Due to various reasons, a task of analyzing intrusion logs fell on me. How can I quickly analyze a 1G log? ? Mr. Ci said that he could create a script to parse and store it in the database, and then analyze it in the database. . . Forget it, that’s a pain in the ass, just write a script to analyze the problematic logs. So there was this little script. As for how to use it, it’s up to you, haha. For example, if you find the SQL injection statement and then see the IP, you can change the script, use the IP as a feature to extract the log, and analyze the intrusion process. It's very fast. It only takes a few seconds for my broken machine to run a 1G log file.
Writing programs to complete tasks at work is very happy and interesting. Haha
Use parameters: seay.py E:/1.log
#coding = utf8 #Filename = seay.py import os import sys #特征,可以随意改,两块五一次 _tezheng = {'union','select','file_put_contents'} def CheckFile(_path): _f = open(_path,"r") _All_Line = _f.readlines() _f.close() _Count_Line =0 _Len_Line = len(_All_Line) _Ex_Str = '' print('Read Over --') while _Count_Line<_Len_Line: _Str = _All_Line[_Count_Line] for _tz_Str in _tezheng: if _tz_Str in _Str: #可以加and条件,这个贵一点,5毛一次 _Ex_Str+=_tz_Str+_Str+'\r\n' _Count_Line+=1 _f1 = open(_path+'.seay.txt',"w") _f1.write(_Ex_Str) _f1.close() print 'Find Over--' if len(sys.argv)==2: _File = sys.argv[1] if os.path.lexists(_File): CheckFile(_File) else: print('File does not exist!') else: print 'Parameter error' print sys.argv[0]+' FilePath'
The final file generated is: original file name.seay.txt in the same directory, in the format of matching features + log