我的python歷程--ISA Log 分析
wantfly
|
1#
wantfly 发表于 2005-11-01 15:20
我的python歷程--ISA Log 分析
上周五完成了這個log分析
###################################### # 數據文件的格式如下: #Software: Microsoft(R) Internet Security and Acceleration Server 2000 #Version: 1.0 #Date: 2005-10-13 00:00:05 #Fields: c-ip cs-username c-agent sc-authenticated date time s-svcname s-computername cs-referred r-host r-ip r-port time-taken cs-bytes sc-bytes cs-protocol cs-transport s-operation cs-uri cs-mime-type s-object-source sc-status s-cache-info rule#1 rule#2 10.5.1.163 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2005-10-13 00:00:05 w3proxy SZFTP - - - - - 268 - - TCP GET http://promos.hotbar.com/promos/promodll.dll?GetPromo&El=&SG=&RAND=13406&partner=hbtools&/p.gif - - 12209 0x0 - - 10.5.1.163 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2005-10-13 00:00:05 w3proxy SZFTP - - - - - 372 - - TCP GET http://promos.hotbar.com/promos/promodll.dll?GetPromo&El=&SG=&RAND=13406&partner=hbtools&/p.gif - - 0 0x0 - - 10.5.1.163 YAHSINjinghua.lei Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Y 2005-10-13 00:00:05 w3proxy SZFTP - - - - - 528 - - TCP GET http://promos.hotbar.com/promos/promodll.dll?GetPromo&El=&SG=&RAND=13406&partner=hbtools&/p.gif - - 12209 0x0 - - 10.7.64.31 yahsindanny.sun Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; MSN Messenger 7.0.0777) Y 2005-10-13 00:00:23 w3proxy SZFTP - 207.46.3.11 207.46.3.11 80 188 281 355 http TCP POST http://207.46.3.11/gateway/gateway.dll?Action=poll&SessionID=468608173.14050 application/x-msn-messenger Inet 200 0x40000004 all Allow rule 10.5.1.163 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2005-10-13 00:00:40 w3proxy SZFTP - - - - - 268 - - TCP GET http://promos.hotbar.com/promos/promodll.dll?GetPromo&El=&SG=&RAND=99396&partner=hbtools&/p.gif - - 12209 0x0 - - 10.5.1.163 anonymous Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) N 2005-10-13 00:00:40 w3proxy SZFTP - - - - - 372 - - TCP GET http://promos.hotbar.com/promos/promodll.dll?GetPromo&El=&SG=&RAND=99396&partner=hbtools&/p.gif - - 0 0x0 - - ####################################### 需要安裝python和Karrigell, ####################################### # 第一個文件: # index.py import os import datetime workdir = "z:/" os.chdir(workdir) ############################################################### # Get LOG file list file_list = [] date_list = [] file_list.append("file name") date_list.append("date time") for f in os.listdir(workdir): if f[0:3] == "WEB": file_list.append(f) date_list.append(f[7:15]) ############################################################### # generate HTML Head print """ web log analysis """ ############################################################### # generate HTML Body print "" print "" , date_list[0] , " " print "" , file_list[0] , " " for x in range(1,len(file_list)): print "" print "" print date_list[x] print "" print "" , file_list[x] , " " print "" ############################################################## # generate HTML Tail a = datetime.datetime.today().isoformat(' ') b = string.split(a," ") print """ Generate Date: """ print b[0],b[1] print """ Power By : Python Script connect: admin@aabb.com """ del file_list del date_list del a,b ######################## END File ######################## # 第二個文件:t1.py #import cStringIO import sys import re import string import datetime import os from os.path import join ############################################################## # Analisys information workdir = 'z:/' os.chdir(workdir) fn = string.strip(QUERY["file_name"]) filename = workdir + fn input = sys.stdin input = open(filename) #input = open("z:/WEB.log") ip_list = [] user_list = [] url_list = [] #tver = "" #tdate = "" #tsoft = "" for line in input.readlines(): list1 = line.split(" ") if len(list1) > 1: if list1[0][0:6] == "#Field": ip_list.append("Client IP") user_list.append("Account Name") url_list.append("URL List") else: if (list1[0] not in ip_list) or (list1[1] not in user_list): ip_list.append(list1[0]) user_list.append(list1[1]) url_list.append(list1[18]) else: if line[0:4] == "#Sof": tsoft = line elif line[0:4] == "#Ver": tver = line elif line[0:4] == "#Dat": tdate = line input.close() ############################################################################### # Generate HTML Head print "" ,tsoft,"" print "",tdate,"" print "",tver,"" print "" , '#FileName:' , filename , "" ############################################################################### # Generate HTML Body print """ Client IP Account Name URL List """ for x in range(1,len(ip_list)): #print ip_list[x] print "" print "" print ip_list[x] print "" print "" print user_list[x] print "" print url_list[x] print "" print "" ############################################################## # generate HTML Tail a = datetime.datetime.today().isoformat(' ') b = string.split(a," ") print """ Generate Date: """ print b[0],b[1] print """ Power By : Python Script connect: admin@aabb.com """ ######################## Del variable ######################## #ip_list = [] #user_list = [] #url_list = [] del tver , tdate , tsoft , a , b ######################## END File ######################## # 第三個文件 filter.py import os import sys import re import datetime workdir = 'z:/' os.chdir(workdir) fn = string.strip(QUERY["fn"]) filename = workdir + fn ip_list = [] user_list = [] url_list = [] t_in = 0 t_out = 0 t_total = 0 ############################################################################# def grep_ip(ip): t_in = 0 t_out = 0 t_total = 0 input = sys.stdin input = open(filename) #input = open("z:/WEB.log") for line in input.readlines(): list1 = line.split(" ") if len(list1) > 1: if list1[0][0:6] == "#Field": ip_list.append("Client IP") user_list.append("Account Name") url_list.append("URL List") else: if list1[0] == ip: ip_list.append(list1[0]) user_list.append(list1[1]) url_list.append(list1[18]) if list1[13] != "-": t_out = t_out + int(list1[13]) if list1[14] != "-": t_in = t_in + int(list1[14]) t_total = t_total + t_out + t_in else: if line[0:4] == "#Sof": tsoft = line elif line[0:4] == "#Ver": tver = line elif line[0:4] == "#Dat": tdate = line input.close() #print ip_list ############################################################################# # def grep_name(username): t_in = 0 t_out = 0 t_total = 0 input = sys.stdin input = open(filename) #input = open("z:/WEB.log") for line in input.readlines(): list1 = line.split(" ") if len(list1) > 1: if list1[0][0:6] == "#Field": ip_list.append("Client IP") user_list.append("Account Name") url_list.append("URL List") else: if list1[1] == username: ip_list.append(list1[0]) user_list.append(list1[1]) url_list.append(list1[18]) if list1[13] != "-": t_out = t_out + int(list1[13]) if list1[14] != "-": t_in = t_in + int(list1[14]) t_total = t_total + t_out + t_in else: if line[0:4] == "#Sof": tsoft = line elif line[0:4] == "#Ver": tver = line elif line[0:4] == "#Dat": tdate = line input.close() #print user_list ######################## Generate HTML ########################## def generate_html(): #### generate HTML Head print """ web log analysis """ #### generate HTML Body print """ Client IP Account Name URL List """ for x in range(1,len(ip_list)): #print ip_list[x] print "" print "" print ip_list[x] print "" print "" print user_list[x] print "" print url_list[x] print "" print "" #### generate HTML Tail a = datetime.datetime.today().isoformat(' ') b = string.split(a," ") print """ Generate Date: """ print b[0],b[1] print """ Power By : Python Script connect: admin@aabb.com """ ############################################################################# if QUERY.has_key("c_ip"): tip = string.strip(QUERY["c_ip"]) ttype = string.strip(QUERY["type"]) grep_ip(tip) generate_html() if QUERY.has_key("uname"): tun = string.strip(QUERY["uname"]) ttype = string.strip(QUERY["type"]) grep_name(tun) generate_html() ip_list = [] user_list = [] url_list = [] ############################################################################### 還想添加一些功能,如前十名網站,前十名用戶,異常用戶,異常使用記錄等. 還要等幾天才行. |