For N reasons, a task for analyzing intrusion logs falls on me. how can I quickly analyze 1 GB of logs ?? Shi said that he could make a script to parse the database and then analyze it in the database... Computing... for N reasons, a task for analyzing intrusion logs falls on me. how can I quickly analyze 1 GB of logs ?? Shi said that he could make a script to parse the database and then analyze it in the database... If you forget it, it hurts. Simply code a script to analyze the problematic logs. So we have this little script. As for how to use it, it depends on yourself. haha, for example, if you find the SQL injection statement and then see the IP address, you can change the script, use the IP address as the feature to retrieve logs, and analyze the intrusion process. The speed is very fast. it takes several seconds to run 1G log files on my broken machine.
It is a pleasure and interesting to write programs to complete tasks at work. Haha
Use parameters: seay. py E:/1.log
# Coding = utf8 # Filename = seay. pyimport osimport sys # feature, which can be modified at will. for example, the two items may be one time (_ tezheng = {'join', 'select', 'File _ put_contents '} def CheckFile (_ path ): _ f = open (_ path, "r") _ All_Line = _ f. readlines () _ f. close () _ Count_Line = 0 _ Len_Line = len (_ All_Line) _ Ex_Str = ''print ('read Over -- ') while _ Count_Line <_ Len_Line: _ Str = _ All_Line [_ Count_Line] for _ tz_Str in _ tezheng: if _ tz_Str in _ Str: # The and condition can be added. this is more expensive than 5 hairs at a time. _ Ex_Str + = _ tz_Str + _ Str + '\ r \ n' _ Count_Line + = 1 _ f1 = open(_path='.seay.txt', "w") _ f1.write (_ Ex_Str) _ f1.close () print 'find Over -- 'If len (sys. argv) = 2: _ File = sys. argv [1] if OS. path. lexists (_ File): CheckFile (_ File) else: print ('file does not exist! ') Else: print 'parameter error' print sys. argv [0] + 'filepath'
Finally, a file named .seay.txt is generated, in the same directory, in the format of matched features + logs.