本文共 4481 字,大约阅读时间需要 14 分钟。
python通过配置文件进行日志构造
logtest.py:# !/usr/bin/env python# -*- coding:utf-8 -*-import ConfigParserimport timeimport random#随机构造num条日志def getLogRandom(type,num,typeLog): if(type == 1): Timer = time.ctime() sysIP = 'localhost' Type = ['sshd','ssshd'] shd = int(random.uniform(100, 100000)) User = ['root'] srcIP = (str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255)))) srcPort = int(random.uniform(0,65535)) for i in range(0,num): srcIP='' srcIP = (str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255)))) Log1 = (Timer + ' ' + sysIP + ' ' + Type[int(random.uniform(0,1))] + '[' + str(shd) + ']: ' + typeLog + ' for ' + User[int(random.uniform(0,0))] + ' from ' + srcIP + ' port ' + str(srcPort) + ' ssh2') print Log1 elif(type == 2): pass else: pass#日志基类class Log(): sysIP = '' logType = '' Type = '' shd = '' user = '' srcIP = '' srcPort = '' def __init__(self, sys = '', logType = '', Type = '', shd = '', user = '', srcIP = '', srcPort = ''): self.srcIP = srcIP self.logType = logType self.shd = shd self.srcPort = srcPort self.sysIP = sys self.user = user#ssh日志class ssh(Log): sshType = '' def __init__(self, sys = '', logType = '', Type = '', shd = '', user = '', srcIP = '', srcPort = '', sshType = ''): Log.__init__(self,sys,logType,Type,shd,user,srcIP,srcPort) self.sshType = sshType def printLog(self): print("%s %s %s[%s]: %s for %s from %s port %s ssh2"% (time.ctime(),self.sysIP,self.Type,self.shd,self.sshType,self.user,self.srcIP,self.srcPort))#apachAccess日志class apachAccess(Log): request = '' code = 200 size = 0 def __init__(self, sys = '', logType = '', Type = '', shd = '', user = '', srcIP = '', srcPort = '', sshType = '', request = '',code = 0, size = 0): Log.__init__(self,sys,logType,Type,shd,user,srcIP,srcPort) self.request = request self.code = code self.size = size def printLog(self): print(("%s - - [%s +%s] '%s' %i %i")%(self.srcIP,time.ctime(),self.srcPort,self.request,self.code,self.size))#apachError日志class apachError(Log): state = '' data = '' def __init__(self, sys = '', logType = '', Type = '', shd = '', user = '', srcIP = '', srcPort = '', sshType = '', state = '', data = ''): Log.__init__(self,sys,logType,Type,shd,user,srcIP,srcPort) self.state = state self.data = data def printLog(self): print(("[%s] [%s] [client %s] %s")%(time.ctime(),self.state,self.srcIP,self.data))#通过读取配置文件完成参数设置cf = ConfigParser.ConfigParser()cf.read("test.conf")logType = cf.get("conf", "logType")sysIP = cf.get("conf", "sysIP")Type = cf.get("conf", "Type")shd = cf.get("conf", "shd")user = cf.get("conf", "user")srcIP = cf.get("conf", "srcIP")srcPort = cf.get("conf", "srcPort")sshType = cf.get("conf", "sshType")randomNum = cf.getint("conf", "random")request = cf.get("apachAccessLog", "request")code = cf.getint("apachAccessLog", "code")size = cf.getint("apachAccessLog", "size")data = cf.get("apachAccessLog", "data")state = cf.get("apachAccessLog", "state")#构造日志类别逻辑if(logType == 'ssh'): sshLog = ssh(sysIP,logType,Type,shd,user,srcIP,srcPort,sshType) sshLog.printLog()elif(logType == "apach_access"): apachAccessLog = apachAccess(sysIP,logType,Type,shd,user,srcIP,srcPort,sshType,request,code,size) apachAccessLog.printLog()elif(logType == "apach_error"): apachErrorLog = apachError(sysIP,logType,Type,shd,user,srcIP,srcPort,sshType,state,data) apachErrorLog.printLog()elif(randomNum == 1): getLogRandom(1,100,sshType)
配置文件
test.conf[conf]logType = apach_errorsysIP = localhostType = sshdshd = 66666user = rootsrcIP = 127.0.0.1srcPort = 6666sshType = Failed passwordrandom = 1[apachAccessLog]request = /favicon.ico HTTP/1.1code = 200size = 1150state = errordata = PHP 6. Outlink_attack_screen_model->get_real_time_list_info($access_relation_info = *uninitialized*) /home/fantom/apps/secvisual/appserver/models/outlink_screen/Outlink_attack_screen_model.php:145, referer: https://172.16.250.134/apps/secvisual/shared/securitySence/index.html
转载地址:http://ahrin.baihongyu.com/