chilin0525/parser.py

## parser.py
import re
class malicious:
    def __init__(self,*args):
        self.month = args[0]
        self.day = args[1]
        self.time = args[2]
        self.types = args[3]
        self.user = args[4]
        self.ip = args[5]

    def fprint(self):
        print("%10s %10s %10s %10s %15s %18s" %
        (self.month, self.day, self.time, self.types, self.user, self.ip))


def formatting(log_split_str, log_src_str):
    try:
        if(log_split_str[5] == "Failed"):
            ip = None
            ip = re.findall("\d+\.\d+\.\d+\.\d+", log_src_str)[0]
            args = (log_split_str[0], log_split_str[1], log_split_str[2],
                    log_split_str[5], None, ip)
            return (malicious(*args), True)
        elif(log_split_str[5] == "Invalid"):
            args = (log_split_str[0], log_split_str[1], log_split_str[2],
                    log_split_str[5], log_split_str[7], log_split_str[9])
            return (malicious(*args), True)
        elif (log_split_str[5] == "Accepted"):
            args = (log_split_str[0], log_split_str[1], log_split_str[2],
                    log_split_str[5], log_split_str[8], log_split_str[10])
            return (malicious(*args),True)
    except IndexError:
        print("index error of %s" % (log_split_str))

    return (None,False)

def main():
    log_file = open("/var/log/auth.log")
    malicious_list = []
    log_file = log_file.readlines()
    log_file = [tmp.strip() for tmp in log_file]

    for i in log_file:
        (instances, check) = formatting(i.split(), i)
        if(instances is not None):
            malicious_list.append(instances)

    for i in malicious_list:
        i.fprint()


if(__name__=="__main__"):
    main()
	import re
	class malicious:
	def __init__(self,*args):
	self.month = args[0]
	self.day = args[1]
	self.time = args[2]
	self.types = args[3]
	self.user = args[4]
	self.ip = args[5]

	def fprint(self):
	print("%10s %10s %10s %10s %15s %18s" %
	(self.month, self.day, self.time, self.types, self.user, self.ip))


	def formatting(log_split_str, log_src_str):
	try:
	if(log_split_str[5] == "Failed"):
	ip = None
	ip = re.findall("\d+\.\d+\.\d+\.\d+", log_src_str)[0]
	args = (log_split_str[0], log_split_str[1], log_split_str[2],
	log_split_str[5], None, ip)
	return (malicious(*args), True)
	elif(log_split_str[5] == "Invalid"):
	args = (log_split_str[0], log_split_str[1], log_split_str[2],
	log_split_str[5], log_split_str[7], log_split_str[9])
	return (malicious(*args), True)
	elif (log_split_str[5] == "Accepted"):
	args = (log_split_str[0], log_split_str[1], log_split_str[2],
	log_split_str[5], log_split_str[8], log_split_str[10])
	return (malicious(*args),True)
	except IndexError:
	print("index error of %s" % (log_split_str))

	return (None,False)

	def main():
	log_file = open("/var/log/auth.log")
	malicious_list = []
	log_file = log_file.readlines()
	log_file = [tmp.strip() for tmp in log_file]

	for i in log_file:
	(instances, check) = formatting(i.split(), i)
	if(instances is not None):
	malicious_list.append(instances)

	for i in malicious_list:
	i.fprint()


	if(__name__=="__main__"):
	main()