解析ping日志以查找停机时间

Question

尝试编写实用程序脚本以从ping日志获取停机时间测量值，通常如下所示：

Mar 24 23:58:31 64 bytes from 10.11.10.12: icmp_seq=1977 ttl=64 time=0.244 ms
Mar 24 23:58:32 64 bytes from 10.11.10.12: icmp_seq=1978 ttl=64 time=0.282 ms
Mar 24 23:58:33 64 bytes from 10.11.10.12: icmp_seq=1979 ttl=64 time=0.269 ms
Mar 24 23:58:34 64 bytes from 10.11.10.12: icmp_seq=1980 ttl=64 time=0.342 ms
Mar 24 23:58:35 64 bytes from 10.11.10.12: icmp_seq=1981 ttl=64 time=0.261 ms
Mar 24 23:58:36 64 bytes from 10.11.10.12: icmp_seq=1982 ttl=64 time=0.292 ms
Mar 24 23:58:37 64 bytes from 10.11.10.12: icmp_seq=1983 ttl=64 time=0.274 ms
Mar 24 23:58:38 64 bytes from 10.11.10.12: icmp_seq=1984 ttl=64 time=0.394 ms
Mar 24 23:58:39 64 bytes from 10.11.10.12: icmp_seq=1985 ttl=64 time=0.338 ms
Mar 24 23:58:40 64 bytes from 10.11.10.12: icmp_seq=1986 ttl=64 time=0.304 ms
Mar 24 23:58:41 64 bytes from 10.11.10.12: icmp_seq=1987 ttl=64 time=0.338 ms
Mar 24 23:58:42 64 bytes from 10.11.10.12: icmp_seq=1988 ttl=64 time=0.302 ms
Mar 24 23:58:43 64 bytes from 10.11.10.12: icmp_seq=1989 ttl=64 time=0.302 ms
Mar 24 23:58:44 64 bytes from 10.11.10.12: icmp_seq=1990 ttl=64 time=0.328 ms
Mar 24 23:58:45 64 bytes from 10.11.10.12: icmp_seq=1991 ttl=64 time=0.220 ms
Mar 24 23:59:24 64 bytes from 10.11.10.12: icmp_seq=2030 ttl=64 time=1.00 ms
Mar 24 23:59:25 64 bytes from 10.11.10.12: icmp_seq=2031 ttl=64 time=0.333 ms
Mar 24 23:59:26 64 bytes from 10.11.10.12: icmp_seq=2032 ttl=64 time=0.279 ms
Mar 24 23:59:27 64 bytes from 10.11.10.12: icmp_seq=2033 ttl=64 time=0.272 ms
Mar 24 23:59:28 64 bytes from 10.11.10.12: icmp_seq=2034 ttl=64 time=0.282 ms
Mar 24 23:59:29 64 bytes from 10.11.10.12: icmp_seq=2035 ttl=64 time=0.430 ms
Mar 24 23:59:30 64 bytes from 10.11.10.12: icmp_seq=2036 ttl=64 time=0.364 ms
Mar 24 23:59:31 64 bytes from 10.11.10.12: icmp_seq=2037 ttl=64 time=0.381 ms
Mar 24 23:59:32 64 bytes from 10.11.10.12: icmp_seq=2038 ttl=64 time=0.414 ms
Mar 24 23:59:33 64 bytes from 10.11.10.12: icmp_seq=2039 ttl=64 time=0.330 ms
Mar 24 23:59:34 64 bytes from 10.11.10.12: icmp_seq=2040 ttl=64 time=0.354 ms
Mar 24 23:59:35 64 bytes from 10.11.10.12: icmp_seq=2041 ttl=64 time=0.301 ms
Mar 24 23:59:36 64 bytes from 10.11.10.12: icmp_seq=2042 ttl=64 time=0.305 ms
Mar 24 23:59:37 64 bytes from 10.11.10.12: icmp_seq=2043 ttl=64 time=0.274 ms
Mar 24 23:59:38 64 bytes from 10.11.10.12: icmp_seq=2044 ttl=64 time=0.404 ms
Mar 24 23:59:39 64 bytes from 10.11.10.12: icmp_seq=2045 ttl=64 time=0.377 ms
Mar 24 23:59:40 64 bytes from 10.11.10.12: icmp_seq=2046 ttl=64 time=0.392 ms
Mar 24 23:59:41 64 bytes from 10.11.10.12: icmp_seq=2047 ttl=64 time=0.313 ms
Mar 24 23:59:42 64 bytes from 10.11.10.12: icmp_seq=2048 ttl=64 time=0.336 ms
Mar 24 23:59:43 64 bytes from 10.11.10.12: icmp_seq=2049 ttl=64 time=0.313 ms
Mar 24 23:59:44 64 bytes from 10.11.10.12: icmp_seq=2050 ttl=64 time=0.311 ms
Mar 24 23:59:45 64 bytes from 10.11.10.12: icmp_seq=2051 ttl=64 time=0.223 ms
Mar 24 23:59:46 64 bytes from 10.11.10.12: icmp_seq=2052 ttl=64 time=0.226 ms
Mar 24 23:59:47 64 bytes from 10.11.10.12: icmp_seq=2053 ttl=64 time=0.241 ms
Mar 24 23:59:48 64 bytes from 10.11.10.12: icmp_seq=2054 ttl=64 time=0.389 ms
Mar 24 23:59:49 64 bytes from 10.11.10.12: icmp_seq=2055 ttl=64 time=0.213 ms
Mar 24 23:59:50 64 bytes from 10.11.10.12: icmp_seq=2056 ttl=64 time=0.233 ms
Mar 24 23:59:51 64 bytes from 10.11.10.12: icmp_seq=2057 ttl=64 time=0.553 ms
Mar 24 23:59:52 64 bytes from 10.11.10.12: icmp_seq=2058 ttl=64 time=0.309 ms
Mar 24 23:59:53 64 bytes from 10.11.10.12: icmp_seq=2059 ttl=64 time=0.273 ms
Mar 24 23:59:54 64 bytes from 10.11.10.12: icmp_seq=2060 ttl=64 time=0.453 ms
Mar 24 23:59:55 64 bytes from 10.11.10.12: icmp_seq=2061 ttl=64 time=0.208 ms
Mar 24 23:59:56 64 bytes from 10.11.10.12: icmp_seq=2062 ttl=64 time=0.314 ms
Mar 24 23:59:57 64 bytes from 10.11.10.12: icmp_seq=2063 ttl=64 time=0.267 ms
Mar 24 23:59:58 64 bytes from 10.11.10.12: icmp_seq=2064 ttl=64 time=0.384 ms
Mar 24 23:59:59 64 bytes from 10.11.10.12: icmp_seq=2065 ttl=64 time=0.302 ms
Mar 25 00:00:00 64 bytes from 10.11.10.12: icmp_seq=2066 ttl=64 time=0.320 ms
Mar 25 00:00:01 64 bytes from 10.11.10.12: icmp_seq=2067 ttl=64 time=0.292 ms
Mar 25 00:00:02 64 bytes from 10.11.10.12: icmp_seq=2068 ttl=64 time=0.274 ms
Mar 25 00:00:03 64 bytes from 10.11.10.12: icmp_seq=2069 ttl=64 time=0.192 ms
Mar 25 00:00:04 64 bytes from 10.11.10.12: icmp_seq=2070 ttl=64 time=0.329 ms
Mar 25 00:00:05 64 bytes from 10.11.10.12: icmp_seq=2071 ttl=64 time=0.210 ms
Mar 25 00:00:06 64 bytes from 10.11.10.12: icmp_seq=2072 ttl=64 time=0.199 ms
Mar 25 00:00:07 64 bytes from 10.11.10.12: icmp_seq=2073 ttl=64 time=0.197 ms
Mar 25 00:00:08 64 bytes from 10.11.10.12: icmp_seq=2074 ttl=64 time=0.276 ms
Mar 25 00:00:09 64 bytes from 10.11.10.12: icmp_seq=2075 ttl=64 time=0.189 ms
Mar 25 00:00:10 64 bytes from 10.11.10.12: icmp_seq=2076 ttl=64 time=0.258 ms
Mar 25 00:00:11 64 bytes from 10.11.10.12: icmp_seq=2077 ttl=64 time=0.392 ms
Mar 25 00:00:12 64 bytes from 10.11.10.12: icmp_seq=2078 ttl=64 time=0.238 ms
Mar 25 00:00:13 64 bytes from 10.11.10.12: icmp_seq=2079 ttl=64 time=0.178 ms
Mar 25 00:00:14 64 bytes from 10.11.10.12: icmp_seq=2080 ttl=64 time=0.183 ms
Mar 25 00:00:15 64 bytes from 10.11.10.12: icmp_seq=2081 ttl=64 time=0.237 ms
Mar 25 00:00:16 64 bytes from 10.11.10.12: icmp_seq=2082 ttl=64 time=0.370 ms
Mar 25 00:00:17 64 bytes from 10.11.10.12: icmp_seq=2083 ttl=64 time=0.211 ms
Mar 25 00:00:18 64 bytes from 10.11.10.12: icmp_seq=2084 ttl=64 time=0.354 ms
Mar 25 00:00:19 64 bytes from 10.11.10.12: icmp_seq=2085 ttl=64 time=0.181 ms
Mar 25 00:00:20 64 bytes from 10.11.10.12: icmp_seq=2086 ttl=64 time=0.306 ms
Mar 25 00:00:21 64 bytes from 10.11.10.12: icmp_seq=2087 ttl=64 time=0.217 ms
Mar 25 00:00:22 64 bytes from 10.11.10.12: icmp_seq=2088 ttl=64 time=0.417 ms
Mar 25 00:00:23 64 bytes from 10.11.10.12: icmp_seq=2089 ttl=64 time=0.293 ms
Mar 25 00:00:24 64 bytes from 10.11.10.12: icmp_seq=2090 ttl=64 time=0.313 ms
Mar 25 00:00:25 64 bytes from 10.11.10.12: icmp_seq=2091 ttl=64 time=0.222 ms
Mar 25 00:00:26 64 bytes from 10.11.10.12: icmp_seq=2092 ttl=64 time=0.404 ms
Mar 25 00:00:27 64 bytes from 10.11.10.12: icmp_seq=2093 ttl=64 time=0.293 ms
Mar 25 00:00:28 64 bytes from 10.11.10.12: icmp_seq=2094 ttl=64 time=0.396 ms

但有时它们不包含不可达行：

Mar 24 23:58:45 64 bytes from 10.11.10.12: icmp_seq=1991 ttl=64 time=0.220 ms
Mar 24 23:59:24 64 bytes from 10.11.10.12: icmp_seq=2030 ttl=64 time=1.00 ms

但是两个条目之间存在差距，这也意味着VM无法访问：

import csv,sys
from datetime import datetime as dt

def main(logfile):
        gap=0
        down=False
        first=True
        st_et=[]
        dt_pairs=[]
        lt=-1
        with open(logfile,'r') as lf:
                for line in lf:
                        tokens=line.split()
                        t=dt.strptime(' '.join(tokens[0:3]), '%b %d %H:%M:%S')
                        if first:
                                first=False
                                st_et.append(t)
                        else:
                                diff=(t-lt).total_seconds()
                                if diff>4:
                                        gap+=diff
                                        print t,lt, gap
                        if "Destination" in line and not down:
                                #record downtime
                                down=True
                                dt_pairs.append(t)
                        if "bytes" in line and down:
                                # ping is back up
                                down=False
                                dt_pairs.append(lt)
                        lt=t

                st_et.append(lt)

#       print st_et
        print dt_pairs
        downtime=0
        for i in range(0,len(dt_pairs),2):
                downtime+=(dt_pairs[i+1]-dt_pairs[i]).total_seconds()
        print "Downtime: %d (unreachable) + %d (gap) = %d"%(downtime,gap,downtime+gap)

main(sys.argv[1])

这就是我的想法：

{{1}}

有时在无法到达的线路中不再有间隙（> 4秒）时会起作用，否则会失败。我没有深思熟虑，我任意选择4作为差距的下限。现在要解决这个问题，我可以再添一个if条件来检查我是否在无法访问的条目块中，但我想知道是否有一个更容易/更有效/更优雅/更强大的解决方案来做到这一点？