#!/usr/bin/python #! *-* coding:utf-8 *-* #file:Analysis_logs.py #import os import string import re month={ '1':'Jan', '2':'Feb', '3':'Mar', '4':'Apr', '5':'May', '6':'Jun', '7':'Jul', '8':'Aug', '9':'Sep', '10':'Oct', '11':'Nov', '12':'Dec'} LogFilePath=r'/var/log/secure' def Check_Ex_log(): Ex_str='Accepted password' f=open(LogFilePath,'r') text=f.readlines() f.close Count_line=0 outlog='' text_lines=len(text) print text_lines while Count_line < text_lines: str_line=text[Count_line] if Ex_str in str_line: outlog+=str_line Count_line+=1 f1=open('Ex_Mess.log','w') f1.write(outlog) f1.close print '完成' #Check_Ex_log() def JieQu_day(): date=raw_input('請輸入要截取日誌的日期,格式爲月份-日期,例:6-1:\n') Mon=string.split(date,'-') test=month.items() for i in test: if i[0]==Mon[0]: f=open(LogFilePath,'r') text=f.readlines() f.close() Count_line=0 text_line=len(text) output='' Time=i[1]+' '+Mon[1] while Count_line < text_line: str_line=text[Count_line] if Time in str_line: output+=str_line Count_line+=1 outputname='message-%s-%s.log'%(i[1],Mon[1]) f=open(outputname,'w') f.write(output) f.close() print '完成' def JieQu_hour(): hour=raw_input('請輸入要截取日誌的時間,例:6-24-1,,6-24-10:表示截取6月24日1點-10點的日誌:') Hou=string.split(hour,',') t1=string.split(Hou[0],'-') t2=string.split(Hou[1],'-') test=month.items() for i in test: if t1[0]==i[0]: str1=i[1]+' '+t1[1]+' '+t1[2] str2=i[1]+' '+t2[1]+' '+t2[2] # print str1+'---------------' # print str2+'---------------' f=open(LogFilePath,'r') text=f.readlines() f.close() text_lines=len(text) start_Count=0 for i in text: #獲取開始行的行號 n=re.match(str1,i) if n != None: start=start_Count+1 break start_Count+=1 end_Count=0 end_list=[] for j in text: #獲取結束行的行號 u=re.match(str2,j) if u != None: end_list.append(end_Count) break end_Count+=1 Count=1 output='' while Count <= end_Count: if Count >= start_Count: output+=text[Count] Count+=1 f1=open(hour+'.log','w') f1.write(output) f1.close() print '完成' def chose(): num=raw_input('''本腳本是用於日誌分析,僅供學習參考; 請根據需求選擇下列選項: 1.截取一段時間內的日誌。 2.截取一天的日誌。 3.根據特徵碼分析日誌。 ''') if num=='2': JieQu_day() elif num=='3': Check_Ex_log() elif num=='1': JieQu_hour() else: print '您的輸入不正確或者該功能爲開發完成!' chose()
腳本中截取一段時間的日誌這個功能,若是輸入的開始和結束時間在日誌裏面這兩個時間點沒生成日誌的話,會致使報錯。python
腳本適用於linux系統message,secure相似的日誌文件。
linux