~$ sudo apt-get

This will display how many different IPs are connected to the server via port 80.

netstat -plant | grep "insertIPhere:80" | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq | wc -l

Modifying the previous slightly allows us to display, in descending order, all the IPs connecting on port 80 and how many active connections they have.

netstat -plant | grep "-insertIPhere:80" | awk '{ print $5 }' | cut -d ":" -f 1 | sort | uniq -c | sort -rn

grep "Failed password for invalid user" /var/log/secure | awk '{ print $13 }' | sort | uniq -c | sort -rn

These will only parse for failed users other than root. Will display which IPs failed authentication and how many times in descending order.

The following will work for root.

grep "Failed password for root" /var/log/secure | awk '{ print $11 }' | sort | uniq -c | sort -rn

And for valid users.

grep "Failed password for " /var/log/secure | egrep -v "invalid|root" | awk '{ print $11 }' | sort | uniq -c | sort -rn

TOPFILES=100;TOPIPS=100;DATE=`date +%d.%b.%Y:%H`;for i in `lsof -p $(netstat -ltpn|awk '$4 ~ /:80$/ {print 
substr($7,1,index($7,"/")-1)}'|head -1)| awk '$9 ~ /access.log$/ {print $9| "sort -u"}'` ;  do echo "-------"$i"------"$DATE; 
awk '$4 ~ /^.'$DATE'/ {day=substr($4,2,2);hour=substr($4,14,2);sixth=substr($4,17,1); 
hit[day"t"hour"."sixth"0 - "hour"."sixth"9"]++;ip[$1]++;bytes[day"t"hour"."sixth"0 - "hour"."sixth"9"]+=$10; 
flds=split($7, req, ///);toss=split(req[flds],fn,/?/);files[fn[1]]++ } END { for (i in hit) 
{ print hit[i]"t"i"t"sprintf("%2.2d",bytes[i]/1024)"K"|"sort -k 3,3n"}; print "";for (i in ip) { if(ip[i] > '$TOPIPS') 
{ print ip[i]"t"i|"sort -n;echo """}}; for (i in files) { if(files[i] > '$TOPFILES') {print files[i], i|"sort -k 1,1n;echo """}} }' 
$i;done

Original one-liner would not work with directives specifying IPs to listen on versus 0.0.0.0.

so this will be a repository of useful information.  I promise no mindless ranting regarding my personal life.