我如何從示例日誌文件中找到每天的攻擊次數?我希望它給出一些以密碼失敗開頭的提示。python查找每天的攻擊次數
我得到了大部分的代碼,但它需要工作,我不太確定一直在玩它幾個小時,但沒有運氣。
$ myFile = open('auth','r')
#! /bin/python
att_dic = {}
count_attack = 0
print 'Start of Debug messages'
for line in myFile.readlines():
lineList2 = line.split(']')
att_list = lineList2[0]
att_list2 = att_list.split('[')
attack = att_list2[1]
if att_dic.has_key(attack):
count_attack = att_dic[attack]
count_attack = count_attack +1
att_dic[attack] = count_attack
count_attack = 0
else:
att_dic[attack] = 1
else:
lineList2 = line.split(']')
att_list = lineList2[1]
att_list2 = att_list.split('[')
attack = att_list2[0]
if att_dic.has_key(attack):
count_att = att_dic[ip]
count_attack = count_att +1
att_dic[attack] = count_attack
count_attack =0
else:
att_dic[attack] = 1
print attack
print '\nEnd of Debug messages\n\n'
print 'Answers:\n'
print 'Number of attacks per day:'
for att_items in att_dic.keys():
print att_items ,' has', att_dic[att_items] , ' attacks per day '
日誌文件的示例
Jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
Jan 10 09:32:09 j4-be03 sshd[3876]: Failed password for root from 218.241.173.35 port 47084 ssh2
Jan 10 09:32:17 j4-be03 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
Jan 10 09:32:19 j4-be03 sshd[3879]: Failed password for root from 218.241.173.35 port 47901 ssh2
我希望我可以給尼克拉斯乙在這裏超過一票!我試圖格式化代碼,但似乎有一個'if'的2個'else:'子句。 – macduff 2012-02-29 20:08:26
難道你不能簡單地計算日誌文件中每天發生的「身份驗證失敗」嗎? – 2012-02-29 20:53:52