帖个刚写的脚本:按IP分类、再按端口分类汇总、排序输出
rwx_hc
|
1#
rwx_hc 发表于 2006-11-06 17:06
帖个刚写的脚本:按IP分类、再按端口分类汇总、排序输出
说明:
1。按IP对数据文件分类 2。对初次分类文件再按端口分类、统计、排序、输出排名在11位以前的
[Copy to clipboard] [ - ]
CODE:
#!/usr/bin/python
# -*- coding: cp936 -*- #diff_nights.py write by rwx_hc 2006-11-05 #此程序用于统计输出夜间访问记录 #本程序雏形由weqboy提供 import string import sys import os #处理路径分割符 import time #延时处理 #定义数据文件和比对文件路径 path_input = '..' + os.sep + 'input' + os.sep path_dat = '..' + os.sep + 'dat' + os.sep #从config.txt读入配置,取得日期数据 try: f_config = file('..' + os.sep + 'config.txt') config_list = f_config.readlines() f_config.close() except IOError: print 'Error:config.txt could not opened!' sys.exit() str_date = config_list[1][0:-1]#取得日期 #定义原始数据文件名 str_file_data = path_input + 'nights_' + str_date + '.csv' #定义比对文件,五大系统的IP文件 file_bi_ip = path_dat + 'bi_ip.dat' file_mis_ip = path_dat + 'mis_ip.dat' file_crm_ip = path_dat + 'crm_ip.dat' file_intelligent_ip = path_dat + 'intelligent_ip.dat' file_cmod_ip = path_dat + 'cmod_ip.dat' file_boss3_ip = path_dat + 'boss3_ip.dat' file_boss_ip = path_dat + 'boss_ip.dat' #定义函数filter_ip,区分IP输出数据文件 def filter_ip(file_data): #打开IP文件存入不同列表 try: f_bi_ip = file(file_bi_ip, 'r') bi_ip_list = f_bi_ip.readlines() f_bi_ip.close() f_mis_ip = file(file_mis_ip, 'r') mis_ip_list = f_mis_ip.readlines() f_mis_ip.close() f_crm_ip = file(file_crm_ip, 'r') crm_ip_list = f_crm_ip.readlines() f_crm_ip.close() f_intelligent_ip = file(file_intelligent_ip, 'r') intelligent_ip_list = f_intelligent_ip.readlines() f_intelligent_ip.close() f_cmod_ip = file(file_cmod_ip, 'r') cmod_ip_list = f_cmod_ip.readlines() f_cmod_ip.close() f_boss_ip = file(file_boss_ip, 'r') boss_ip_list = f_boss_ip.readlines() f_boss_ip.close() f_boss3_ip = file(file_boss3_ip, 'r') boss3_ip_list = f_boss3_ip.readlines() f_boss3_ip.close() except IOError: print 'Error:ip_file could not opened!' sys.exit #只读方式打开数据文件 try: f_data = file(file_data, 'r') #filelist=fsock.readlines() #fsock.close() except IOError: print 'Error:data_file could not opened!' sys.exit() #处理数据文件 str_title = f_data.readline() #得到标题栏 #新建文件以写入数据 f_bi_all = file(path_input + 'bi_ip_' + str_date, 'w') f_mis_all = file(path_input + 'mis_ip_' + str_date, 'w') f_crm_all = file(path_input + 'crm_ip_' + str_date, 'w') f_intelligent_all = file(path_input + 'intelligent_ip_' + str_date, 'w') f_cmod_all = file(path_input + 'cmod_ip_' + str_date, 'w') f_boss_all = file(path_input + 'boss_ip_' + str_date, 'w') f_boss3_all = file(path_input + 'boss3_ip_' + str_date, 'w') #写入标题栏 f_bi_all.write(str_title) f_mis_all.write(str_title) f_crm_all.write(str_title) f_intelligent_all.write(str_title) f_cmod_all.write(str_title) f_boss_all.write(str_title) f_boss3_all.write(str_title) #数据部分 while True: line = f_data.readline() if len(line) == 0: # 文件尾退出 break tmp = line.split('|') if(len(tmp) < 4): continue else: tmp = tmp[2] + '\n' #IP文件得到的列表元素都含有一个'\n' if tmp in bi_ip_list: f_bi_all.write(line) continue if tmp in mis_ip_list: f_mis_all.write(line) continue if tmp in crm_ip_list: f_crm_all.write(line) continue if tmp in intelligent_ip_list: f_intelligent_all.write(line) continue if tmp in cmod_ip_list: f_cmod_all.write(line) continue if tmp in boss_ip_list: f_boss_all.write(line) continue if tmp in boss3_ip_list: f_boss3_all.write(line) continue #关闭文件 f_data.close() # close the file f_bi_all.close() f_mis_all.close() f_crm_all.close() f_intelligent_all.close() f_cmod_all.close() f_boss_all.close() f_boss3_all.close() #filter_ip函数结束 #定义filter_port函数 def filter_port(file_data): #只读方式打开数据文件 try: f_data = file(path_input + file_data + str_date, 'r') except IOError: print 'Error:' + path_input + file_data + str_date + 'could not opened!' sys.exit() #处理数据文件 str_title = f_data.readline() str_title = 'user_id|user_name|count|uplen|downlen\n'#得到标题栏 #新建文件以写入数据 f_port_all = file(path_input + 'all_' + file_data + str_date + '.csv', 'w') f_port_telnet = file(path_input + 'telnet_' + file_data + str_date + '.csv', 'w') f_port_ftp = file(path_input + 'ftp_' + file_data + str_date + '.csv', 'w') f_port_oracle = file(path_input + 'oracle_' + file_data + str_date + '.csv', 'w') f_port_db2 = file(path_input + 'db2_' + file_data + str_date + '.csv', 'w') f_port_1445 = file(path_input + '1445_' + file_data + str_date + '.csv', 'w') #写入标题栏 f_port_all.write(str_title) f_port_telnet.write(str_title) f_port_ftp.write(str_title) f_port_oracle.write(str_title) f_port_db2.write(str_title) f_port_1445.write(str_title) dic_user_all = {} #用字典类保存用户ID-访问次数 dic_user_telnet = {} dic_user_ftp = {} dic_user_oracle = {} dic_user_db2 = {} dic_user_1445 = {} dic_username_all = {} #用字典类保存用户ID-用户名 dic_username_telnet = {} dic_username_ftp = {} dic_username_oracle = {} dic_username_db2 = {} dic_username_1445 = {} dic_uplen_all = {} #用字典类保存上行数据 dic_uplen_telnet = {} dic_uplen_ftp = {} dic_uplen_oracle = {} dic_uplen_db2 = {} dic_uplen_1445 = {} dic_downlen_all = {} #用字典类保存下行数据 dic_downlen_telnet = {} dic_downlen_ftp = {} dic_downlen_oracle = {} dic_downlen_db2 = {} dic_downlen_1445 = {} #数据部分 while True: line = f_data.readline() if len(line) == 0: # 文件尾退出 break tmp = line.split('|') #取得一行记录字段列表 #all if(dic_user_all.has_key(tmp[0])):#所有端口访问次数统计 dic_user_all[tmp[0]] += 1 else: dic_user_all[tmp[0]] = 1 dic_username_all[tmp[0]] = tmp[1]#用户ID与用户名关联 if(dic_uplen_all.has_key(tmp[0])):#所有端口上行流量求和 dic_uplen_all[tmp[0]] += long(tmp[4]) else: dic_uplen_all[tmp[0]] = long(tmp[4]) if(dic_downlen_all.has_key(tmp[0])):#所有端口下行流量求和 dic_downlen_all[tmp[0]] += long(tmp[5]) else: dic_downlen_all[tmp[0]] = long(tmp[5]) #telnet if tmp[3] == '23': if(dic_user_telnet.has_key(tmp[0])): dic_user_telnet[tmp[0]] += 1 else: dic_user_telnet[tmp[0]] = 1 dic_username_telnet[tmp[0]] = tmp[1]#用户ID与用户名关联 if(dic_uplen_telnet.has_key(tmp[0])):#23端口上行流量求和 dic_uplen_telnet[tmp[0]] += long(tmp[4]) else: dic_uplen_telnet[tmp[0]] = long(tmp[4]) if(dic_downlen_telnet.has_key(tmp[0])):#23端口下行流量求和 dic_downlen_telnet[tmp[0]] += long(tmp[5]) else: dic_downlen_telnet[tmp[0]] = long(tmp[5]) continue #ftp if tmp[3] == '21': if(dic_user_ftp.has_key(tmp[0])): dic_user_ftp[tmp[0]] += 1 else: dic_user_ftp[tmp[0]] = 1 dic_username_ftp[tmp[0]] = tmp[1]#用户ID与用户名关联 if(dic_uplen_ftp.has_key(tmp[0])):#23端口上行流量求和 dic_uplen_ftp[tmp[0]] += long(tmp[4]) else: dic_uplen_ftp[tmp[0]] = long(tmp[4]) if(dic_downlen_ftp.has_key(tmp[0])):#23端口下行流量求和 dic_downlen_ftp[tmp[0]] += long(tmp[5]) else: dic_downlen_ftp[tmp[0]] = long(tmp[5]) continue #oracle if tmp[3] == '1521': if(dic_user_oracle.has_key(tmp[0])): dic_user_oracle[tmp[0]] += 1 else: dic_user_oracle[tmp[0]] = 1 dic_username_oracle[tmp[0]] = tmp[1]#用户ID与用户名关联 if(dic_uplen_oracle.has_key(tmp[0])):#23端口上行流量求和 dic_uplen_oracle[tmp[0]] += long(tmp[4]) else: dic_uplen_oracle[tmp[0]] = long(tmp[4]) if(dic_downlen_oracle.has_key(tmp[0])):#23端口下行流量求和 dic_downlen_oracle[tmp[0]] += long(tmp[5]) else: dic_downlen_oracle[tmp[0]] = long(tmp[5]) continue #db2 if tmp[3] in ('50000','51000','56000','58000','60000'): if(dic_user_db2.has_key(tmp[0])): dic_user_db2[tmp[0]] += 1 else: dic_user_db2[tmp[0]] = 1 dic_username_db2[tmp[0]] = tmp[1]#用户ID与用户名关联 if(dic_uplen_db2.has_key(tmp[0])):#23端口上行流量求和 dic_uplen_db2[tmp[0]] += long(tmp[4]) else: dic_uplen_db2[tmp[0]] = long(tmp[4]) if(dic_downlen_db2.has_key(tmp[0])):#23端口下行流量求和 dic_downlen_db2[tmp[0]] += long(tmp[5]) else: dic_downlen_db2[tmp[0]] = long(tmp[5]) continue #1445 if tmp[3] == '1445': if(dic_user_1445.has_key(tmp[0])): dic_user_1445[tmp[0]] += 1 else: dic_user_1445[tmp[0]] = 1 dic_username_1445[tmp[0]] = tmp[1]#用户ID与用户名关联 if(dic_uplen_1445.has_key(tmp[0])):#23端口上行流量求和 dic_uplen_1445[tmp[0]] += long(tmp[4]) else: dic_uplen_1445[tmp[0]] = long(tmp[4]) if(dic_downlen_1445.has_key(tmp[0])):#23端口下行流量求和 dic_downlen_1445[tmp[0]] += long(tmp[5]) else: dic_downlen_1445[tmp[0]] = long(tmp[5]) continue f_data.close() #生成uplen列表并逆排序 #get all value_list_uplen_all = dic_uplen_all.values() value_list_uplen_all.sort(reverse=True) value_list_uplen_all = value_list_uplen_all[:11] for user in dic_user_all: if dic_uplen_all[user] in value_list_uplen_all: strtmp = user + '|' + dic_username_all[user] + '|' + str(dic_user_all[user]) \ + '|' + str(dic_uplen_all[user]) + '|' + str(dic_downlen_all[user]) + '\n' f_port_all.write(strtmp) f_port_all.close() #get telnet value_list_uplen_telnet = dic_uplen_telnet.values() value_list_uplen_telnet.sort(reverse=True) value_list_uplen_telnet = value_list_uplen_telnet[:11] for user in dic_user_telnet: if dic_uplen_telnet[user] in value_list_uplen_telnet: strtmp = user + '|' + dic_username_telnet[user] + '|' + str(dic_user_telnet[user]) \ + '|' + str(dic_uplen_telnet[user]) + '|' + str(dic_downlen_telnet[user]) + '\n' f_port_telnet.write(strtmp) f_port_telnet.close() #get ftp value_list_uplen_ftp = dic_uplen_ftp.values() value_list_uplen_ftp.sort(reverse=True) value_list_uplen_ftp = value_list_uplen_ftp[:11] for user in dic_user_ftp: if dic_uplen_ftp[user] in value_list_uplen_ftp: strtmp = user + '|' + dic_username_ftp[user] + '|' + str(dic_user_ftp[user]) \ + '|' + str(dic_uplen_ftp[user]) + '|' + str(dic_downlen_ftp[user]) + '\n' f_port_ftp.write(strtmp) f_port_ftp.close() #get oracle value_list_uplen_oracle = dic_uplen_oracle.values() value_list_uplen_oracle.sort(reverse=True) value_list_uplen_oracle = value_list_uplen_oracle[:11] for user in dic_user_oracle: if dic_uplen_oracle[user] in value_list_uplen_oracle: strtmp = user + '|' + dic_username_oracle[user] + '|' + str(dic_user_oracle[user]) \ + '|' + str(dic_uplen_oracle[user]) + '|' + str(dic_downlen_oracle[user]) + '\n' f_port_oracle.write(strtmp) f_port_oracle.close() #get db2 value_list_uplen_db2 = dic_uplen_db2.values() value_list_uplen_db2.sort(reverse=True) value_list_uplen_db2 = value_list_uplen_db2[:11] for user in dic_user_db2: if dic_uplen_db2[user] in value_list_uplen_db2: strtmp = user + '|' + dic_username_db2[user] + '|' + str(dic_user_db2[user]) \ + '|' + str(dic_uplen_db2[user]) + '|' + str(dic_downlen_db2[user]) + '\n' f_port_db2.write(strtmp) f_port_db2.close() #get 1445 value_list_uplen_1445 = dic_uplen_1445.values() value_list_uplen_1445.sort(reverse=True) value_list_uplen_1445 = value_list_uplen_1445[:11] for user in dic_user_1445: if dic_uplen_1445[user] in value_list_uplen_1445: strtmp = user + '|' + dic_username_1445[user] + '|' + str(dic_user_1445[user]) \ + '|' + str(dic_uplen_1445[user]) + '|' + str(dic_downlen_1445[user]) + '\n' f_port_1445.write(strtmp) f_port_1445.close() #filter_port函数结束 #程序体部分 start_time = time.time()#记录程序开始时间 #调用filter_ip()函数 filter_ip(str_file_data) #调用filter_port()函数 filter_port('bi_ip_') filter_port('mis_ip_') filter_port('crm_ip_') filter_port('intelligent_ip_') filter_port('cmod_ip_') filter_port('boss_ip_') filter_port('boss3_ip_') #记录程序结束时间 end_time = time.time() #计算程序耗时并输出信息 used_time = str(end_time - start_time) print '成功完成夜间访问记录文件比对操作' + '数据文件日期:' + str_date + ' 程序用时:' + used_time + '秒' time.sleep(3) |