Python Forum
Python Forum

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Thread Modes
Parsing a syslog file
ebolisa
Splitter
Posts: 178
Threads: 69
Joined: Oct 2018
Reputation: 1
#10
Oct-10-2021, 03:14 PM (This post was last modified: Oct-10-2021, 03:14 PM by ebolisa.)
(Oct-10-2021, 01:46 PM)snippsat Wrote: It will give KeyError if a line pass trough and can not do a dictionary call.
To make it more robust change to this.
for index,line in enumerate(data):
    try:
        res = data[index].strip().split('[audit] ')[1]
        result = literal_eval(res)
        #print(result)
        timestamp = result['timestamp']
        user = result['user']['username']
        print(timestamp)
        print(user)
    except KeyError:
        pass
        #print(res) # lines that fail

Now fails with

Error:
Traceback (most recent call last):
  File "test.py", line 20, in <module>
    res = data[index].strip().split('[audit] ')[1]
IndexError: list index out of range
This' the content of data[]
['Oct 10 11:42:42 washup20 kernel: [    0.044121] audit: initializing netlink subsys (disabled)\n', 'Oct 10 11:42:42 washup20 kernel: [    0.044434] audit: type=2000 audit(0.040:1): state=initialized audit_enabled=0 res=1\n', 
'Oct 10 12:33:27 washup20 Node-RED[334]: 10 Oct 12:33:27 - [audit] {"event":"auth.login","username":"admin","client":"node-red-editor","scope":"*","level":98,"timestamp":1633862007571}\n', 
'Oct 10 12:33:27 washup20 Node-RED[334]: 10 Oct 12:33:27 - [audit] {"event":"comms.open","level":98,"timestamp":1633862007836}\n', 
'Oct 10 12:33:27 washup20 Node-RED[334]: 10 Oct 12:33:27 - [audit] {"event":"plugins.list.get","level":98,"user":{"username":"admin","permissions":"*"},"path":"/plugins","ip":"192.168.1.28","timestamp":1633862007849}\n', 
'Oct 10 12:33:27 washup20 Node-RED[334]: 10 Oct 12:33:27 - [audit] {"event":"comms.auth","user":{"username":"admin","permissions":"*"},"level":98,"timestamp":1633862007899}\n', 
'Oct 10 12:33:27 washup20 Node-RED[334]: 10 Oct 12:33:27 - [audit] {"event":"plugins.configs.get","level":98,"user":{"username":"admin","permissions":"*"},"path":"/plugins","ip":"192.168.1.28","timestamp":1633862007938}\n', 
'Oct 10 12:33:27 washup20 Node-RED[334]: 10 Oct 12:33:27 - [audit] {"event":"nodes.list.get","level":98,"user":{"username":"admin","permissions":"*"},"path":"/nodes","ip":"192.168.1.28","timestamp":1633862007952}\n', 
'Oct 10 12:33:28 washup20 Node-RED[334]: 10 Oct 12:33:28 - [audit] {"event":"nodes.icons.get","level":98,"user":{"username":"admin","permissions":"*"},"path":"/icons","ip":"192.168.1.28","timestamp":1633862008083}\n', 
'Oct 10 12:33:28 washup20 Node-RED[334]: 10 Oct 12:33:28 - [audit] {"event":"nodes.configs.get","level":98,"user":{"username":"admin","permissions":"*"},"path":"/nodes","ip":"192.168.1.28","timestamp":1633862008097}\n', 
'Oct 10 12:33:28 washup20 Node-RED[334]: 10 Oct 12:33:28 - [audit] {"event":"flows.get","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633862008930}\n', 
'Oct 10 13:04:30 washup20 Node-RED[334]: 10 Oct 13:04:30 - [audit] {"event":"library.get","library":"local","type":"flows","path":"","level":98,"timestamp":1633863870620}\n', 
'Oct 10 13:04:30 washup20 Node-RED[334]: 10 Oct 13:04:30 - [audit] {"event":"library.get","library":"examples","type":"flows","path":"","level":98,"timestamp":1633863870627}\n', 
'Oct 10 13:04:46 washup20 Node-RED[334]: 10 Oct 13:04:46 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633863886938}\n', 
'Oct 10 13:06:55 washup20 Node-RED[334]: 10 Oct 13:06:55 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633864015713}\n', 
'Oct 10 13:08:15 washup20 Node-RED[334]: 10 Oct 13:08:15 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633864095264}\n', 
'Oct 10 13:09:50 washup20 Node-RED[334]: 10 Oct 13:09:50 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633864190630}\n', 
'Oct 10 13:10:09 washup20 Node-RED[334]: 10 Oct 13:10:09 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"demo","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633864209888}\n', 
'Oct 10 13:24:17 washup20 Node-RED[334]: 10 Oct 13:24:17 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633865057510}\n', 
'Oct 10 13:24:31 washup20 Node-RED[334]: 10 Oct 13:24:31 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633865071172}\n', 
'Oct 10 13:25:05 washup20 Node-RED[334]: 10 Oct 13:25:05 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633865105808}\n', 
'Oct 10 13:30:34 washup20 Node-RED[334]: 10 Oct 13:30:34 - [audit] {"event":"flows.set","type":"full","level":98,"user":{"username":"admin","permissions":"*"},"path":"/flows","ip":"192.168.1.28","timestamp":1633865434864}\n']
EDIT: Again, it works on Windows. For some reason, it fails on Linus where the '/var/log/syslog' file is.
Find
Reply


Messages In This Thread
Parsing a syslog file - by ebolisa - Oct-10-2021, 08:48 AM
RE: Parsing a syslog file - by snippsat - Oct-10-2021, 10:33 AM
RE: Parsing a syslog file - by ebolisa - Oct-10-2021, 10:49 AM
RE: Parsing a syslog file - by ndc85430 - Oct-10-2021, 10:53 AM
RE: Parsing a syslog file - by ebolisa - Oct-10-2021, 10:56 AM
RE: Parsing a syslog file - by snippsat - Oct-10-2021, 11:25 AM
RE: Parsing a syslog file - by ebolisa - Oct-10-2021, 11:43 AM
RE: Parsing a syslog file - by ebolisa - Oct-10-2021, 12:37 PM
RE: Parsing a syslog file - by snippsat - Oct-10-2021, 01:46 PM
RE: Parsing a syslog file - by ebolisa - Oct-10-2021, 03:14 PM
RE: Parsing a syslog file - by ebolisa - Oct-10-2021, 04:11 PM
RE: Parsing a syslog file - by snippsat - Oct-10-2021, 05:15 PM

Possibly Related Threads…
Thread Author Replies Views Last Post
Video doing data treatment on a file import-parsing a variable EmBeck87 15 3,104 Apr-17-2023, 06:54 PM
Last Post: EmBeck87
  Modify values in XML file by data from text file (without parsing) Paqqno 2 1,807 Apr-13-2022, 06:02 AM
Last Post: Paqqno
  Parsing xml file deletes whitespaces. How to avoid it? Paqqno 0 1,090 Apr-01-2022, 10:20 PM
Last Post: Paqqno
Thumbs Up Parsing a YAML file without changing the string content..?, Flask - solved. SpongeB0B 2 2,339 Aug-05-2021, 08:02 AM
Last Post: SpongeB0B
  Syslog server Fifoux082 5 2,872 Sep-15-2020, 07:08 PM
Last Post: Fifoux082
  File Name Parsing millpond 5 3,747 Aug-26-2020, 08:04 AM
Last Post: bowlofred
  Error while parsing tables from docx file aditi 1 3,846 Jul-14-2020, 09:24 PM
Last Post: aditi
  help parsing file aslezak 2 2,284 Oct-22-2019, 03:51 PM
Last Post: aslezak
  Python Script for parsing dictionary values from yaml file pawan6782 3 5,016 Sep-04-2019, 07:21 PM
Last Post: pawan6782
  Parsing an MBOX file Oliver 1 8,279 May-26-2019, 07:12 AM
Last Post: heiner55

Forum Jump:

User Panel Messages

Log Out
My Profile
Pay your profile a visit
User Control Panel
Do some changes on your profile
My Messages
View private messages unread
Avatar
Change avatar
Signature
Change signature
Announcements
Announcement #1 8/1/2020
Announcement #2 8/2/2020
Announcement #3 8/6/2020