Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/opt/splunk/bin/python2
import re
def transform(line):
txf = re.search(r'\w{3}\s+\d{1,2}\s\d{2}:\d{2}:\d{2}\s(?:[\w.]+\s)?\(?([\w-]+)\)?', line, re.M|re.I)
if txf:
return( txf.group(1) )
else:
return( None )
syslogs = {
'<134>Jul 1 07:22:23 filterlog: 104,,,1000004861,em1,match,pass,out,4,0x0,,64,34538,0,none,1,icmp,85,192.168.XXX.XXX,2XX.3XX.2XX.1XXX,request,22129,102965': 'filterlog',
'<182>Jul 1 07:22:25 (squid-1): 1593606145.218 0 192.168.XXX.XXX NONE/200 0 CONNECT XXX.XXX.XXX.XXX:443 - HIER_NONE/- - 07:22:23.351305': 'squid-1',
'<191>Jul 1 07:37:45 dhcpd: reuse_lease: lease age 12304 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.XXX.XXX': 'dhcpd',
'<190>Jul 1 07:37:45 dhcpd: DHCPREQUEST for 192.168.XXX.XXX from XX:XX:XX:XX:XX:XX (*****) via em0': 'dhcpd',
'<190>Jul 1 07:37:45 dhcpd: DHCPACK on 192.168.XXX.XXX to XX:XX:XX:XX:XX:XX (*****) via em0': 'dhcpd',
'<174>Jul 1 07:37:30 nginx: 192.168.XXX.XXX - - [01/Jul/2020:07:37:30 -0500] "POST /sgerror.php?url=403%20&a=192.168.XXX.XXX&n=amazon-AAAAA.home.localnet&i=&s=SUBNET&t=blk_BL_tracker&u=http://udm.scorecardresearch.com/offline?c2=3005420&s=3b73ea12455e0c73b24441d42eed4d6f HTTP/1.1" 403 551 "-" "Dalvik/2.1.0 (Linux; U; Android 5.1.1; KFAUWI Build/LVY48F)"': 'nginx',
'<14>Jul 1 07:52:00 dhcpleases: Sending HUP signal to dns daemon(74211)': 'dhcpleases',
}
for l,e in syslogs.items():
t = transform(l)
if(t==e):
print( t )
else:
err = "expected {}, got {}"
print(err.format(e, t))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment