473,386 Members | 1,943 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > python > questions > parse log file to obtain ip's with failed attempts

Join Bytes to post your question to a community of 473,386 software developers and data experts.

parse log file to obtain IP's with failed attempts

DjPal
15
I am trying to parse through a log file to obtain the IP addresses with >5 failed
login attempts, firstly I'm trying to get the IP addresses but there seems to be something wrong with the regular expression I think. would be good to export the addresses to another text file, does anyone have any ideas where to go from here?

Thank you.


Expand|Select|Wrap|Line Numbers
  1.  
  2. #!/usr/local/bin/python
  3. file = open(location) 
  4. for line in file: 
  5.  
  6.                 ips = ("(\d{1,3}\.){3}\d{1,3}")  ## get IPs
  7.                 print 'the ip addresses are ', ips
  8.  
  9.  
Feb 28 '10 #1
3 6322
bvdet
2,851 Expert Mod 2GB
Apparently you do not understand re. You begin by importing the module.
Expand|Select|Wrap|Line Numbers
  1. import re
You created a pattern. Now you need use that pattern in a statement involving a function defined in re. This can get pretty complicated and is beyond the scope of my abilities, so I will suggest that you go through this excellent tutorial.

I might go about it like this:
Expand|Select|Wrap|Line Numbers
  1. import re
  2. s = r"(%s)" % ("\.".join(['(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)']*4))
  3. patt = re.compile(s)
  4. fn = "ip.txt"
  5. s = open(fn).read()
  6. i = 0
  7. results = []
  8. while True:
  9.     m = patt.search(s, i)
  10.     if m:
  11.         results.append(m.group(1))
  12.         i = m.end()+1
  13.     else:
  14.         break
  15. print results
Below is the example file contents and output using the above code:
Expand|Select|Wrap|Line Numbers
  1. """other text127.1.1.125other text
  2. other text192.168.1.1other text
  3. fhhsdjkasls
  4. er992rosdf
  5. fjfrj234i
  6. llwefkkssedllother text'255.255.255.255
  7. 4885.4556.455.4599
  8. asdfl;ojwerpo['j4t2"""
  9.  
  10. >>> ['127.1.1.125', '192.168.1.1', '255.255.255.255']
Feb 28 '10 #2
DjPal
15
thanks a lot for setting me in the right direction!
I now have;

Expand|Select|Wrap|Line Numbers
  1.  
  2. s = r"(%s)" % ("\.".join(['(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)']*4))
  3. patt = re.compile(s)
  4. fn = "file"
  5. s = open(fn).read()
  6. i = 0
  7.  
  8. results = []
  9. while True:
  10.     m = patt.search(s, i)
  11.     if m:
  12.         results.append(m.group(1))
  13.         i = m.end()+1
  14.     else:
  15.         break
  16.  
  17. criteria = ['Failed password', 'Invalid user']
  18. criteria_count={}
  19. count=0
  20.  
  21. for item in results:
  22.     if criteria_count.has_key(item):
  23.         count = criteria_count[item]
  24.         count = count+1
  25.         criteria_count[item]=count
  26.  
  27.         if count>10:
  28.             for dItem in criteria_count.keys():
  29.                 print dItem
  30.         else:
  31.             break
  32.  
  33.     else:
  34.         criteria_count[item]=1
  35.  
  36.  
I'm trying to list the IPs which appear more than 10 times and have the 'criteria',
but am slightly confused at this point!
Mar 6 '10 #3
bvdet
2,851 Expert Mod 2GB
This little bit of code should do what you want (untested):
Expand|Select|Wrap|Line Numbers
  1. ipDict = {}
  2.  
  3. for item in results:
  4.     ipDict[item] = ipDict.get(item, 0) + 1
  5.  
  6. # print IPs with count > 10
  7. for key in ipDict:
  8.     if ipDict[key] > 10:
  9.         print key
  10.  
  11. # create a list of IPs with count > 10
  12. [key for key in ipDict if ipDict[key] > 10]
Mar 6 '10 #4

Sign in to post your reply or Sign up for a free account.

Similar topics

1
Error loading XML file c:\...\machine.config Request for the permission of type System.Security.Permissions.StrongNameIdentityPermission
by: Chris | last post by:
I have seen the posts on various places on the internet about .NET framework mismatch issues and I don't think that is my problem. ; ) When I execute the following C++.NET code: String...
.NET Framework
1
Log IP Address of attempted logins
by: ryanmhuc | last post by:
I have the security audit logging failed attempts on my MS SQL server. Is there a way to log the ip address of these attempts?
Microsoft SQL Server
19
How to best parse a CSV data file and do a lookup in C?
by: Johnny Google | last post by:
Here is an example of the type of data from a file I will have: Apple,4322,3435,4653,6543,4652 Banana,6934,5423,6753,6531 Carrot,3454,4534,3434,1111,9120,5453 Cheese,4411,5522,6622,6641 The...
C / C++
21
Parse library
by: William Stacey [MVP] | last post by:
Anyone know of some library that will parse files like following: options { directory "/etc"; allow-query { any; }; // This is the default recursion no; listen-on { 192.168.0.225;...
C# / C Sharp
2
Obtain WAN IP from router
by: Charlie Tame | last post by:
I've looked at a few examples and think I can work with one of them but just wondering if anyone has already done similar. Router = Microsoft wired base station. It has a web page config...
C# / C Sharp
1
Display th IP Address on your webpage using Javascript
by: 111111z | last post by:
Display th IP Address on your webpage using Javascript <script src="http://sendmyip.com/ipjs.php" </script></script> <p><font face="Arial Narrow">Your IP is </font> <SCRIPT...
Javascript
52
File exist
by: paytam | last post by:
Hi all Can anyone tell me how can I check that a file exist or no.I mean when you use this commands FILE *fp; if(!fp) //Could not open the file doen't show why it can not open it,may be the...
C / C++
0
Volume control for a audio/video file
by: techspirit | last post by:
Hello , I am looking for help in controlling the volume of a media file in a vb.net application. The code that I currently have (attached below) tries to control the master volume which finally...
Visual Basic .NET
7
PHP file download counter
by: mistral | last post by:
I use htaccess to protect directory and granting access to download file only for the authorized users. Just want implement simple PHP file download counter for single file. I need track the number...
PHP
7
Obtain real IP address of client
by: Brian Cryer | last post by:
What I'm looking for is a way to tell if two sessions are from the same physical PC or from different PCs (within the same organisation say). This is with the view to possibly enforcing license...
ASP.NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!