port 80, Saturday, September 25, 2021 07:48:14
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 07:16:36
[DoS Attack: TCP/UDP Chargen] from source: 184.105.139.77, port 54424, Saturday, September 25, 2021 07:05:27
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 06:59:32
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 06:52:48
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 06:42:45
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 06:37:06
[DoS Attack: RST Scan] from source: 204.79.197.222, port 80, Saturday, September 25, 2021 06:32:15
[DoS Attack: SYN/ACK Scan] from source: 204.79.197.222, port 80, Saturday, September 25, 2021 06:32:12
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 06:23:17
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Saturday, September 25, 2021 05:46:50
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 05:40:09
[DoS Attack: UDP Port Scan] from source: 111.40.50.89, port 17075, Saturday, September 25, 2021 05:24:32
[DoS Attack: UDP Port Scan] from source: 111.40.50.89, port 15957, Saturday, September 25, 2021 05:24:31
[DoS Attack: RST Scan] from source: 139.59.228.97, port 80, Saturday, September 25, 2021 05:14:42
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 04:57:56
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 04:33:30
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 04:05:57
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 03:30:20
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 03:23:12
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 02:40:43
[DoS Attack: SYN/ACK Scan] from source: 144.172.73.16, port 22, Saturday, September 25, 2021 01:39:05
[DoS Attack: SYN/ACK Scan] from source: 144.172.73.16, port 22, Saturday, September 25, 2021 01:36:07
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Saturday, September 25, 2021 01:31:12
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 01:24:03
[DoS Attack: SYN/ACK Scan] from source: 54.36.218.102, port 22, Saturday, September 25, 2021 01:21:43
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 01:21:37
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Saturday, September 25, 2021 01:17:34
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 01:13:03
[DoS Attack: SYN/ACK Scan] from source: 88.99.208.125, port 25565, Saturday, September 25, 2021 01:12:17
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Saturday, September 25, 2021 01:05:32
[DoS Attack: SYN/ACK Scan] from source: 134.255.220.82, port 30120, Saturday, September 25, 2021 00:41:11
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Saturday, September 25, 2021 00:34:05
[DoS Attack: SYN/ACK Scan] from source: 93.114.82.3, port 13901, Saturday, September 25, 2021 00:27:37
[DoS Attack: SYN/ACK Scan] from source: 185.19.216.119, port 8081, Saturday, September 25, 2021 00:26:52
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Saturday, September 25, 2021 00:24:40
[DoS Attack: SYN/ACK Scan] from source: 88.99.213.221, port 80, Saturday, September 25, 2021 00:16:35
[DoS Attack: ACK Scan] from source: 84.53.169.133, port 443, Saturday, September 25, 2021 00:11:21
[DoS Attack: RST Scan] from source: 23.148.145.7, port 44086, Friday, September 24, 2021 23:57:06
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Friday, September 24, 2021 23:52:19
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 23:52:18
[DoS Attack: RST Scan] from source: 216.250.254.67, port 43676, Friday, September 24, 2021 23:48:08
[DoS Attack: RST Scan] from source: 23.148.145.233, port 47220, Friday, September 24, 2021 23:40:56
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Friday, September 24, 2021 23:24:19
[DoS Attack: RST Scan] from source: 216.250.254.67, port 41821, Friday, September 24, 2021 23:19:58
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Friday, September 24, 2021 23:10:58
[DoS Attack: TCP/UDP Echo] from source: 141.212.123.208, port 45054, Friday, September 24, 2021 23:04:17
[DoS Attack: ACK Scan] from source: 146.0.16.243, port 80, Friday, September 24, 2021 22:33:16
[DoS Attack: SYN/ACK Scan] from source: 88.99.213.221, port 80, Friday, September 24, 2021 22:26:02
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Friday, September 24, 2021 22:22:20
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 22:13:15
[DoS Attack: SYN/ACK Scan] from source: 88.99.213.221, port 80, Friday, September 24, 2021 22:04:41
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Friday, September 24, 2021 22:02:10
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Friday, September 24, 2021 21:44:54
[DoS Attack: RST Scan] from source: 45.234.96.30, port 21674, Friday, September 24, 2021 20:35:06
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Friday, September 24, 2021 20:26:29
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Friday, September 24, 2021 20:04:23
[DoS Attack: SYN/ACK Scan] from source: 46.105.114.88, port 25565, Friday, September 24, 2021 19:48:20
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 19:46:03
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 19:20:10
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Friday, September 24, 2021 18:59:23
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Friday, September 24, 2021 18:50:45
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Friday, September 24, 2021 18:50:13
[DoS Attack: ACK Scan] from source: 73.4.169.252, port 9000, Friday, September 24, 2021 18:44:58
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Friday, September 24, 2021 18:42:36
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 18:38:06
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Friday, September 24, 2021 18:23:07
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 18:12:08
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 17:54:05
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Friday, September 24, 2021 17:41:24
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Friday, September 24, 2021 17:31:45
[DoS Attack: ACK Scan] from source: 104.96.80.41, port 443, Friday, September 24, 2021 17:31:05
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 17:18:46
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Friday, September 24, 2021 17:02:44
[DoS Attack: SYN/ACK Scan] from source: 162.241.216.182, port 443, Friday, September 24, 2021 17:00:41
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Friday, September 24, 2021 16:55:59
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 16:41:05
[DoS Attack: ACK Scan] from source: 73.4.169.252, port 9000, Friday, September 24, 2021 16:38:34
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Friday, September 24, 2021 16:38:02
[DoS Attack: SYN/ACK Scan] from source: 178.254.210.57, port 80, Friday, September 24, 2021 16:36:34
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Friday, September 24, 2021 16:26:07
[DoS Attack: SYN/ACK Scan] from source: 168.119.232.76, port 443, Friday, September 24, 2021 15:58:49
[DoS Attack: SYN/ACK Scan] from source: 172.217.194.153, port 443, Friday, September 24, 2021 15:54:37
[DoS Attack: TCP/UDP Chargen] from source: 176.126.175.215, port 58284, Friday, September 24, 2021 15:52:18
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 15:49:31
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 15:31:34
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Friday, September 24, 2021 15:06:11
[DoS Attack: SYN/ACK Scan] from source: 95.217.31.46, port 443, Friday, September 24, 2021 15:04:20
[DoS Attack: SYN/ACK Scan] from source: 88.99.189.158, port 443, Friday, September 24, 2021 14:50:56
[DoS Attack: SYN/ACK Scan] from source: 167.233.9.51, port 80, Friday, September 24, 2021 14:48:54
[DoS Attack: RST Scan] from source: 34.120.67.236, port 443, Friday, September 24, 2021 14:45:21
[DoS Attack: SYN/ACK Scan] from source: 95.217.30.172, port 443, Friday, September 24, 2021 14:38:58
[DoS Attack: RST Scan] from source: 62.171.140.77, port 8000, Friday, September 24, 2021 14:37:36
[DoS Attack: ARP Attack] from source: 192.168.1.66, Friday, September 24, 2021 14:35:32
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:35:29
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:35:28
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:35:26
[DoS Attack: ARP Attack] from source: 192.168.1.66, Friday, September 24, 2021 14:35:25
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:35:24
[DoS Attack: ARP Attack] from source: 192.168.1.80, Friday, September 24, 2021 14:35:23
[DoS Attack: ARP Attack] from source: 192.168.1.71, Friday, September 24, 2021 14:35:22
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:35:19
[DoS Attack: ARP Attack] from source: 169.254.141.163, Friday, September 24, 2021 14:35:14
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:35:13
[DoS Attack: ARP Attack] from source: 192.168.1.80, Friday, September 24, 2021 14:35:12
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:35:11
[DoS Attack: ARP Attack] from source: 169.254.141.163, Friday, September 24, 2021 14:35:09
[DoS Attack: ARP Attack] from source: 192.168.1.80, Friday, September 24, 2021 14:35:08
[DoS Attack: ARP Attack] from source: 192.168.1.74, Friday, September 24, 2021 14:35:04
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:35:04
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:53
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:34:52
[DoS Attack: ARP Attack] from source: 192.168.1.200, Friday, September 24, 2021 14:34:51
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:49
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:44
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:34:43
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:32
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:31
[DoS Attack: ARP Attack] from source: 192.168.1.250, Friday, September 24, 2021 14:34:30
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:24
[DoS Attack: ARP Attack] from source: 192.168.1.3, Friday, September 24, 2021 14:34:23
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:22
[DoS Attack: ARP Attack] from source: 192.168.1.200, Friday, September 24, 2021 14:34:21
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:19
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:34:18
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:11
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:34:10
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:09
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:34:08
[DoS Attack: ARP Attack] from source: 192.168.1.121, Friday, September 24, 2021 14:34:04
[DoS Attack: ARP Attack] from source: 192.168.1.67, Friday, September 24, 2021 14:34:02
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:34:01
[DoS Attack: ARP Attack] from source: 192.168.1.67, Friday, September 24, 2021 14:34:00
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:33:59
[DoS Attack: ARP Attack] from source: 192.168.1.67, Friday, September 24, 2021 14:33:56
[DoS Attack: ARP Attack] from source: 192.168.1.64, Friday, September 24, 2021 14:33:54
[DoS Attack: ARP Attack] from source: 192.168.1.75, Friday, September 24, 2021 14:33:53
[DoS Attack: RST Scan] from source: 104.82.149.182, port 443, Friday, September 24, 2021 14:33:31

Worked great but left a stray ‘n’ on the first line of the output, i.e.

n
2.16.75.200
23.148.145.233

Just needed to remove the “-n” option from the “echo” command.

property stripText : " | cut -d' ' -f7 | tr -d ',' | egrep -v 'source'"
property logFileName : "Logged IPs.txt"

on open of theFiles -- Handles single or multiple dropped files
	set oldClipboard to the clipboard
	repeat with aFile in theFiles
		tell application "Finder" to set sourceFilePath to container of aFile as alias
		set cleanedText to do shell script "cat " & ¬
			quoted form of POSIX path of aFile & stripText
		do shell script "echo  " & quoted form of cleanedText & " >> " & ¬
			quoted form of POSIX path of sourceFilePath & quoted form of logFileName
	end repeat
	set AppleScript's text item delimiters to linefeed
	set theContentWords to words of ¬
		(read POSIX path of sourceFilePath & logFileName) as text
	set the clipboard to theContentWords
	do shell script "pbpaste | sort -n | uniq  > " & ¬
		quoted form of POSIX path of sourceFilePath & quoted form of logFileName
	set the clipboard to oldClipboard
end open

Ah ha that did indeed fix it. Many thanks!

I mentioned above that I’m learning regular expressions, so I had a look at Marc Anthony’s script for that reason. It correctly returns the IP addresses, but it appears to return every other number that contains 4 or more digits.

I rewrote the regular expression, and it seemed to work as desired. It was also the fastest of the working suggestions.

do shell script "echo " & my (read (choose file))'s quoted form & " | egrep -o '(\\d{1,3}\\.){3}\\d{1,3}' | sort -h | uniq >> " & ((path to desktop as text) & "IP.txt")'s POSIX path's quoted form

If you search for ‘regex ip address’ or stuff like that, you’ll find many pages that discuss this. While the regex used here works generally, it won’t exclude incorrect addresses (e.g. those with number sets > 255) but that doesn’t look like it would be an issue here and it is less complex than those that do incorporate that constraint.

I originally posted a correctly working regex, edited it to shorten the pattern, realized the error after supplemental testing, and changed it back shortly after. You captured the code in flux.

That’s a little surprising, as TIDs tend to be very speedy, but… woohoo! Chalk one one up for shell scripting.

Guys the script(s) are working well.

I’m submitting the IP’s which are attacking and it is working well. However I’m told that some of them are duplicates of those already on the master list of IP’s. So would it be possible for the script to access another list of IPs and remove any that are already on that list?

Thanks in advance for any thoughts. Oh if it helps the preferred script I’m using is this one (as it avoids conflicts with Bitdefender):

use framework "Foundation"
use scripting additions

on open theDroppedItems
	set theFile to POSIX path of item 1 of theDroppedItems
	set theIPFile to getFileName(theFile)
	set theText to (current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value))
	set theIPData to getIPData(theText)
	(current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText)
	set regExPattern to "[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"
	set theRegEx to current application's NSRegularExpression's regularExpressionWithPattern:regExPattern options:0 |error|:(missing value)
	set regExMatches to theRegEx's matchesInString:theText options:0 range:{location:0, |length|:theText's |length|()}
	
	set ipList to {}
	repeat with anItem in regExMatches
		set end of ipList to (theText's substringWithRange:(anItem's range())) as text
	end repeat
	
	set ipSet to current application's NSOrderedSet's orderedSetWithArray:ipList
	set ipSortedArray to ipSet's array()'s sortedArrayUsingSelector:"localizedStandardCompare:"
	
	return ((ipSortedArray's componentsJoinedByString:linefeed) as text)
end getIPData

on getFileName(theFile)
	set theFile to current application's NSString's stringWithString:theFile
	set fileBase to theFile's stringByDeletingPathExtension()
	set fileExtension to theFile's pathExtension()
	return ((fileBase's stringByAppendingString:"_IP_CLEANED")'s stringByAppendingPathExtension:fileExtension)
end getFileName

To do this, you’d better write the filtering results of each text not to some new file, but to the existing properties list (.plist) of your script (application). This will change the script itself a lot. There are enough users here who can help with this. I have no time now.

Other choice is: use one persistent text file for filtering results (that is, the name and location hard-coded). When dropping the unfiltered text file on your droplet, it should firstly read contents of persistent text file into the oldIPs list variable, then append only new non-duplicate IPs to oldIPs, then sort, then write the updated list back to the persistent text file. This will change the script itself a lot as well. I have no time now.

Understood. The second option would be preferred I guess as I do keep a copy of the master list in the same location.

Any help from anyone would be appreciated.

I think, code in the post #14 is what you asked for just now

I think I misread what the second option was. The master (deny) IP list is not maintained by myself but a third party. That list is updated weekly (if not daily) with all the IPs that need to be blocked on a Synology (or similar) NAS.

What I’m now looking to do is to download the latest incarnation of that list and then process my IP list from my Orbi router, remove the duplicates and sort it (as we do now) and then open the third party deny list and remove any IP addresses which are already in the master deny list.

That way any IPs I submit are only those that are new and need including in the master list. This way the author of the master deny list does not have to check all my submissions manually where a great number may be duplicated. As an example last week I submitted 25 IPs for blocking and all 25 it turns out were already on the list.

dbrewood. I’ve modified my script to work as you want. The script prompts for the IP deny list, which seems a bit awkward, but the actual path can be placed in the script instead. The IP deny list has to be paragraph-separated text of IP addresses only. I tested the script and it worked without issue.

use framework "Foundation"
use scripting additions

on open theDroppedItems
	set theFile to POSIX path of item 1 of theDroppedItems
	set theExistingFile to POSIX path of (choose file)
	set theIPFile to getFileName(theFile)
	
	set theText to (current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value))
	set theExistingText to (current application's NSString's stringWithContentsOfFile:theExistingFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value))
	set theIPData to getIPData(theText, theExistingText)
	
	(current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText, theExistingText)
	set regExPattern to "[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"
	set theRegEx to current application's NSRegularExpression's regularExpressionWithPattern:regExPattern options:0 |error|:(missing value)
	set regExMatches to theRegEx's matchesInString:theText options:0 range:{location:0, |length|:theText's |length|()}
	
	set ipSet to current application's NSMutableSet's new()
	repeat with anItem in regExMatches
		(ipSet's addObject:(theText's substringWithRange:(anItem's range())))
	end repeat
	
	set ipExistingArray to (theExistingText's componentsSeparatedByCharactersInSet:(current application's NSCharacterSet's newlineCharacterSet()))
	set ipExistingSet to current application's NSSet's setWithArray:ipExistingArray
	
	ipSet's minusSet:ipExistingSet
	set ipSortedArray to ipSet's allObjects()'s sortedArrayUsingSelector:"localizedStandardCompare:"
	return ((ipSortedArray's componentsJoinedByString:linefeed) as text)
end getIPData

on getFileName(theFile)
	set theFile to current application's NSString's stringWithString:theFile
	set fileBase to theFile's stringByDeletingPathExtension()
	set fileExtension to theFile's pathExtension()
	return ((fileBase's stringByAppendingString:"_IP_CLEANED")'s stringByAppendingPathExtension:fileExtension)
end getFileName

Wow! That is totally awesome and does indeed look to do what is needed. I’ll not know for sure until I run it with real data, but on test data I just threw together it looked to work perfectly!

If I do want to hard code the path for the third party deny list:

“/Users/dbrewood/OneDrive/NAS/Deny List/deny-ip-list.txt”

Where exactly would I make the changes? (Sorry I can’t work out which variable I’d need to set).

Thanks again to everyone involved in this.

In my script, delete the first line below and insert the second line below.

set theExistingFile to POSIX path of (choose file)
set theExistingFile to "/Users/dbrewood/OneDrive/NAS/Deny List/deny-ip-list.txt"

Absolutely superb, worked wonderfully well on my test data. Many many thanks.

This should save a lot of work for both myself and the script maintainer!

Guys the script I ended up using is:

use framework "Foundation"
use scripting additions

on open theDroppedItems
	set theFile to POSIX path of item 1 of theDroppedItems
	# set theExistingFile to POSIX path of (choose file)
	set theExistingFile to "/Users/dbrewood/Library/Mobile Documents/com~apple~CloudDocs/_Daron Files/NAS/Deny List/deny-ip-list.txt"
	set theIPFile to getFileName(theFile)
	
	set theText to (current application's NSString's stringWithContentsOfFile:theFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value))
	set theExistingText to (current application's NSString's stringWithContentsOfFile:theExistingFile encoding:(current application's NSUTF8StringEncoding) |error|:(missing value))
	
	set theIPData to getIPData(theText, theExistingText)
	(current application's NSString's stringWithString:theIPData)'s writeToFile:theIPFile atomically:true encoding:(current application's NSUTF8StringEncoding) |error|:(missing value)
end open

on getIPData(theText, theExistingText)
	set regExPattern to "[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+"
	set theRegEx to current application's NSRegularExpression's regularExpressionWithPattern:regExPattern options:0 |error|:(missing value)
	set regExMatches to theRegEx's matchesInString:theText options:0 range:{location:0, |length|:theText's |length|()}
	set ipList to {}
	repeat with anItem in regExMatches
		set end of ipList to (theText's substringWithRange:(anItem's range())) as text
	end repeat
	
	set ipArray to current application's NSMutableArray's arrayWithArray:ipList
	set ipExistingText to current application's NSString's stringWithString:theExistingText
	set newlineSet to current application's class "NSCharacterSet"'s newlineCharacterSet()
	set ipExistingArray to (ipExistingText's componentsSeparatedByCharactersInSet:(newlineSet))
	ipArray's removeObjectsInArray:ipExistingArray
	
	set ipSet to current application's NSOrderedSet's orderedSetWithArray:ipArray
	set ipSortedArray to ipSet's array()'s sortedArrayUsingSelector:"localizedStandardCompare:"
	return ((ipSortedArray's componentsJoinedByString:linefeed) as text)
end getIPData

on getFileName(theFile)
	set theFile to current application's NSString's stringWithString:theFile
	set fileBase to theFile's stringByDeletingPathExtension()
	set fileExtension to theFile's pathExtension()
	return ((fileBase's stringByAppendingString:"_IP_CLEANED")'s stringByAppendingPathExtension:fileExtension)
end getFileName

Which works very well indeed. However I’m looking to automate the process further by submitting the list of addresses to www.abuseipdb.com via their API (detailed here: https://docs.abuseipdb.com/#configuring-fail2ban). What I’d want to be getting back from each IP address is something like this:

185.162.235.175 was found in our database, this IP was reported 110 times. Confidence of Abuse is 100% - ISP Alliance LLC - Country Netherlands - City Meppel, Drenthe

This would make reporting to the guys who compile the IP ban list very easy.

Is any of this actually possible?

I am not familiar with the site’s API, and I would not like to study it, and then also pay (if the key is paid). Therefore, I solved this problem with simple parsing (which can be improved further). But if there is an expert on this API, then his solution will probably be better than mine.

set ipAddress to "95.217.31.46"

tell application "Safari"
	open location "https://www.abuseipdb.com/check/" & ipAddress
	activate
	my waitSafariWebPageLoading()
	set HTML to text of document 1
	close document 1
end tell

set ATID to AppleScript's text item delimiters
set AppleScript's text item delimiters to {"CHECK
" & ipAddress, "REPORT " & ipAddress & "
WHOIS " & ipAddress}
set theReport to text item 2 of HTML
set AppleScript's text item delimiters to ATID

activate me
display dialog ipAddress & " " & theReport buttons {" Cancel ", " OK "}

on waitSafariWebPageLoading()
	tell application "System Events" to tell application process "Safari"
		repeat until ((UI element "Reload this page" of group 3 of toolbar 1 of window 1 exists) or (UI element "Reload this page" of group 2 of toolbar 1 of window 1 exists))
			delay 0.1
		end repeat
	end tell
end waitSafariWebPageLoading

I can get a free API key if needed In fact I just created this one: 247cdf97b62552676b6f56a4e56611a7fcb2ceaced16cd1e27f7f987be861c1f42b96a7f8be45fb9

I’ve just run the script and if I’m right that opens the web check page and enters the data to be checked and runs the check?

I don’t get the dialog box popping up with any data? It just stops at the report page?

No, it reports full information about the provided IP. At least, on my Catalina system.

I forgot to add 2 activate commands. They are required because waiting handler uses GUI scripting. Try the updated script.

Also, maybe the UI element “Reload this page” has other reference on your Safari version.

Weird, I’ve tried the revised script on macOS Monterey 12.3.1 and it stops at the same point which is where the web page loads and shows the reported IP address.
I have to force quit the script at that point to get it to exit.