Esempi in Python per LogNormalizer.normalize

Esempio n. 1

File: tamaauth.py Progetto: epol/TAMA

debugMessage(3,"Mindate: "+str(mindate))

try:
    log_file = open(AUTH_LOG_PATH, 'r')
except:
    debugMessage(1,AUTH_LOG_PATH+" not found, exiting")
    os.remove(PID_FILE_PATH)
    exit(0)

sources = { }

count = 0

for log in log_file:
    dic = {'raw': log}
    normalizer.normalize(dic)
    if dic.get('date')==None:
        continue
    dic['date']=dic['date'].replace(year=datetime.datetime.today().year)
    if dic.get('date') < mindate:
        continue
    if dic.get('date') == mindate:
        if session.query(Event).filter(
                                Event.date == mindate).filter(
                                Event.action == dic.get('action')).filter(
                                Event.user == dic.get('user')).filter(
                                Event.program == dic.get('program')).count() > 0 : 
            continue
    if dic.get('program') == 'sshd':
        # Gestione connessioni ssh: il source ip si trova su una action
        # 'accepted', mentre la connessione viene aperta in 'open'

Esempio n. 2

import numpy as np
import matplotlib.pyplot as plt
import pylab
# color palette
from matplotlib import cm
from logsparser.lognormalizer import LogNormalizer as LN
import GeoIP
 
normalizer = LN('/home/kura//.virtualenvs/ssh-attack-visualisation/share/logsparser/normalizers/')
auth_logs = open('/home/kura/workspace/ssh-attack-visualisation/logs/auth.log.combined', 'r')
locator = GeoIP.new(GeoIP.GEOIP_MEMORY_CACHE)
 
dataset = {}
for log in auth_logs:
    l = {'raw' : log[:-1] } # remove the ending \n
    normalizer.normalize(l)
    if l.get('action') == 'fail':
        key = str(l['date'].hour).rjust(2,'0') +\
              str(l['date'].minute).rjust(2,'0') +\
              str(l['date'].second).rjust(2,'0')
        dataset[key] = dataset.get(key, {})
        country_l = locator.country_code_by_addr(l['source_ip'])
        if country_l:
            country = country_l
        else:
            country = "Unknown"
        dataset[key][country] = dataset[key].get(country, 0) + 1

from mpl_toolkits.basemap import Basemap
 
def makemap():

Esempio n. 3

debugMessage(3, "Mindate: " + str(mindate))

try:
    log_file = open(AUTH_LOG_PATH, 'r')
except:
    debugMessage(1, AUTH_LOG_PATH + " not found, exiting")
    os.remove(PID_FILE_PATH)
    exit(0)

sources = {}

count = 0

for log in log_file:
    dic = {'raw': log}
    normalizer.normalize(dic)
    if dic.get('date') == None:
        continue
    dic['date'] = dic['date'].replace(year=datetime.datetime.today().year)
    if dic.get('date') < mindate:
        continue
    if dic.get('date') == mindate:
        if session.query(Event).filter(Event.date == mindate).filter(
                Event.action == dic.get('action')).filter(
                    Event.user == dic.get('user')).filter(
                        Event.program == dic.get('program')).count() > 0:
            continue
    if dic.get('program') == 'sshd':
        # Gestione connessioni ssh: il source ip si trova su una action
        # 'accepted', mentre la connessione viene aperta in 'open'
        if dic.get('action') == 'accept':