我正在尝试自动解析最初在 Python 程序中打开的日志文件,以便在我开始从文件本身读取实际行之前,其输出采用人类可读的格式。我该怎么做?with open('/var/log/audit/audit.log') as audit_raw: audit_formatted=subprocess.call(["ausearch", "-i", audit_raw]) line = audit_formatted.readline()当我尝试这样做时的错误消息:Traceback (most recent call last): File "./email_script.py", line 29, in <module> audit_log=subprocess.call(["ausearch", "-i", audit_raw]) File "/usr/lib/python3.6/subprocess.py", line 267, in call with Popen(*popenargs, **kwargs) as p: File "/usr/lib/python3.6/subprocess.py", line 709, in __init__ restore_signals, start_new_session) File "/usr/lib/python3.6/subprocess.py", line 1275, in _execute_child restore_signals, start_new_session, preexec_fn)TypeError: expected str, bytes or os.PathLike object, not _io.TextIOWrapper
1 回答
白板的微信
TA贡献1883条经验 获得超3个赞
您使用正确的参数调用ausearch并解析其输出。
在这里被盗:用于处理 linux 的 audit.log 的 Python 库?(这是一个要求图书馆认可的题外问题)并且可能会从 SO 中消失 - 这就是我决定反对“重复”的原因。
方尖碑回答:
import subprocess
def read_audit(before,now,user):
auparam = " -sc EXECVE"
cmd = "ausearch -ts " + before.strftime('%H:%M:%S') + " -te " + now.strftime('%H:%M:%S') + " -ua " + user + auparam
p = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE)
res = p.stdout.read().decode()
return res
添加回答
举报
0/150
提交
取消