I have an assignment and I was wondering if you could help. For part of the question I am required to analyse a system log. The log contains information such as time and date, if root access was attempted for and from what ip address the attempt came from.
My question is: how do I loop through the log and pull out the ip addresses.
myFile = open('syslog','r')
for line in myFile.readlines():
list_of_line = line.split(' ')
So here I’ve split the list up but how can I loop through trying to locate an ip address. Previously I have used locations but this isn’t practical as it only looks for one address. I want it to search through and find all addresses so would that mean looking for strings with a certain length e.g. xxx.xxx.xx.xx as the ip address and specify that I am looking for numeric values.
edit-
Jan 10 09:32:07 j4-be03 sshd[3876]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
Jan 10 09:32:09 j4-be03 sshd[3876]: Failed password for root from 218.241.173.35 port 47084 ssh2
Jan 10 09:32:17 j4-be03 sshd[3879]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
Jan 10 09:32:19 j4-be03 sshd[3879]: Failed password for root from 218.241.173.35 port 47901 ssh2
Jan 10 09:32:26 j4-be03 sshd[3881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.241.173.35 user=root
Jan 10 09:32:29 j4-be03 sshd[3881]: Failed password for root from 218.241.173.35 port 48652 ssh2
I’ve been told to ignore the line containing pam_unix and focus on the line containing “Failed password for root” as they are duplicate entries. About to try the regular expression one now although I really don’t understand what is going on.
Don’t you just love python?