个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
25
4
我有一个 python 脚本,它在日志文件中显示攻击的日期、时间和 IP 地址。我的问题是我需要能够计算每天每小时发生的攻击次数,但是当我实现计数时,它只计算总数而不是我想要的。
日志文件如下所示:
Feb 3 08:50:39 j4-be02 sshd[620]: Failed password for bin from 211.167.103.172 port 39701 ssh2
Feb 3 08:50:45 j4-be02 sshd[622]: Failed password for invalid user virus from 211.167.103.172 port 41354 ssh2
Feb 3 08:50:49 j4-be02 sshd[624]: Failed password for invalid user virus from 211.167.103.172 port 42994 ssh2
Feb 3 13:34:00 j4-be02 sshd[666]: Failed password for root from 85.17.188.70 port 45481 ssh2
Feb 3 13:34:01 j4-be02 sshd[670]: Failed password for root from 85.17.188.70 port 46802 ssh2
Feb 3 13:34:03 j4-be02 sshd[672]: Failed password for root from 85.17.188.70 port 47613 ssh2
Feb 3 13:34:05 j4-be02 sshd[676]: Failed password for root from 85.17.188.70 port 48495 ssh2
Feb 3 21:45:18 j4-be02 sshd[746]: Failed password for invalid user test from 62.45.87.113 port 50636 ssh2
Feb 4 08:39:46 j4-be02 sshd[1078]: Failed password for root from 1.234.51.243 port 60740 ssh2
Feb 4 08:39:55 j4-be02 sshd[1082]: Failed password for root from 1.234.51.243 port 34124 ssh2
我目前的代码是:
import re
myAuthlog=open('auth.log', 'r') #open the auth.log for reading
for line in myAuthlog: #go through each line of the file and return it to the variable line
ip_addresses = re.findall(r'([A-Z][a-z]{2}\s\s\d\s\d\d).+Failed password for .+? from (\S+)', line)
print ip_addresses
结果如图
[('Feb 5 08', '5.199.133.223')]
[]
[('Feb 5 08', '5.199.133.223')]
[]
[('Feb 5 08', '5.199.133.223')]
[]
[('Feb 5 08', '5.199.133.223')]
[]
[('Feb 5 08', '5.199.133.223')]
最佳答案
python函数groupby()将根据您指定的任何标准对您的项目进行分组。
此代码将打印每小时、每天的攻击次数:
from itertools import groupby
with open('auth.log') as myAuthlog:
for key, group in groupby(myAuthlog, key = lambda x: x[:9]):
print "%d attacks in hour %s"%(len(list(group)), key)
或者,根据评论的额外要求:
from itertools import groupby
with open('auth.log') as myAuthlog:
myAuthlog = (line for line in myAuthlog if "Failed password for" in line)
for key, group in groupby(myAuthlog, key = lambda x: x[:9]):
print "%d attacks in hour %s"%(len(list(group)), key)
或者,使用不同的格式:
from itertools import groupby
with open('auth.log') as myAuthlog:
myAuthlog = (line for line in myAuthlog if "Failed password for" in line)
for key, group in groupby(myAuthlog, key = lambda x: x[:9]):
month, day, hour = key[0:3], key[4:6], key[7:9]
print "%s:00 %s-%s: %d"%(hour, day, month, len(list(group)))
关于Python 每小时计数日志文件,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/35562234/
25
4
0
我是一名优秀的程序员,十分优秀!