Python过滤防火墙日志脚本(可以解析IP所在区域)

一个过滤防火墙日志的脚本:

#-*- coding: utf-8 -*-,
#coding = utf-8

import httplib
import json
import sys
import codecs
import time
import datetime

file_path = "F:\\var_log_messages.2014-5-18-0_0"
output_path = "F:\\var_log_messages_2014-5-18-20_city.txt"

TaobaoIpQueryAddress = 'http://ip.taobao.com/service/getIpInfo.php?ip='

fhdl = open(file_path, 'r')
outputhdl = open(output_path,'w')

outputhdl.write(codecs.BOM_UTF8)

outputhdl.write("Date,IP,City,Device,Username,Content\n")
    
def parse_time(str_time):
    format = "%B %Y %d %H:%M:%S"
    _time = time.strptime(str_time,format)
    _time = time.mktime(_time)
    _time = datetime.datetime.fromtimestamp(_time) 
    _time = _time - datetime.timedelta(minutes = 40)
    return _time

def get_time(str):
    _str = str.split(" ")
    _time = "%s %s %s %s" % (_str[4],_str[6],_str[5],_str[7])
    return (parse_time(_time))

def get_username(str):
    _str = str.split(" ")
    for i,_ in enumerate(_str):
        if _ == "Username":
            return "%s" % (_str[i+2]).split(",")[0]

def get_ip(str):
    _str = str.split(" ")
    for i,_ in enumerate(_str):
        if _ == "IP" and _str[i+1] == "=":
            return "%s" % (_str[i+2]).split(",")[0]

def get_device(str):
    _str = str.split(" ")
    return _str[8]

def get_city(ip):
     conn = httplib.HTTPConnection('ip.taobao.com',80,timeout=10)
     conn.request('GET', TaobaoIpQueryAddress+ip, '', {'user-agent':'Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1'})
     r = conn.getresponse()
     content = r.read()
     content = content.decode('UTF-8')
     data = json.loads(content)
     ret = ("%s%s%s%s") % (data['data']['country'].encode('UTF-8'),
                            data['data']['area'].encode('UTF-8'),
                            data['data']['region'].encode('UTF-8'),
                            data['data']['city'].encode('UTF-8'))
     conn.close()
     return ret

def get_content(str):
    _str = str.split(" ")
    is_content = False
    content = ""
    for i,_ in enumerate(_str):
        if _ == "IP" and _str[i+1] == "=":
            is_content = True
        if is_content:
            content += _
            content += " " 
    _content = content.split(".")
    __content = _content[3]
    ___content = __content.split(",")[1].replace("\n","")
    return ___content         

for line in fhdl:
    if line.find("Username") != -1:
        output = "%s,%s,%s,%s,%s,%s\n" % (get_time(line),get_ip(line),get_city(get_ip(line)),get_device(line),get_username(line),get_content(line))
        #output = "%s,%s,%s,%s\n" % (get_time(line),get_ip(line),get_username(line),get_content(line))
        print output
        outputhdl.write(output) 

fhdl.close()
outputhdl.close()

print "Finished."

发表评论

电子邮件地址不会被公开。 必填项已用*标注

*