Basically I have an authlog/syslog file with a list of log in attempts and IP addresses - I need to make a Python program that will create a txt file with all the IP addresses that have more than 5 failed login attempts - a sort of "blacklist".
So basically something like:
if "uniqueipaddress" and "authentication failure" appear more than 5 times, add uniqueipaddress to txt file.
Any help would be greatly appreciated - please try and make it simple as I am very, very inexperienced in programming i开发者_运维技巧n Python! Thanks.
For each line:
- read the IP and attempt status
- keep a dictionary by IP of amount of failed attempts
Then go over the dictionary:
- print to file all IPs with 5 or more attempts
Python hints:
- To read a file line by line:
for line in open(filename)
- Parsing the log line depends entirely on its format. Some useful Python tools are the
split
method of a string, and regular expressions - Keep a dictionary, i.e.
ips[ip]
is amount of attempts
The following code should do something similar to what you're looking for. It's not perfect, but it's a good jumping off point.
ips = {}
for line in open('your_log.txt'):
parts = line.split(' ') #assuming this is a good place to split
if parts[1] == "AuthenticationFailure":
if parts[0] in ips:
ips[parts[0]] += 1
else:
ips[parts[0]] = 0
for ip in [k for k,v in ips.iteritems() if v >= 5]:
#WRITE TO FILE HERE
This assumes that your log file is structured something like so:
1.1.1.1 LoginSuccess
2.2.2.2 LoginSuccess
3.3.3.3 AuthenticationFailure
精彩评论