Python - splitting a list then loop through to find an ip address -

-

i'm required analyse system log. i've been told should split list , iterate through find ip address. small part of log. there duplicate entries therefore must take notice of lines contain words "failed password root". 

jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root jan 10 09:32:09 j4-be03 sshd[3876]: failed password root 218.241.173.35 port 47084 ssh2 jan 10 09:32:17 j4-be03 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root jan 10 09:32:19 j4-be03 sshd[3879]: failed password root 218.241.173.35 port 47901 ssh2 jan 10 09:32:26 j4-be03 sshd[3881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root jan 10 09:32:29 j4-be03 sshd[3881]: failed password root 218.241.173.35 port 48652 ssh2

here code far, bit of psuedo code aswell.

f=open('auth','r') count=0  line in f:     if "failed password root from" in line: count +=1 if count>=13:     take ip address, remove duplicates , print address

if there 13 or more attempts 1 ip address address must added file. understand how write new file, if possible small example handy. familiar .append

probably easier use re:

re_ips = r'failed password (?:root|invalid user\s?.*) ((?:\d{1,3}\.){3}\d{1,3}) '

this ip addresses relevant lines. here's example of how use regex print ips recur 13 or more times file bad_ips.log:

from collections import defaultdict import re  ip_freq = defaultdict(int) open("auth", "r") fh:     match in re.finditer(r'failed password (?:root|invalid user\s?.*) ((?:\d{1,3}\.){3}\d{1,3}) ', fh.read()):         ip_freq[match.group(1)] += 1  open("bad_ips.log", "w") fh:     ip, n in ip_freq.iteritems():         if n>=13:             print >>fh, ip

edit: updated regex per new request.

edit2: updated regex again match correctly invalid user xxxx in log file.

edit3: tidied example


Comments

Post a Comment

Popular posts from this blog

delphi - How to convert bitmaps to video? -

-
Image
my application creates images fractals , love feeling of 'flying' around fractal. once saved 2000 bitmaps file , created avi using premiere. experience rather frustrating though succeeded in creating movie. spectacular. of course want create video application. don't care niftyness of codec, compression or whatever. want have video can replay on systems. in past have tried never succeeded. triggered question alas not ffmpeg running. update i decided adapt question , put bounty it. have seen several solutions attractive (because it's simple) seems me taviwrite. tried taviwriter did not succeed. in procedure taviwriter.write; function call around line 370 avierr := avisavev(s, // pchar(filename), nil, // file handler nil, // callback nstreams, // number of streams streams, compoptions); // compress options
Read more

jasper reports - Fixed header in Excel using JasperReports -

-
how can create excel report fixed header using japserreports? mean need header fixed when scroll excel file. this possible adding couple properties in jrxml file each report. take @ advanced excel features freeze panes. if wanted freeze after first column header (down left side basically) this: <statictext> <reportelement style="sans_bold" mode="opaque" x="0" y="60" width="104" height="20" forecolor="#ffffff" backcolor="#666666"> <property name="net.sf.jasperreports.export.xls.auto.filter" value="start"/> <property name="net.sf.jasperreports.export.xls.column.width" value="110"/> <property name="net.sf.jasperreports.export.xls.freeze.column.edge" value="left"/> </reportelement> &
Read more

python - ('The SQL contains 0 parameter markers, but 50 parameters were supplied', 'HY000') or TypeError: 'tuple' object is not callable -

-
import pyodbc,nltk,array cnxn = pyodbc.connect('driver={mysql odbc 5.1 driver};server=127.0.0.1;port=3306;database=information_schema;user=root; password=1234;option=3;') cursor = cnxn.cursor() cursor.execute("use collegedatabase ;") cursor.execute("select * sampledata ; ") cnxn.commit() s=[] j=[] x=[] words = [] w = [] sfq = [] pos=[] entry in cursor: s.append(entry.injury_type),j.append(entry.injury_desc) nltk.tokenize import punktwordtokenizer nltk.corpus import stopwords tokenizer = punktwordtokenizer() english_stops = set(stopwords.words('english')) in range(0,26): # filter stop words tokenizer.tokenize(j[i]) w.append([word word in tokenizer.tokenize(j[i]) if word not in english_stops]) in range(0 , 26):#converting tokenzied text ito string sfq.append(" ".join(w[a])) replacers import regexpreplacer replacer = regexpreplacer() in range (0,26):#pos tagging replacer.repl
Read more