#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2004
    Posts
    40
    Rep Power
    11

    Parsing logfile with python


    I am extremely new to python and working my way through "Quick Python" as we speak, so please be gentle...

    I have a IDS logfile that has entries that look like this:
    07/29-07:15:45.197755 [**] [1:1288:8] WEB-FRONTPAGE /_vti_bin/ access [**] [Classification: access to a potentially vulnerable web application] [Priority: 2] {TCP} 80.255.255.255:4817 -> 10.10.100.100:80

    What I would like to accomplish is have python load the file, do the grep equivelant of finding which lines have the value "vulnerable", then get the attacking ip address for said line, and output it to another file.
    e and can get each line as a value in a list.:

    So far I have opened the file and can get each line as a value in a list:

    logstring = open('./log', 'r').read().split('\n')

    Is there a way to split items inside a list? As I type this i realized that would probably be messy....can anyone tip me off to a good starting point on this?

    Thanks in advance!
  2. #2
  3. Contributing User
    Devshed Intermediate (1500 - 1999 posts)

    Join Date
    Dec 2004
    Location
    Meriden, Connecticut
    Posts
    1,797
    Rep Power
    154
    Code:
    for line in file('./log'):
        if 'vulnerable' in line:
            vLine = line
    Code:
    for line in file('./log'):
        if '{TCP}' in line:
            attacking_ip = line[line.find('}') + 1:line.find('>') - 2]

IMN logo majestic logo threadwatch logo seochat tools logo