Home/ Questions/Q 8743299
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T11:39:03+00:00

this is my first question asked here at stackoverflow and am really looking forward

  • 0

this is my first question asked here at stackoverflow and am really looking forward to being part of this community. I am new to program and python was the most recommended first program by many people.

Anyways. I have a log file which looks like this: 

"No.","Time","Source","Destination","Protocol","Info"
"1","0.000000","120.107.103.180","172.16.112.50","TELNET","Telnet Data ..." 
"2","0.000426","172.16.112.50","172.16.113.168","TELNET","Telnet Data ..." 
"3","0.019849","172.16.113.168","172.16.112.50","TCP","21582 > telnet [ACK]" 
"4","0.530125","172.16.113.168","172.16.112.50","TELNET","Telnet Data ..." 
"5","0.530634","172.16.112.50","172.16.113.168","TELNET","Telnet Data ..."

And I wanted to parse the log file using Python to make it look like this as the result:

From IP 135.13.216.191 Protocol Count:
(IMF 1)
(SMTP 38)
(TCP 24) (Total: 63)

I would really like some help on what path to take to tackle this problem should I use lists and loop through it or dictionaries/tuples?

Thanks in advance for your help!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    First you’ll want to read in the text file

    # Open the file
file = open('log_file.csv')
# readlines() will return the data as a list of strings, one for each line
log_data = file.readlines()
# close the log file
file.close()

    Set up a dictionary to hold your results

    results = {}

    Now iterate over your data, one line at a time, and record the protocol in the dictionary

    for entry in log_data:
    entry_data = entry.split(',')
    # We are going to have a separate entry for each source ip
    # If we haven't already seen this ip, we need to make an entry for it
    if entry_data[2] not in results:
        results[entry_data[2]] = {'total':0}
    # Now check to see if we've seen the protocol for this ip before
    # If we haven't, add a new entry set to 0
    if entry_data[4] not in results[entry_data[2]]:
         results[entry_data[2]][entry_data[4]] = 0
    # Now we increment the count for this protocol
    results[entry_data[2]][entry_data[4]] += 1
    # And we increment the total count
    results[entry_data[2]]['total'] += 1

    Once you’ve counted everything, just iterate over your counts and print out the results

    for ip in results:
    # Here we're printing a string with placeholders. the {0}, {1} and {2} will be filled
    # in by the call to format
    print "from: IP {0} Protocol Count: {1})".format(
        ip,
        # And finally create the value for the protocol counts with another format call
        # The square braces with the for statement inside create a list with one entry
        # for each entry, in this case, one entry for each protocol
        # We use ' '.join to join each of the counts with a string
        ' '.join(["({0}: {1})".format(protocol, results[ip][protocol] for protocol in results[ip])]))
    • 0