1. 首页
  2. 问答
  3. python查找每天的攻击次数

python查找每天的攻击次数

2012-02-29 40 views
-1

我如何从示例日志文件中找到每天的攻击次数?我希望它给出一些以密码失败开头的提示。python查找每天的攻击次数

我得到了大部分的代码,但它需要工作,我不太确定一直在玩它几个小时,但没有运气。

$ myFile = open('auth','r') 

#! /bin/python 

att_dic = {}  
count_attack = 0 
print 'Start of Debug messages' 

for line in myFile.readlines(): 
    lineList2 = line.split(']')   
    att_list = lineList2[0] 
    att_list2 = att_list.split('[') 
    attack = att_list2[1] 
    if att_dic.has_key(attack): 
     count_attack = att_dic[attack] 
     count_attack = count_attack +1 
     att_dic[attack] = count_attack 
     count_attack = 0 
    else: 
     att_dic[attack] = 1 
    else: 
     lineList2 = line.split(']') 
     att_list = lineList2[1] 
     att_list2 = att_list.split('[') 
     attack = att_list2[0] 

    if att_dic.has_key(attack): 
     count_att = att_dic[ip] 
     count_attack = count_att +1 
     att_dic[attack] = count_attack 
     count_attack =0 
    else: 
     att_dic[attack] = 1 

    print attack   

print '\nEnd of Debug messages\n\n' 
print 'Answers:\n' 
print 'Number of attacks per day:' 
for att_items in att_dic.keys(): 
print att_items ,' has', att_dic[att_items] , ' attacks per day '

日志文件的示例

Jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root 
Jan 10 09:32:09 j4-be03 sshd[3876]: Failed password for root from 218.241.173.35 port 47084 ssh2 
Jan 10 09:32:17 j4-be03 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root 
Jan 10 09:32:19 j4-be03 sshd[3879]: Failed password for root from 218.241.173.35 port 47901 ssh2

来源

2012-02-29 Stefan

+2

我希望我可以给尼克拉斯乙在这里超过一票!我试图格式化代码,但似乎有一个'if'的2个'else:'子句。 – macduff 2012-02-29 20:08:26

+0

难道你不能简单地计算日志文件中每天发生的“身份验证失败”吗? – 2012-02-29 20:53:52

回答

0

我完成了它,我用了一个字典和计数发现的日子,并计算每天的攻击次数。 感谢您的帮助无论如何

来源

2012-03-10 10:11:19

1

我认为你正在试图做的是简单地计算在日志文件中唯一的攻击次数。有很多方法可以做到这一点,但按照你的分裂代码的精神,这是一个非常简单的解决方案:

FIN = open("auth") 
A = dict() 

for line in FIN: 
    if "authentication failure" in line: 
     host = [x for x in line.split() if "rhost" in x] 
     host = host[0].split('=')[1] 
     if host not in A: A[host] = 0 
     A[host] += 1 

print "%i unique attacks: " % len(A) 
for ip in A: 
    print " %s attacks from %s " % (A[ip],ip)

这给作为输出:

1 unique attacks: 
2 attacks from 218.241.173.35

别的办法吗?

个人对于这样的问题,我会看看pyparsing,因为随着您改进所寻找的内容,您的规则将变得越来越复杂。

来源

2012-02-29 21:16:51 Hooked

相关问题

 相关问题