您如何使用特定状态代码打印最常用的客户端 IP。
import os
import re
from collections import Counter
from collections import OrderedDict
fileNames = []
textInfo = []
d = {}
currentDirectoryPath = os.getcwd()
print(currentDirectoryPath)
regexp = re.compile(
r'(?P<clientIP>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}).+\['
+ '(?P<timestamp>\d{2}/[A-Z][a-z]{2}/\d\d\d\d).+\"'
+ '(?P<action>[A-Z]{3,4}).+\"'
+ '\s*(?P<statuscode>[1-5][0-9][0-9])'
)
os.chdir("/content/drive/log")
currentDirectoryPath = os.getcwd()
listOfFileNames = os.listdir(currentDirectoryPath)
#for files in listOfFileNames :
#print(files)
f = open('access_1.log', 'r')
matched = 0
failed = 0
cnt_clientIPs = Counter()
cnt_clientAction = Counter()
cnt_clientTimeStamp = Counter()
cnt_clientStatusCode = Counter()
for line in f:
m = re.match(regexp, line)
if m:
cnt_clientIPs.update([m.group('clientIP')])
cnt_clientAction.update([m.group('action')])
cnt_clientStatusCode.update([m.group('statuscode')])
matched += 1
else:
failed += 1
continue
print("""""\
client .........: %s
timestamp ......: %s
action .........: %s
statuscode.........: %s
""" % ( m.group('clientIP'),
m.group('timestamp'),
m.group('action'),
m.group('statuscode'),
))
for line in f:
m = re.match(regexp, line)
if m:
d = {m.group("clientIP"): m.group("statuscode")}
print(d)
userInputIP = input("Enter how many of the top clients you want to see. ")
print('[*] %d lines matched the regular expression' % (matched))
print('[*] %d lines failed to match the regular expression' % (failed), end='\n\n')
print('[*] ============================================')
print('[*] '+ userInputIP +' Most Frequently Occurring Clients Queried')
print('[*] ============================================')
for clientIP, count in cnt_clientIPs.most_common(int(userInputIP)):
print('[*] %30s: %d' % (clientIP, count))
print('[*] ============================================')
上面的这些行是一些测试行,可以帮助你们并显示我在文本文件中处理的内容。
墨色风雨1回答
-
翻翻过去那场雪
您的cnt_clientStatusCode计数器应该计算由 ip/状态代码对组成的元组:for line in f: m = re.match(regexp, line) if m: client_ip = m.group('clientIP') statuscode = m.group('statuscode') client_statuscode = (client_ip, statuscode) # ip / status code combination cnt_clientIPs.update([client_ip]) cnt_clientAction.update([m.group('action')]) cnt_clientStatusCode.update([client_statuscode]) matched += 1 else: failed += 1 continue然后,您可以列出n最常见的组合,其中n = int(userInputIpPlusStatus):for (clientIP, statusCode), count in cnt_clientStatusCode.most_common(int(userInputIpPlusStatus)): print('[*] %30s: %d: %5s:' % (clientIP, count, statusCode))print('[*] ============================================')当然,您可以提出一个额外的问题,询问用户对哪个特定状态代码感兴趣,并且只打印具有该特定状态代码的项目。这样做的逻辑是:wanted_status_code = input("What status code are you interested in: ")userInputIpPlusStatus = input("Enter how many of the top clients do you want to see for this status code: ")n = int(userInputIpPlusStatus)count = 0for (clientIP, statusCode), count in cnt_clientStatusCode.most_common(): if statusCode == wanted_status_code: print('[*] %30s: %d: %5s:' % (clientIP, count, statusCode)) count += 1 if count == n: breakprint('[*] ============================================')更新如果您想更有效地搜索特定状态代码,那么有一个计数器字典,其键是状态代码,其值是客户端 ips 的计数器:from collections import defaultdictstatus_dict = defaultdict(Counter)for line in f.split: m = re.match(regexp, line) if m: client_ip = m.group('clientIP') statuscode = m.group('statuscode') client_statuscode = (client_ip, statuscode) cnt_clientIPs.update([client_ip]) cnt_clientAction.update([m.group('action')]) cnt_clientStatusCode.update([client_statuscode]) status_dict[statuscode].update([client_ip]) matched += 1 else: failed += 1 continue然后:wanted_status_code = input("What status code are you interested in: ")userInputIpPlusStatus = input("Enter how many of the top clients do you want to see for this status code: ")for clientIP, count in status_dict.get(wanted_status_code, Counter()).most_common(int(userInputIpPlusStatus)): print('[*] %30s: %d: %5s:' % (clientIP, count, wanted_status_code))print('[*] ============================================')
随时随地看视频慕课网APP
相关分类
Python