如何从示例日志文件中找到每天的攻击次数?我希望它提供一些以密码失败开头的提示。
我获得了大部分代码,但它需要工作,我不太确定已经玩了几个小时但没有运气。
$ myFile = open('auth','r')
#! /bin/python
att_dic = {}
count_attack = 0
print 'Start of Debug messages'
for line in myFile.readlines():
lineList2 = line.split(']')
att_list = lineList2[0]
att_list2 = att_list.split('[')
attack = att_list2[1]
if att_dic.has_key(attack):
count_attack = att_dic[attack]
count_attack = count_attack +1
att_dic[attack] = count_attack
count_attack = 0
else:
att_dic[attack] = 1
else:
lineList2 = line.split(']')
att_list = lineList2[1]
att_list2 = att_list.split('[')
attack = att_list2[0]
if att_dic.has_key(attack):
count_att = att_dic[ip]
count_attack = count_att +1
att_dic[attack] = count_attack
count_attack =0
else:
att_dic[attack] = 1
print attack
print '\nEnd of Debug messages\n\n'
print 'Answers:\n'
print 'Number of attacks per day:'
for att_items in att_dic.keys():
print att_items ,' has', att_dic[att_items] , ' attacks per day '
日志文件示例
Jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
Jan 10 09:32:09 j4-be03 sshd[3876]: Failed password for root from 218.241.173.35 port 47084 ssh2
Jan 10 09:32:17 j4-be03 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
Jan 10 09:32:19 j4-be03 sshd[3879]: Failed password for root from 218.241.173.35 port 47901 ssh2
答案 0 :(得分:1)
我认为您要做的只是计算日志文件中唯一攻击的数量。有许多方法可以做到这一点,但遵循分割代码的精神,这是一个更简单的解决方案:
FIN = open("auth")
A = dict()
for line in FIN:
if "authentication failure" in line:
host = [x for x in line.split() if "rhost" in x]
host = host[0].split('=')[1]
if host not in A: A[host] = 0
A[host] += 1
print "%i unique attacks: " % len(A)
for ip in A:
print " %s attacks from %s " % (A[ip],ip)
这给出了输出:
1 unique attacks:
2 attacks from 218.241.173.35
其他方式?
就这样的问题而言,我会看一下pyparsing因为你的规则将变得越来越复杂,因为你正在改进你正在寻找的东西。
答案 1 :(得分:0)
我这样做了,我使用了一个字典,并且计算了天数并计算了每天的攻击次数。 谢谢你的帮助