读取文件内容的程序
program to read a file contents
我有一个名为 "logs" 的 snort 日志文件,我想从中提取 IP 地址并将它们存储到另一个名为 "blacklist" 的文件中。它可以提取唯一的 IP 地址,但如果我再次 运行 程序,它也会添加以前的 IP。我想让程序先检查IP是否已经在黑名单文件中?如果是这样,请忽略它,否则将日志文件中的唯一 IP 添加到黑名单。代码:
#!/usr/bin/python
import re
mylist1 = []
mylist2 = []
mylist3 = []
mylist4 = []
logfile = open('/var/log/snort/logs', 'r')
blklist = open('blacklist', 'ab+')
for line in open ('blacklist', 'r').readlines():
mylist4.append(line)
for l in logfile.readlines():
l = l.rstrip()
ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}',l)
if ip is not None and ip not in mylist1:
mylist1.append(ip)
for ip in mylist1:
addr = ",".join(ip)
if ',' in addr:
a = addr.split(',')
for ip in a:
addr = "".join(ip)
if addr is not '':
mylist2.append(addr)
else:
mylist3.append(addr)
for x in blklist:
mylist2.append(x.strip())
for x in mylist2:
if x not in mylist3 and x not in mylist4:
blklist.write(x+'\n')
mylist3.append(x)
日志文件是:
12/16-10:34:27.070967 [**] [1:10000001:1] snort alert [1:0000001] [**][classification ID: 0] [Priority ID: 0] {ICMP} 192.168.40.19 -> 192.168.50.29
12/16-10:34:27.070967 [**] [1:10000001:1] snort alert [1:0000001] [**][classification ID: 0] [Priority ID: 0] {ICMP} 192.168.50.29 -> 192.168.30.20
第一个程序后黑名单文件的输出运行:
192.168.30.20
192.168.50.29
192.168.40.19
第二个程序后黑名单文件的输出运行:
192.168.30.20
192.168.50.29
192.168.40.19
192.168.30.20
192.168.50.29
192.168.40.19
有什么帮助吗?
您可以使用 Python 容器类型 set,它只存储唯一元素。以下程序应该适合您:
create a 'current' blacklist set
read the blacklist file IP's into the current set
create a 'delta' blacklist set
for each IP address in the log file
if not already in current blacklist
add the IP into the delta set
append (by writing) the delta set into the black list file
您可以从黑名单文件中读取所有内容并登录到列表中。加入这些列表,然后将一个集合输出回黑名单文件(集合是唯一值),因为读取会清空文件,您将拥有所有新旧 IP 的唯一列表。如果顺序很重要(怀疑它确实如此),那么一组将导致问题。让我知道,我可以修改下面的内容。
if __name__ == '__main__':
import re
blacklist = list(open("blacklist", 'r').read().split('\n'))
logfile = list(open("/var/log/snort/logs", 'r').read().split('\n'))
newentry = []
for entry in logfile:
ips = re.findall( r'[0-9]+(?:\.[0-9]+){3}', entry)
for ip in ips:
newentry.append(ip)
newblacklist = blacklist + newentry
with open("blacklist", 'w+') as f:
f.write('\n' .join(set(newblacklist)))
f.close()
我有一个名为 "logs" 的 snort 日志文件,我想从中提取 IP 地址并将它们存储到另一个名为 "blacklist" 的文件中。它可以提取唯一的 IP 地址,但如果我再次 运行 程序,它也会添加以前的 IP。我想让程序先检查IP是否已经在黑名单文件中?如果是这样,请忽略它,否则将日志文件中的唯一 IP 添加到黑名单。代码:
#!/usr/bin/python
import re
mylist1 = []
mylist2 = []
mylist3 = []
mylist4 = []
logfile = open('/var/log/snort/logs', 'r')
blklist = open('blacklist', 'ab+')
for line in open ('blacklist', 'r').readlines():
mylist4.append(line)
for l in logfile.readlines():
l = l.rstrip()
ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}',l)
if ip is not None and ip not in mylist1:
mylist1.append(ip)
for ip in mylist1:
addr = ",".join(ip)
if ',' in addr:
a = addr.split(',')
for ip in a:
addr = "".join(ip)
if addr is not '':
mylist2.append(addr)
else:
mylist3.append(addr)
for x in blklist:
mylist2.append(x.strip())
for x in mylist2:
if x not in mylist3 and x not in mylist4:
blklist.write(x+'\n')
mylist3.append(x)
日志文件是:
12/16-10:34:27.070967 [**] [1:10000001:1] snort alert [1:0000001] [**][classification ID: 0] [Priority ID: 0] {ICMP} 192.168.40.19 -> 192.168.50.29
12/16-10:34:27.070967 [**] [1:10000001:1] snort alert [1:0000001] [**][classification ID: 0] [Priority ID: 0] {ICMP} 192.168.50.29 -> 192.168.30.20
第一个程序后黑名单文件的输出运行:
192.168.30.20
192.168.50.29
192.168.40.19
第二个程序后黑名单文件的输出运行:
192.168.30.20
192.168.50.29
192.168.40.19
192.168.30.20
192.168.50.29
192.168.40.19
有什么帮助吗?
您可以使用 Python 容器类型 set,它只存储唯一元素。以下程序应该适合您:
create a 'current' blacklist set
read the blacklist file IP's into the current set
create a 'delta' blacklist set
for each IP address in the log file
if not already in current blacklist
add the IP into the delta set
append (by writing) the delta set into the black list file
您可以从黑名单文件中读取所有内容并登录到列表中。加入这些列表,然后将一个集合输出回黑名单文件(集合是唯一值),因为读取会清空文件,您将拥有所有新旧 IP 的唯一列表。如果顺序很重要(怀疑它确实如此),那么一组将导致问题。让我知道,我可以修改下面的内容。
if __name__ == '__main__':
import re
blacklist = list(open("blacklist", 'r').read().split('\n'))
logfile = list(open("/var/log/snort/logs", 'r').read().split('\n'))
newentry = []
for entry in logfile:
ips = re.findall( r'[0-9]+(?:\.[0-9]+){3}', entry)
for ip in ips:
newentry.append(ip)
newblacklist = blacklist + newentry
with open("blacklist", 'w+') as f:
f.write('\n' .join(set(newblacklist)))
f.close()