读取文件内容的程序

2024-05-21 00:43:40 发布

您现在位置:Python中文网/ 问答频道 /正文
6014 3

我有一个名为“logs”的snort日志文件,希望从中提取IP地址并将其存储到另一个名为“blacklist”的文件中。它可以提取唯一的IP地址,但如果我再次运行该程序,它也会添加以前的IP地址。我要程序先检查IP是否已经在黑名单文件中?如果是这样的话,就忽略它,否则会将日志文件中的唯一IP添加到黑名单中。代码:

#!/usr/bin/python
import re
mylist1 = []
mylist2 = []
mylist3 = []
mylist4 = []
logfile = open('/var/log/snort/logs', 'r')
blklist = open('blacklist', 'ab+')

for line in open ('blacklist', 'r').readlines():
  mylist4.append(line)

for l in logfile.readlines():
  l = l.rstrip()
  ip = re.findall(r'[0-9]+(?:\.[0-9]+){3}',l)
  if ip is not None and ip not in mylist1:
    mylist1.append(ip)
for ip in mylist1:
  addr = ",".join(ip)
  if ',' in addr:
    a = addr.split(',')
    for ip in a:
        addr = "".join(ip)
        if addr is not '':
            mylist2.append(addr)
        else:
            mylist3.append(addr)
for x in blklist:
  mylist2.append(x.strip())
for x in mylist2:
  if x not in mylist3 and x not in mylist4:
    blklist.write(x+'\n')
    mylist3.append(x)

日志文件是:

12/16-10:34:27.070967 [**] [1:10000001:1] snort alert [1:0000001] [**][classification ID: 0] [Priority ID: 0] {ICMP} 192.168.40.19 -> 192.168.50.29

12/16-10:34:27.070967 [**] [1:10000001:1] snort alert [1:0000001] [**][classification ID: 0] [Priority ID: 0] {ICMP} 192.168.50.29 -> 192.168.30.20

第一次程序运行后黑名单文件输出:

192.168.30.20
192.168.50.29
192.168.40.19

第二次程序运行后黑名单文件输出:

192.168.30.20
192.168.50.29
192.168.40.19
192.168.30.20
192.168.50.29
192.168.40.19

需要帮忙吗?你知道吗


Tags: 文件inipidforifnotaddr
2条回答
网友
1楼 · 编辑于 2024-05-21 00:43:40

您可以使用Python容器类型set,它只存储唯一的元素。下面的程序应该适合您:

create a 'current' blacklist set
read the blacklist file IP's into the current set

create a 'delta' blacklist set

for each IP address in the log file
  if not already in current blacklist
    add the IP into the delta set

append (by writing) the delta set into the black list file
网友
2楼 · 编辑于 2024-05-21 00:43:40

您可以从黑名单文件中读取所有内容并登录到黑名单。加入这些列表,然后输出一个集合回黑名单文件(集合是唯一的值),因为读取清空文件,您将有一个所有新的和旧的IP的唯一列表。如果顺序很重要(怀疑是否重要),那么一个集合将引起问题。让我知道,我可以修改下面。你知道吗

if __name__ == '__main__':
    import re
    blacklist = list(open("blacklist", 'r').read().split('\n'))
    logfile = list(open("/var/log/snort/logs", 'r').read().split('\n'))

    newentry = []
    for entry in logfile:
        ips = re.findall( r'[0-9]+(?:\.[0-9]+){3}', entry)
        for ip in ips:
            newentry.append(ip)

    newblacklist = blacklist + newentry

    with open("blacklist", 'w+') as f:
        f.write('\n' .join(set(newblacklist)))
        f.close()

相关问题 更多 >

    编程相关推荐