Python - splitting a list then loop through to find an ip address -

-

i'm required analyse system log. i've been told should split list , iterate through find ip address. small part of log. there duplicate entries therefore must take notice of lines contain words "failed password root". 

jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root jan 10 09:32:09 j4-be03 sshd[3876]: failed password root 218.241.173.35 port 47084 ssh2 jan 10 09:32:17 j4-be03 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root jan 10 09:32:19 j4-be03 sshd[3879]: failed password root 218.241.173.35 port 47901 ssh2 jan 10 09:32:26 j4-be03 sshd[3881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root jan 10 09:32:29 j4-be03 sshd[3881]: failed password root 218.241.173.35 port 48652 ssh2

here code far, bit of psuedo code aswell.

f=open('auth','r') count=0  line in f:     if "failed password root from" in line: count +=1 if count>=13:     take ip address, remove duplicates , print address

if there 13 or more attempts 1 ip address address must added file. understand how write new file, if possible small example handy. familiar .append

probably easier use re:

re_ips = r'failed password (?:root|invalid user\s?.*) ((?:\d{1,3}\.){3}\d{1,3}) '

this ip addresses relevant lines. here's example of how use regex print ips recur 13 or more times file bad_ips.log:

from collections import defaultdict import re  ip_freq = defaultdict(int) open("auth", "r") fh:     match in re.finditer(r'failed password (?:root|invalid user\s?.*) ((?:\d{1,3}\.){3}\d{1,3}) ', fh.read()):         ip_freq[match.group(1)] += 1  open("bad_ips.log", "w") fh:     ip, n in ip_freq.iteritems():         if n>=13:             print >>fh, ip

edit: updated regex per new request.

edit2: updated regex again match correctly invalid user xxxx in log file.

edit3: tidied example


Comments

Post a Comment

Popular posts from this blog

jasper reports - Fixed header in Excel using JasperReports -

-
how can create excel report fixed header using japserreports? mean need header fixed when scroll excel file. this possible adding couple properties in jrxml file each report. take @ advanced excel features freeze panes. if wanted freeze after first column header (down left side basically) this: <statictext> <reportelement style="sans_bold" mode="opaque" x="0" y="60" width="104" height="20" forecolor="#ffffff" backcolor="#666666"> <property name="net.sf.jasperreports.export.xls.auto.filter" value="start"/> <property name="net.sf.jasperreports.export.xls.column.width" value="110"/> <property name="net.sf.jasperreports.export.xls.freeze.column.edge" value="left"/> </reportelement> &
Read more

media player - Android: mediaplayer went away with unhandled events -

-
i need duration of audio file series of voice announcements need play app. have added audio files resources , play fine. sample code below works perfect intended purpose: return duration of audio files. here code: float getdurationofaudioresource(locationenum loc, context context){ float duration = 0; try { mediaplayer mp; mp = mediaplayer.create(context, getaudioresource(loc)); duration = mp.getduration(); mp.release(); mp = null; } catch (illegalstateexception e) {e.printstacktrace(); logerror(25, "testdescitem:fault::could not open mediaplayer object audio resource.");} return duration; } here's weird thing. code called in main activity prepares set of audio instructions given test. there no errors within activity. second activity called, long string of errors on logcat. 03-07 13:23:43.820: i/actionlogger(21435): gentest_info_test #0 created. 03-07 13:23:43.830: i/actionlogger(21435): gente
Read more

python - ('The SQL contains 0 parameter markers, but 50 parameters were supplied', 'HY000') or TypeError: 'tuple' object is not callable -

-
import pyodbc,nltk,array cnxn = pyodbc.connect('driver={mysql odbc 5.1 driver};server=127.0.0.1;port=3306;database=information_schema;user=root; password=1234;option=3;') cursor = cnxn.cursor() cursor.execute("use collegedatabase ;") cursor.execute("select * sampledata ; ") cnxn.commit() s=[] j=[] x=[] words = [] w = [] sfq = [] pos=[] entry in cursor: s.append(entry.injury_type),j.append(entry.injury_desc) nltk.tokenize import punktwordtokenizer nltk.corpus import stopwords tokenizer = punktwordtokenizer() english_stops = set(stopwords.words('english')) in range(0,26): # filter stop words tokenizer.tokenize(j[i]) w.append([word word in tokenizer.tokenize(j[i]) if word not in english_stops]) in range(0 , 26):#converting tokenzied text ito string sfq.append(" ".join(w[a])) replacers import regexpreplacer replacer = regexpreplacer() in range (0,26):#pos tagging replacer.repl
Read more