Python解析IP地址和协议的日志文件

发布时间：2020-11-17 23:03:55 所属栏目：Python 来源：互联网

导读：这是我在stackoverflow上提出的第一个问题,我真的很期待成为这个社区的一员.我是程序新手, python是很多人推荐的第一个程序. 无论如何.我有一个日志文件,如下所示： No.,Time,Source,Destination,Protocol,Info1,0.000000,120.107.103.180,172.16.112.50,TELN

这是我在stackoverflow上提出的第一个问题,我真的很期待成为这个社区的一员.我是程序新手,python是很多人推荐的第一个程序.

无论如何.我有一个日志文件,如下所示：

"No.","Time","Source","Destination","Protocol","Info"
"1","0.000000","120.107.103.180","172.16.112.50","TELNET","Telnet Data ..." 
"2","0.000426","172.16.113.168","Telnet Data ..." 
"3","0.019849","TCP","21582 > telnet [ACK]" 
"4","0.530125","Telnet Data ..." 
"5","0.530634","Telnet Data ..."

我想用Python解析日志文件,使其看起来如下：

From IP 135.13.216.191 Protocol Count:
(IMF 1)
(SMTP 38)
(TCP 24) (Total: 63)

如果我使用列表并循环遍历它或词典/元组,我真的想要一些帮助解决这个问题的路径？

在此先感谢您的帮助！

解决方法

首先,您需要阅读文本文件

# Open the file
file = open('log_file.csv')
# readlines() will return the data as a list of strings,one for each line
log_data = file.readlines()
# close the log file
file.close()

设置字典以保存结果

results = {}

现在迭代您的数据,一次一行,并在字典中记录协议

for entry in log_data:
    entry_data = entry.split(',')
    # We are going to have a separate entry for each source ip
    # If we haven't already seen this ip,we need to make an entry for it
    if entry_data[2] not in results:
        results[entry_data[2]] = {'total':0}
    # Now check to see if we've seen the protocol for this ip before
    # If we haven't,add a new entry set to 0
    if entry_data[4] not in results[entry_data[2]]:
         results[entry_data[2]][entry_data[4]] = 0
    # Now we increment the count for this protocol
    results[entry_data[2]][entry_data[4]] += 1
    # And we increment the total count
    results[entry_data[2]]['total'] += 1

一旦你计算了所有内容,只需重复计算并打印出结果

for ip in results:
    # Here we're printing a string with placeholders. the {0},{1} and {2} will be filled
    # in by the call to format
    print "from: IP {0} Protocol Count: {1})".format(
        ip,# And finally create the value for the protocol counts with another format call
        # The square braces with the for statement inside create a list with one entry
        # for each entry,in this case,one entry for each protocol
        # We use ' '.join to join each of the counts with a string
        ' '.join(["({0}: {1})".format(protocol,results[ip][protocol] for protocol in results[ip])]))

（编辑：甘南站长网）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!