studiawan/log-parser-pyparsing.py

## log-parser-pyparsing.py
import sys
import csv
from pyparsing import Word, alphas, Suppress, Combine, string, nums, Optional, Regex


class AuthLogParser(object):
	def __init__(self, log_file):
		self.log_file = log_file
		self.authlog_grammar = self.__get_authlog_grammar()

	@staticmethod
	def __get_authlog_grammar():
		ints = Word(nums)

		# timestamp
		month = Word(string.ascii_uppercase, string.ascii_lowercase, exact=3)
		day = ints
		hour = Combine(ints + ":" + ints + ":" + ints)
		timestamp = month + day + hour

		# hostname, service name, message
		hostname_or_ip = Word(alphas + nums + "_" + "-" + ".")
		appname = Word(alphas + "/" + "-" + "_" + ".") + Optional(Suppress("[") + ints + Suppress("]")) + Suppress(":")
		message = Regex(".*")

		# auth log grammar
		authlog_grammar = timestamp.setResultsName('timestamp') + hostname_or_ip.setResultsName('hostname') + \
						  appname.setResultsName('application') + message.setResultsName('message')

		return authlog_grammar

	def __get_fields(self, log_line):
		# parsing
		parsed = self.authlog_grammar.parseString(log_line)

		# get each field
		parsed_log = dict()
		parsed_log['timestamp'] = ' '.join(parsed.timestamp.asList())
		parsed_log['hostname'] = parsed.hostname
		parsed_log['application'] = ' '.join(parsed.application.asList())
		parsed_log['message'] = parsed.message

		return parsed_log

	def parse_authlog(self):
		try:
			# open csv file
			f = open(self.log_file + '.csv', 'wt')
			writer = csv.writer(f)
			writer.writerow(['timestamp', 'hostname', 'application', 'message'])

			with open(self.log_file, 'r') as f:
				# read each line
				for line in f:
					# parse a line
					result = self.__get_fields(line)

					# write to csv file and print
					writer.writerow([result['timestamp'], result['hostname'], result['application'], result['message']])
					print(result)

			# close csv file
			f.close()

		except FileNotFoundError:
			print('File not found.')
			sys.exit(1)


if __name__ == '__main__':
	if len(sys.argv) == 2:
		file_name = sys.argv[1]
		parser = AuthLogParser(file_name)
		parser.parse_authlog()

	else:
		print('Please type a correct log file name.')
		sys.exit(1)
	import sys
	import csv
	from pyparsing import Word, alphas, Suppress, Combine, string, nums, Optional, Regex


	class AuthLogParser(object):
	def __init__(self, log_file):
	self.log_file = log_file
	self.authlog_grammar = self.__get_authlog_grammar()

	@staticmethod
	def __get_authlog_grammar():
	ints = Word(nums)

	# timestamp
	month = Word(string.ascii_uppercase, string.ascii_lowercase, exact=3)
	day = ints
	hour = Combine(ints + ":" + ints + ":" + ints)
	timestamp = month + day + hour

	# hostname, service name, message
	hostname_or_ip = Word(alphas + nums + "_" + "-" + ".")
	appname = Word(alphas + "/" + "-" + "_" + ".") + Optional(Suppress("[") + ints + Suppress("]")) + Suppress(":")
	message = Regex(".*")

	# auth log grammar
	authlog_grammar = timestamp.setResultsName('timestamp') + hostname_or_ip.setResultsName('hostname') + \
	appname.setResultsName('application') + message.setResultsName('message')

	return authlog_grammar

	def __get_fields(self, log_line):
	# parsing
	parsed = self.authlog_grammar.parseString(log_line)

	# get each field
	parsed_log = dict()
	parsed_log['timestamp'] = ' '.join(parsed.timestamp.asList())
	parsed_log['hostname'] = parsed.hostname
	parsed_log['application'] = ' '.join(parsed.application.asList())
	parsed_log['message'] = parsed.message

	return parsed_log

	def parse_authlog(self):
	try:
	# open csv file
	f = open(self.log_file + '.csv', 'wt')
	writer = csv.writer(f)
	writer.writerow(['timestamp', 'hostname', 'application', 'message'])

	with open(self.log_file, 'r') as f:
	# read each line
	for line in f:
	# parse a line
	result = self.__get_fields(line)

	# write to csv file and print
	writer.writerow([result['timestamp'], result['hostname'], result['application'], result['message']])
	print(result)

	# close csv file
	f.close()

	except FileNotFoundError:
	print('File not found.')
	sys.exit(1)


	if __name__ == '__main__':
	if len(sys.argv) == 2:
	file_name = sys.argv[1]
	parser = AuthLogParser(file_name)
	parser.parse_authlog()

	else:
	print('Please type a correct log file name.')
	sys.exit(1)