我在这里遇到了Python2.7的解析问题,让我解释一下:
我正在分析来自incapsula
API的事件。目标是使它们在excel表中可读,以便生成统计和图形。在
在签名字段中,您可以读取事件/攻击的类型和数字。 这个数字包括了攻击的次数,所以我决定将每行代码乘以“signature=”字段后面对应的攻击次数之和。在
像这样的捕获:
visit_id=324001290181618591, src_country=Ukraine, event_timestamp=1484493309742, src_ip=91.223.133.30, dest_name=www.xxx.com, dest_id=1551642, signature={api.threats.sql_injection=3}
visit_id=324001290181618591, src_country=Ukraine, event_timestamp=1484493309742, src_ip=91.223.133.30, dest_name=www.xxx.com, dest_id=1551642, signature={api.threats.sql_injection=3}
visit_id=324001290181618591, src_country=Ukraine, event_timestamp=1484493309742, src_ip=91.223.133.30, dest_name=www.xxx.com, dest_id=1551642, signature={api.threats.sql_injection=3}
到目前为止一切如期进行,我得到了正确的攻击次数。在
但是
在某些罕见事件中,它们是签名字段上的多个值,如以下捕获:
^{pr2}$我仍然对这些罕见的行进行了正确的攻击计数,但我想从以下位置排列签名字段:
signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,}
signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,}
signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,}
signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,}
signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,}
signature={api.threats.sql_injection=3, api.threats.bot_access_control=1, api.threats.illegal_resource_access=1, api.threats.cross_site_scripting=1,}
signature={api.threats.bot_access_control=1, api.threats.illegal_resource_access=3,}
signature={api.threats.bot_access_control=1, api.threats.illegal_resource_access=3,}
signature={api.threats.bot_access_control=1, api.threats.illegal_resource_access=3,}
signature={api.threats.bot_access_control=1, api.threats.illegal_resource_access=3,}
为此:
signature={api.threats.sql_injection}
signature={api.threats.sql_injection}
signature={api.threats.sql_injection}
signature={api.threats.bot_access_control}
signature={api.threats.illegal_resource_access}
signature={api.threats.cross_site_scripting}
signature={api.threats.bot_access_control}
signature={api.threats.illegal_resource_access}
signature={api.threats.illegal_resource_access}
signature={api.threats.illegal_resource_access}
(前6行是第一个事件重复6次(3+1+1+1=6),后4行是第二个事件复制4次(1+3=4)
我当前的源代码:
#count the number of attack per line
f = open('monthlyLogShort.txt','r')
g = open("count.txt", 'w')
kensu = f.readlines()
f.close()
for line in kensu:
st = line.find('signature=')
end = line.find('}')
unprecise = line[st:end+1]
#count = int(re.search(r'\d+', unprecise).group())
count = sum(map(int,re.findall(r'[0-9]+', unprecise)))
print >> g, count
g.close()
#replicate lines according to the number of attack
h = open('flog.txt','w')
with open("monthlyLogShort.txt") as textfile1, open("count.txt") as textfile2:
for x, y in izip(textfile1, textfile2):
x = x.strip()
y = y.strip()
print >> h, x * int(y)
h.close()
如果我正确地阅读了您的需求,那么您将尝试为每个威胁事件发出一行代码,同时保留其余的记录。此解决方案不直接输出计数,而是转换数据,使其统一为每行一个威胁。在
代码:
样本数据:
^{pr2}$输出:
相关问题 更多 >
编程相关推荐