If we assume this log file:
Is that what you're looking for?
Output:<150>Nov 7 07:38:00 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57418 -> 17.57.172.11:443 (TCP) close connection
<150>Nov 7 07:39:10 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57422 -> 17.57.172.11:443 (TCP)
<150>Nov 7 07:44:00 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57423 -> 17.57.172.11:443 (TCP)
<150>Nov 7 07:46:20 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57424 -> 17.57.13.65:443 (TCP)
<150>Nov 7 07:48:30 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57425 -> 17.57.13.65:443 (TCP)
<150>Nov 7 07:50:10 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57426 -> 17.57.13.65:443 (TCP)
<150>Nov 7 07:55:10 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57427 -> 17.57.172.11:443 (TCP)
<150>Nov 7 08:01:00 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57428 -> 17.57.13.65:443 (TCP)
<150>Nov 7 08:06:00 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57429 -> 17.57.13.65:443 (TCP)
<150>Nov 7 08:08:30 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57430 -> 17.57.13.65:443 (TCP)
<150>Nov 7 08:10:55 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57431 -> 96.17.179.45:443 (TCP)
<150>Nov 7 08:15:00 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57432 -> 17.57.13.65:443 (TCP)
<150>Nov 7 08:22:25 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57427 -> 17.57.172.11:443 (TCP) close connection
<150>Nov 7 08:27:00 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57433 -> 17.188.182.68:443 (TCP)
<150>Nov 7 08:35:45 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57434 -> 17.57.146.88:5223 (TCP)
<150>Nov 7 08:38:00 DrayTek: Local User (MAC=B0-8C-75-C0-FF-8F): 172.16.91.7:57435 -> 17.248.211.69:443 (TCP)
... (which I've simply adapted from the one posted) and use this modified script:from datetime import datetime, timedelta time_stack = [] with open("log2", mode="r", encoding="UTF-8") as log: for entry, item in enumerate(log, 1): time_str = item[12:20] time_stamp = datetime.strptime(time_str, '%H:%M:%S') time_stack.append(time_stamp) if len(time_stack) > 1: diff = time_stack[1] - time_stack[0] if diff >= timedelta(seconds=300): print(f"{entry:02d}:~", time_str, diff) time_stack.pop(0) else: print(f"{entry:02d}:~ Start", time_str)... we get this report:
Output:01:~ Start 07:38:00
07:~ 07:55:10 0:05:00
08:~ 08:01:00 0:05:50
09:~ 08:06:00 0:05:00
13:~ 08:22:25 0:07:25
15:~ 08:35:45 0:08:45
... which shows only entries that have a time difference of five minutes or more (5 minutes = 300 seconds).Is that what you're looking for?
Sig:
>>> import this
The UNIX philosophy: "Do one thing, and do it well."
"The danger of computers becoming like humans is not as great as the danger of humans becoming like computers." :~ Konrad Zuse
"Everything should be made as simple as possible, but not simpler." :~ Albert Einstein
>>> import this
The UNIX philosophy: "Do one thing, and do it well."
"The danger of computers becoming like humans is not as great as the danger of humans becoming like computers." :~ Konrad Zuse
"Everything should be made as simple as possible, but not simpler." :~ Albert Einstein