Run the following query from each node of a cluster to find sensor IPs checking in with the same IDs:
- On versions before 7.5
zcat -f /var/log/cb/nginx/access*|sed -rn 's/^\:\:ffff\:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+submit2\/([0-9]+) .+$/\2,\1/p'|sort|uniq|tee sensor_ip|awk -F, '{print $1}'|sort|uniq -c|sort -nr
2. On versions above 7.5
zcat -f /var/log/cb/nginx/access*|sed -rn 's/^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+submit2\/([0-9]+) .+$/\2,\1/p'|sort|uniq|tee sensor_ip|awk -F, '{print $1}'|sort|uniq -c|sort -nr
Information can be piped to a file for review with the following example given, and replace the nodeID with each Minion/Node number to track where the file is ran from:
zcat -f /var/log/cb/nginx/access*|sed -rn 's/^\:\:ffff\:([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+submit2\/([0-9]+) .+$/\2,\1/p'|sort|uniq|tee sensor_ip|awk -F, '{print $1}'|sort|uniq -c|sort -nr > duplicate_sensors_nodeID.txt