import osimport re from collections import Counter from collections import OrderedDict fileNames = []textInfo = []d = {}currentDirectoryPath = os.getcwd()print(currentDirectoryPath)regexp = re.compile( r'(?P<clientIP>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).+\[' + '(?P<timestamp>\d{2}/[A-Z][a-z]{2}/\d\d\d\d).+\"' + '(?P<action>[A-Z]{3,4}).+\"' + '\s*(?P<statuscode>[1-5][0-9][0-9])' )os.chdir("/content/drive/log")currentDirectoryPath = os.getcwd()listOfFileNames = os.listdir(currentDirectoryPath)#for files in listOfFileNames : #print(files) f = open('access_1.log', 'r')matched = 0failed = 0cnt_clientIPs = Counter()cnt_clientAction = Counter()cnt_clientTimeStamp = Counter()cnt_clientStatusCode = Counter()for line in f: m = re.match(regexp, line) if m: cnt_clientIPs.update([m.group('clientIP')]) cnt_clientAction.update([m.group('action')]) cnt_clientStatusCode.update([m.group('statuscode')]) matched += 1 else: failed += 1 continue print("""""\client .........: %stimestamp ......: %saction .........: %sstatuscode.........: %s""" % ( m.group('clientIP'), m.group('timestamp'), m.group('action'), m.group('statuscode'), ))for line in f: m = re.match(regexp, line) if m: d = {m.group("clientIP"): m.group("statuscode")}print(d)userInputIP = input("Enter how many of the top clients you want to see. ")print('[*] %d lines matched the regular expression' % (matched))print('[*] %d lines failed to match the regular expression' % (failed), end='\n\n')print('[*] ============================================')print('[*] '+ userInputIP +' Most Frequently Occurring Clients Queried')print('[*] ============================================')for clientIP, count in cnt_clientIPs.most_common(int(userInputIP)): print('[*] %30s: %d' % (clientIP, count))print('[*] ============================================')上面的这些行是一些测试行,可以帮助你们并显示我在文本文件中处理的内容。
1 回答
翻翻过去那场雪
TA贡献2065条经验 获得超14个赞
您的cnt_clientStatusCode计数器应该计算由 ip/状态代码对组成的元组:
for line in f:
m = re.match(regexp, line)
if m:
client_ip = m.group('clientIP')
statuscode = m.group('statuscode')
client_statuscode = (client_ip, statuscode) # ip / status code combination
cnt_clientIPs.update([client_ip])
cnt_clientAction.update([m.group('action')])
cnt_clientStatusCode.update([client_statuscode])
matched += 1
else:
failed += 1
continue
然后,您可以列出n最常见的组合,其中n = int(userInputIpPlusStatus):
for (clientIP, statusCode), count in cnt_clientStatusCode.most_common(int(userInputIpPlusStatus)):
print('[*] %30s: %d: %5s:' % (clientIP, count, statusCode))
print('[*] ============================================')
当然,您可以提出一个额外的问题,询问用户对哪个特定状态代码感兴趣,并且只打印具有该特定状态代码的项目。这样做的逻辑是:
wanted_status_code = input("What status code are you interested in: ")
userInputIpPlusStatus = input("Enter how many of the top clients do you want to see for this status code: ")
n = int(userInputIpPlusStatus)
count = 0
for (clientIP, statusCode), count in cnt_clientStatusCode.most_common():
if statusCode == wanted_status_code:
print('[*] %30s: %d: %5s:' % (clientIP, count, statusCode))
count += 1
if count == n:
break
print('[*] ============================================')
更新
如果您想更有效地搜索特定状态代码,那么有一个计数器字典,其键是状态代码,其值是客户端 ips 的计数器:
from collections import defaultdict
status_dict = defaultdict(Counter)
for line in f.split:
m = re.match(regexp, line)
if m:
client_ip = m.group('clientIP')
statuscode = m.group('statuscode')
client_statuscode = (client_ip, statuscode)
cnt_clientIPs.update([client_ip])
cnt_clientAction.update([m.group('action')])
cnt_clientStatusCode.update([client_statuscode])
status_dict[statuscode].update([client_ip])
matched += 1
else:
failed += 1
continue
然后:
wanted_status_code = input("What status code are you interested in: ")
userInputIpPlusStatus = input("Enter how many of the top clients do you want to see for this status code: ")
for clientIP, count in status_dict.get(wanted_status_code, Counter()).most_common(int(userInputIpPlusStatus)):
print('[*] %30s: %d: %5s:' % (clientIP, count, wanted_status_code))
print('[*] ============================================')
添加回答
举报
0/150
提交
取消