背景:
我有一个程序可以解析我的盒子上的连接尝试的日志文件。 它提取了一个ip地址列表,然后我有其他功能,我想在这个信息列表上运行,特别是一个没有按预期工作。它应该计算每个国家/地区的连接尝试次数。
代码 - ip_tools.py
#!/usr/bin/python
import requests
import json
import socket
#function to get the ip address of the host user
def get_host_ipad():
host_ip_request = requests.get("http://ipinfo.io/ip")
return host_ip_request.text
#function to get gelocation info of a remote host
def get_rhost_geo(ipad):
full_geo_info = {}
rhost_ip_request = requests.get("http://ipinfo.io/%s/json" % (ipad))
json_response = json.loads(rhost_ip_request.text)
for value in json_response:
full_geo_info.update({str(value) : str(json_response[value])})
return full_geo_info
#function to return country of rhost
def get_geo_country(ipad):
geo_info = get_rhost_geo(ipad)
geo_country = geo_info["country"]
return geo_country
#function to perform reverse dns lookup
def get_rhost_url(ipad):
try:
rhost_url = socket.gethostbyaddr(ipad)
rhost_url = rhost_url[0]
except Exception:
rhost_url = 'No URL found for this ip address.'
return rhost_url
#main function to run the code only if called directly
def Main():
#printing the options menu and taking a variable to be passed
print '_' * 20
print "1: Get your ip address: \n"
print "2: Get Geolocation of an IP address: \n"
print "3: Atempt getting URL from IP address"
sel = raw_input("Choose an option: \n")
#if statement to control menu navigation
if sel == '1':
print get_host_ipad()
#calls the get_rhost_ipad function defined above on user input
elif sel == '2':
ipad = raw_input("Which IP address?: \n")
print get_rhost_geo(ipad)
elif sel == 'quit':
quit()
elif sel == '3':
ipad = raw_input("Which IP address?: \n")
print get_rhost_url(ipad)
else:
print "Please choose one of the other options. \n"
if __name__=="__main__":
Main()
代码 - log_auditor.py:
import re
import ip_tools
#global variable to open kippo log in read mode
MY_LOG = open("/path/to/log", "r").read()
#function to get ip address from log file with a regular expression
def get_ips_from_log():
re_ip_search = re.findall(r"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\b", MY_LOG)
return re_ip_search
#function to get attempts per unique ip address
def get_ip_count():
ip_log = get_ips_from_log()
ip_count = [(i, ip_log.count(i)) for i in set(ip_log)]
return ip_count
#function to get attempts per country
def get_country_count():
ip_list = get_ips_from_log()
get_country_count = [(ip_tools.get_geo_country(ip), ip_list.count(ip)) for ip in set(ip_list)]
return get_country_count
#main function to only run program when called:
def Main():
print get_country_count()
if __name__=='__main__':
Main()
有问题的功能就是这个:
#function to get attempts per country
def get_country_count():
ip_list = get_ips_from_log()
get_country_count = [(ip_tools.get_geo_country(ip), ip_list.count(ip)) for ip in set(ip_list)]
return get_country_count
不幸的是它的输出看起来像:
[('CN', 2), ('CN', 566), ('NL', 2), ('CN', 3040), ('CN', 2), ('CN', 1042), ('CN', 2), ('US', 2), ('KR', 382), ('DE', 2), ('US', 127)]
如何进一步分组?
答案 0 :(得分:0)
使用字典跟踪每个国家/地区代码的总计数。
from collections import defaultdict
def get_country_count():
ip_list = get_ips_from_log()
country_count = defaultdict(int)
for ip in set(ip_list):
country_count[ip_tools.get_geo_country(ip)] += ip_list.count(ip)
return country_count
答案 1 :(得分:0)
如果我们不接触所有其他代码,可以像这样重写功能:
from collections import defaultdict
....
def get_country_count():
country_count = defaultdict(int)
for ip in get_ips_from_log():
country_count[ip_tools.get_geo_country(ip)] += 1
return country_count
或者如果使用get_geo_country需要花费很多:
def get_country_count():
country_count = defaultdict(int)
ip_list = get_ips_from_log()
for ip in set(ip_list):
country_count[ip_tools.get_geo_country(ip)] += ip_list.count(ip)
return country_count
defaultdict仅仅因为没有写下这样丑陋的结构而被使用:
def get_country_count():
....
for ....
country = ip_tools.get_geo_country(ip)
if country in country_count:
country_count[country] += ...
else:
country_count[country] = ...