I am trying to analyze a logfile in python 3.7. I have entries like this:
2020-07-13 18:05:43.332880;sshd;1144;logon root from 192.168.179.9 started
2020-07-13 18:10:12.332880;sshd;1854;logon admin from 192.168.179.3 finished
2020-07-14 03:17:02.332880;sshd;1169;logon admin from 10.0.1.5 failed
2020-07-14 03:19:30.332880;sshd;1297;logon root from 10.0.1.3 failed
I read the file into python as such:
def readLog(fname):
""" Read log-events from file """
lines = []
file = open("<pathname>", encoding = 'utf-8')
lines = file.read()#.split('\n')
file.close()
return lines # returns the logfile
I need to get a summary as output looking like this:
day:2020-07-01,prog:SSH,success:12,failure:13,ip:1.2.3.4
So the goal is to get all info such as the date, amount of failed and succsessful attempts for each different ip address. I tried splitting but I can't get it to work, I have tried a few approaches but with no result yet. I tried:
events = readLog(logFname)
for event in events:
event.split(" ",4)
print(event)
#ipList=[]
#ipList.append(event)
The ip is after the 4th space, but I want only the ip so only from the 4th space untill the 5th. Not sure how to do that either. But I need to get the split to works first, then I can try to solve the details. I looked around on the internet and found a few solutions (see sources below) but I haven't been able to use them correctly or get them to work. I tried at something like this:
events = readLog(logFname)
for event in events:
[i.split(" ", 4) for i in event]
Hope someone can help me with this,thank you. Sources:
How to split elements of a list?
Python Recognizing An IP In A String
http://www.datasciencemadesimple.com/remove-spaces-in-python/
