Last active
September 10, 2017 11:16
-
-
Save M0r13n/10ab4391aae8dcf29befb18b82f46c89 to your computer and use it in GitHub Desktop.
simple script for parsing syslog logs from my edgerouter firewall + adding some extra information like GeoIP or whois information to it
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import requests | |
import sys | |
__log_path = "logile path" | |
__parsed_log_path = "new parsed logfile" | |
__parsed_log_path_only_ip = " " | |
__apiKey = "enter api key for dn-ip here " | |
__api_Url = "http://api.db-ip.com/v2/" # to be added : <apiKey>/<ipAddress> | |
ips = [] | |
with open(__log_path) as log: | |
for line in log: | |
# Partitioniert jede Zeile erst anhand des Keywords SRC= und extract alles ab diesem Keyword inklusive desselben, anschließend wird alles überflüssige abgeschnitten. | |
s = (line.partition("SRC=")[1] + line.partition("SRC=")[2]).partition("DST")[0].replace("SRC=", "").replace(" ", | |
"") | |
# in Liste packen | |
if s != "192.168.2.1" and s != "" and s != "192.168.2.146": | |
ips.append(s) | |
ips = sorted(ips) | |
filtered_List = [] | |
# doopelte ips zusammenfassen, zähler steht jeweils nach dem jeweiligen Eintrag | |
for ip in ips: | |
if not filtered_List.__contains__(ip): | |
filtered_List.append(ip) | |
filtered_List.append(1) | |
else: | |
filtered_List[filtered_List.index(ip) + 1] += 1 | |
#print(filtered_List) | |
with open(__parsed_log_path_only_ip, 'w') as file: | |
for ip in ips: | |
file.write(ip + '\n') | |
with open(__parsed_log_path, 'w') as f: | |
for ip in filtered_List: | |
if str(ip).__contains__('.'): | |
r = requests.get(__api_Url + __apiKey + "/" + ip) | |
f.write(str(str(r.json()).encode(sys.stdout.encoding, errors='replace')) + ' count: ' + str( | |
filtered_List[filtered_List.index(ip) + 1]) + '\n') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment