python每天都能找到攻击次数

时间:2012-02-29 19:59:23

标签: python parsing

如何从示例日志文件中找到每天的攻击次数?我希望它提供一些以密码失败开头的提示。

我获得了大部分代码,但它需要工作,我不太确定已经玩了几个小时但没有运气。

$ myFile = open('auth','r')

#! /bin/python

att_dic = {}    
count_attack = 0
print 'Start of Debug messages'

for line in myFile.readlines():
    lineList2 = line.split(']')        
    att_list = lineList2[0]
    att_list2 = att_list.split('[')
    attack = att_list2[1]
    if att_dic.has_key(attack):
        count_attack = att_dic[attack]
        count_attack = count_attack +1
        att_dic[attack] = count_attack
        count_attack = 0
    else:
        att_dic[attack] = 1
    else:
        lineList2 = line.split(']')
        att_list = lineList2[1]
        att_list2 = att_list.split('[')
        attack = att_list2[0]

    if att_dic.has_key(attack):
        count_att = att_dic[ip]
        count_attack = count_att +1
        att_dic[attack] = count_attack
        count_attack =0
    else:
        att_dic[attack] = 1

    print attack        

print '\nEnd of Debug messages\n\n'
print 'Answers:\n'
print 'Number of attacks per day:'
for att_items in att_dic.keys():
print att_items ,' has', att_dic[att_items] , ' attacks per day '

日志文件示例

Jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root   
Jan 10 09:32:09 j4-be03 sshd[3876]: Failed password for root from 218.241.173.35 port 47084 ssh2
Jan 10 09:32:17 j4-be03 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35  user=root
Jan 10 09:32:19 j4-be03 sshd[3879]: Failed password for root from 218.241.173.35 port 47901 ssh2

2 个答案:

答案 0 :(得分:1)

我认为您要做的只是计算日志文件中唯一攻击的数量。有许多方法可以做到这一点,但遵循分割代码的精神,这是一个更简单的解决方案:

FIN = open("auth")
A = dict()

for line in FIN:
    if "authentication failure" in line:
        host = [x for x in line.split() if "rhost" in x]
        host = host[0].split('=')[1]
        if host not in A: A[host] = 0
        A[host] += 1

print "%i unique attacks: " % len(A)
for ip in A:
    print " %s attacks from %s " % (A[ip],ip)

这给出了输出:

1 unique attacks: 
 2 attacks from 218.241.173.35 

其他方式?

就这样的问题而言,我会看一下pyparsing因为你的规则将变得越来越复杂,因为你正在改进你正在寻找的东西。

答案 1 :(得分:0)

我这样做了,我使用了一个字典,并且计算了天数并计算了每天的攻击次数。 谢谢你的帮助