使用python进行高级解析（多行）

visit_id=324001290181618591, src_country=Ukraine, event_timestamp=1484493309742, src_ip=91.223.133.30, dest_name=www.xxx.com, dest_id=1551642, signature={api.threats.sql_injection=3} visit_id=324001290181618591, src_country=Ukraine, event_timestamp=1484493309742, src_ip=91.223.133.30, dest_name=www.xxx.com, dest_id=1551642, signature={api.threats.sql_injection=3} visit_id=324001290181618591, src_country=Ukraine, event_timestamp=1484493309742, src_ip=91.223.133.30, dest_name=www.xxx.com, dest_id=1551642, signature={api.threats.sql_injection=3}

signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,} signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,} signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,} signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,} signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,} signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,} signature={api.threats.bot_access_control=1, api.threats.illegal_resource_access=3,} signature={api.threats.bot_access_control=1, api.threats.illegal_resource_access=3,} signature={api.threats.bot_access_control=1, api.threats.illegal_resource_access=3,} signature={api.threats.bot_access_control=1, api.threats.illegal_resource_access=3,}

signature={api.threats.sql_injection} signature={api.threats.sql_injection} signature={api.threats.sql_injection} signature={api.threats.bot_access_control} signature={api.threats.illegal_resource_access} signature={api.threats.cross_site_scripting} signature={api.threats.bot_access_control} signature={api.threats.illegal_resource_access} signature={api.threats.illegal_resource_access} signature={api.threats.illegal_resource_access}

#count the number of attack per line f = open('monthlyLogShort.txt','r') g = open("count.txt", 'w') kensu = f.readlines() f.close() for line in kensu: st = line.find('signature=') end = line.find('}') unprecise = line[st:end+1] #count = int(re.search(r'\d+', unprecise).group()) count = sum(map(int,re.findall(r'[0-9]+', unprecise))) print >> g, count g.close() #replicate lines according to the number of attack h = open('flog.txt','w') with open("monthlyLogShort.txt") as textfile1, open("count.txt") as textfile2: for x, y in izip(textfile1, textfile2): x = x.strip() y = y.strip() print >> h, x * int(y) h.close()

1条回答

网友

1楼 · 发布于 2024-05-29 02:30:39

如果我正确地阅读了您的需求，那么您将尝试为每个威胁事件发出一行代码，同时保留其余的记录。此解决方案不直接输出计数，而是转换数据，使其统一为每行一个威胁。在

代码：

sig_str = 'signature={'
for line in kensu:
    record, signature = line.split(sig_str)
    threats = signature.split('}')[0]
    for counts in threats.split(','):
        if '=' in counts:
            threat, count = tuple(counts.split('='))
            for i in range(int(count)):
                print '%s%s%s}' % (record, sig_str, threat.strip())

样本数据：

^{pr2}$

输出：

record=0, signature={api.threats.sql_injection}
record=1, signature={api.threats.sql_injection}
record=1, signature={api.threats.sql_injection}
record=1, signature={api.threats.sql_injection}
record=1, signature={api.threats.bot_access_control}
record=1, signature={api.threats.illegal_resource_access}
record=1, signature={api.threats.cross_site_scripting}
record=2, signature={api.threats.bot_access_control}
record=2, signature={api.threats.illegal_resource_access}
record=2, signature={api.threats.illegal_resource_access}
record=2, signature={api.threats.illegal_resource_access}

相关问题更多 >

编程相关推荐

热门问题

热门文章