Feb-22-2018, 08:12 AM
Hi all, i have to create a log scanner or python script that will run through a .txt file, and it should create a text file that reads all rows in the file and searches for certain text, and gives me the following summarized info after the analyzation of said log file:
- Displays a count of how many scan events occurred in the logs
- Displays a list of all host ip addresses where the scans originated from
- Displays a list of all host ip addresses where the scans were performed against
I have created the python file itself, but that's about as far as i got. Unfortunately, my teacher is terrible at responding to questions, so i shall resource to the all knowing internet.
here is what i have so far:
1331902037.460000 CzOW1hqdnsStTLdB2 192.168.202.79 46073 192.168.229.101 22 undetermined INBOUND SSH-1.5-Nmap-SSH1-Hostkey SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 - - - - -
1331902037.730000 COIlCg1sDKjduod1e8 192.168.202.79 46085 192.168.229.101 22 failure INBOUND SSH-2.0-Nmap-SSH2-Hostkey SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 - - - - -
- Displays a count of how many scan events occurred in the logs
- Displays a list of all host ip addresses where the scans originated from
- Displays a list of all host ip addresses where the scans were performed against
I have created the python file itself, but that's about as far as i got. Unfortunately, my teacher is terrible at responding to questions, so i shall resource to the all knowing internet.
here is what i have so far:
import os import re filePath = "./ssh.log.txt" fd = open(filePath, 'r') with fd as reader : for line in reader : print( line )Here are two samples of the file: (Text box breaks it into two lines)ANY HELP WILL BE GREATLY APPRECIATED! THANKS GUYS!
1331902037.460000 CzOW1hqdnsStTLdB2 192.168.202.79 46073 192.168.229.101 22 undetermined INBOUND SSH-1.5-Nmap-SSH1-Hostkey SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 - - - - -
1331902037.730000 COIlCg1sDKjduod1e8 192.168.202.79 46085 192.168.229.101 22 failure INBOUND SSH-2.0-Nmap-SSH2-Hostkey SSH-2.0-OpenSSH_5.8p1 Debian-7ubuntu1 - - - - -