1. 首頁
  2. 問答
  3. 每個IP每小時的Python日誌文件數

每個IP每小時的Python日誌文件數

2016-02-26 58 views
0

此腳本顯示每天每小時發生多少次攻擊。我希望它也可以通過IP地址進行計數,因此它會顯示每天每小時被攻擊的IP地址。每個IP每小時的Python日誌文件數

from itertools import groupby 

#open the auth.log for reading 
myAuthlog=open('auth.log', 'r') 

# Goes through the log file line by line and produces a list then looks for 'Failed password for' 
myAuthlog = (line for line in myAuthlog if "Failed password for" in line) 

# Groups all the times and dates together 
for key, group in groupby(myAuthlog, key = lambda x: x[:9]): 
    month, day, hour = key[0:3], key[4:6], key[7:9] 

    # prints the results out in a format to understand e.g date, time then amount of attacks 
    print "On%s-%s at %s:00 There was %d attacks"%(day, month, hour, len(list(group)))

日誌文件看起來像這樣

Feb 3 13:34:05 j4-be02 sshd[676]: Failed password for root from 85.17.188.70 port 48495 ssh2 
Feb 3 21:45:18 j4-be02 sshd[746]: Failed password for invalid user test from 62.45.87.113 port 50636 ssh2 
Feb 4 08:39:46 j4-be02 sshd[1078]: Failed password for root from 1.234.51.243 port 60740 ssh2

的代碼,我的一個例子的結果是:

On 3-Feb at 21:00 There was 1 attacks 
On 4-Feb at 08:00 There was 15 attacks 
On 4-Feb at 10:00 There was 60 attacks

來源

2016-02-26 Daniel

回答

1 
from itertools import groupby 
import re 
myAuthlog=open('dict.txt', 'r') 
myAuthlog = (line for line in myAuthlog if "Failed password for" in line) 
for key, group in groupby(myAuthlog, key = lambda x: x[:9] + re.search('from(.+?) port', x).group(1)): 
    month, day, hour, ip = key[0:3], key[4:6], key[7:9] , key[10:] 
    print "On%s-%s at %s:00 There was %d attacks FROM IP %s"%(day, month, hour, len(list(group)), ip)

日誌文件:

Feb 3 13:34:05 j4-be02 sshd[676]: Failed password for root from 85.17.188.70 port 48495 ssh2 
Feb 3 21:45:18 j4-be02 sshd[746]: Failed password for invalid user test from 62.45.87.113 port 50636 ssh2 
Feb 4 08:39:46 j4-be02 sshd[1078]: Failed password for root from 1.234.51.243 port 60740 ssh2 
Feb 4 08:53:46 j4-be02 sshd[1078]: Failed password for root from 1.234.51.243 port 60740 ssh2

輸出:

On 3-Feb at 13:00 There was 1 attacks FROM IP 85.17.188.70 
On 3-Feb at 21:00 There was 1 attacks FROM IP 62.45.87.113 
On 4-Feb at 08:00 There was 2 attacks FROM IP 1.234.51.243

來源

2016-02-26 18:54:28 hemraj

0

既然你已經知道如何獲取日誌每小時每天的線路數,請使用以下內容來計算每天每小時的IP數。這不是一個完整的解決方案。

from collections import defaultdict 
import re 

ip_count = defaultdict(int) 
with open('logfile') as data: 
    for line in data: 
    ip_count[re.findall(r'.*from (.*) port.*', line)[0]] += 1 

for ip, count in ip_count.iteritems(): 
    print ip, count

來源

2016-02-26 17:52:11 helloV

+0

,但我想這一切在同一行打印出來 – Daniel

相關問題

 相關問題