Oct-10-2021, 08:48 AM
Hi,
I'm trying to extract data from a system log file but, I cannot get the syntax right.
Particularly, I'm trying to get the username and its timestamp value so I can save them into a DB.
I appreciate some help.
TIA
filename:
I'm trying to extract data from a system log file but, I cannot get the syntax right.
Particularly, I'm trying to get the username and its timestamp value so I can save them into a DB.
I appreciate some help.
TIA
filename:
Oct 10 08:51:04 washup20 Node-RED[17201]: 10 Oct 08:51:04 - [info] Started flows Oct 10 08:51:04 washup20 Node-RED[17201]: 10 Oct 08:51:04 - [info] [mqtt-broker:server] Connected to broker: mqtt://192.168.1.230:1883 Oct 10 08:51:04 washup20 Node-RED[17201]: 10 Oct 08:51:04 - [audit] {"event":"comms.open","level":98,"timestamp":1633848664512} Oct 10 08:51:04 washup20 Node-RED[17201]: 10 Oct 08:51:04 - [audit] {"event":"comms.auth","user":{"username":"admin","permissions":"*"},"level":98,"timestamp":1633848664540} Oct 10 08:51:04 washup20 Node-RED[17201]: 10 Oct 08:51:04 - [info] [remote-access:Remote access] Using nodered02.remote-red.com on port 59153 Oct 10 08:51:04 washup20 Node-RED[17201]: 10 Oct 08:51:04 - [info] [remote-access:Remote access] starting ssh process Oct 10 08:55:14 washup20 Node-RED[17201]: 10 Oct 08:55:14 - [audit] {"event":"auth.login.revoke","level":98,"user":{"username":"admin","permissions":"*"},"path":"/auth/revoke","ip":"192.168.1.28","timestamp":1633848914062}
import re import json filename = "systemfile.log" # strip unneeded text from json format and save audit lines only re_line= re.compile("audit") data = [] with open(filename, "r") as in_file: # Loop over each log line for line in in_file: if re_line.search(line): data.append(line) print(data) # so far so good for i in range(len(data)): print('user= {}'.format(int(data[0][i]))) # <-- syntax error # for i in range(len(data)): # username = user[username] # timestamp = # with open(data) as audits: # for line in audits: # audit = json.loads(line) # # process event dictionary # print(audit['username']['timestamp'])