gpt4 book ai didi

python - 在读取实际行之前,如何自动解析打开的audit.log 文件的语法?

转载 作者:行者123 更新时间:2023-12-01 08:07:13 27 4
gpt4 key购买 nike

我正在尝试自动解析最初在 Python 程序中打开的日志文件,以便在开始从文件本身读取实际行之前,其输出采用人类可读的格式。我该怎么做?

with open('/var/log/audit/audit.log') as audit_raw:
audit_formatted=subprocess.call(["ausearch", "-i", audit_raw])
line = audit_formatted.readline()

当我尝试这样做时出现错误消息:

Traceback (most recent call last):
File "./email_script.py", line 29, in <module>
audit_log=subprocess.call(["ausearch", "-i", audit_raw])
File "/usr/lib/python3.6/subprocess.py", line 267, in call
with Popen(*popenargs, **kwargs) as p:
File "/usr/lib/python3.6/subprocess.py", line 709, in __init__
restore_signals, start_new_session)
File "/usr/lib/python3.6/subprocess.py", line 1275, in _execute_child
restore_signals, start_new_session, preexec_fn)
TypeError: expected str, bytes or os.PathLike object, not _io.TextIOWrapper

最佳答案

您调用ausearch使用正确的参数并解析其输出。

此处被盗:Python library for handling linux's audit.log? (这是一个寻求图书馆认可的题外话问题)并且可能会从 SO 中消失 - 这就是为什么我决定反对“欺骗”。

obeliksz answer :

import subprocess

def read_audit(before,now,user):
auparam = " -sc EXECVE"
cmd = "ausearch -ts " + before.strftime('%H:%M:%S') + " -te " + now.strftime('%H:%M:%S') + " -ua " + user + auparam
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
res = p.stdout.read().decode()
return res

关于python - 在读取实际行之前,如何自动解析打开的audit.log 文件的语法?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/55479661/

27 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com