这是我在stackoverflow上提出的第一个问题,我真的很期待成为这个社区的一员.我是程序新手,python是很多人推荐的第一个程序.
无论如何.我有一个日志文件,如下所示:
"No.","Time","Source","Destination","Protocol","Info" "1","0.000000","120.107.103.180","172.16.112.50","TELNET","Telnet Data ..." "2","0.000426","172.16.113.168","Telnet Data ..." "3","0.019849","TCP","21582 > telnet [ACK]" "4","0.530125","Telnet Data ..." "5","0.530634","Telnet Data ..."
我想用Python解析日志文件,使其看起来如下:
From IP 135.13.216.191 Protocol Count:
(IMF 1)
(SMTP 38)
(TCP 24) (Total: 63)
如果我使用列表并循环遍历它或词典/元组,我真的想要一些帮助解决这个问题的路径?
在此先感谢您的帮助!
解决方法
首先,您需要阅读文本文件
# Open the file
file = open('log_file.csv')
# readlines() will return the data as a list of strings,one for each line
log_data = file.readlines()
# close the log file
file.close()
设置字典以保存结果
results = {}
现在迭代您的数据,一次一行,并在字典中记录协议
for entry in log_data:
entry_data = entry.split(',')
# We are going to have a separate entry for each source ip
# If we haven't already seen this ip,we need to make an entry for it
if entry_data[2] not in results:
results[entry_data[2]] = {'total':0}
# Now check to see if we've seen the protocol for this ip before
# If we haven't,add a new entry set to 0
if entry_data[4] not in results[entry_data[2]]:
results[entry_data[2]][entry_data[4]] = 0
# Now we increment the count for this protocol
results[entry_data[2]][entry_data[4]] += 1
# And we increment the total count
results[entry_data[2]]['total'] += 1
一旦你计算了所有内容,只需重复计算并打印出结果
for ip in results:
# Here we're printing a string with placeholders. the {0},{1} and {2} will be filled
# in by the call to format
print "from: IP {0} Protocol Count: {1})".format(
ip,# And finally create the value for the protocol counts with another format call
# The square braces with the for statement inside create a list with one entry
# for each entry,in this case,one entry for each protocol
# We use ' '.join to join each of the counts with a string
' '.join(["({0}: {1})".format(protocol,results[ip][protocol] for protocol in results[ip])]))