Skip to content

Instantly share code, notes, and snippets.

Jay Swan jayswan

Block or report user

Report or block jayswan

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
from collections import Counter,defaultdict
import re
import sys
Counterpart to this blog post:
Summarize counts of typical Cisco syslog messages. Most syslog servers produce lines that look something like this:
from collections import Counter
from csv import DictReader
import gzip
from pprint import pprint
from sys import argv
FIELDNAMES = ['ts', 'uid', 'id.orig_h', 'id.orig_p', 'id.resp_h', 'id.resp_p', 'proto', 'trans_id', 'query', 'qclass', 'qclass_name', 'qtype', 'qtype_name', 'rcode', 'rcode_name', 'AA', 'TC', 'RD', 'RA', 'Z', 'answersTTLs', 'rejected']
def ingest(files, delim='\t', qchar='"'):
from collections import namedtuple
def d2n(name,d):
""" convert dict to namedtuple """
NewClass = namedtuple(name,d.keys())
return NewClass(*d.values())
import hashlib
def hash(s,a='md5'):
""" One-stop hex-digest of a string. Allows any algorithm supported by hashlib. """
f = getattr(hashlib,a)
return f(s).hexdigest()
def fhash(fn,a='md5'):
""" Hash a file as a string. Not memory considerate. """
with open(fn) as f:
jayswan /
Created Nov 25, 2014
Count Plixer log entries
from collections import defaultdict
from operator import itemgetter
import sys
FILENAME = sys.argv[1]
class SimpleCounter(defaultdict):
""" Scrutinizer ships with Python 2.6 and doesn't have the Counter object
from collections. This is a simple version of it.
View gist:c04eee5287cc7cbc5ea1
"query": {
"filtered": {
"filter": {
"bool": {
"must": [
"term": {
"EventID": 4728
View gist:3a7621d909b15c832cfb
In [142]: d
Out[142]: {'TargetUserName.raw': 'Domain Admins'}
In [143]: tt = Search(using=es,index=i)\
View gist:d4ddd71a35bb5f1ad86f
In [144]: tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
File "<ipython-input-144-1b746eb83e6f>", line 1
tt = Search(using=es,index=i)\
.filter('term',TargetUserName.raw='Domain Admins')\
SyntaxError: keyword can't be an expression
jayswan /
Created Dec 21, 2011
Python Script to find duplicate Cisco interface configs
import os
def print_dup_info(s):
#split config on ! characters
blocks = s.split('!')
stanza_list = []
interface_dict = {}
for block in blocks:
#get rid of blank lines and split each stanza into a list of lines
You can’t perform that action at this time.