Python Log Analysis from Pentester Academy

on October 29, 2022 under Research

2 minute read

Hello there.
I’ve been looking through python log parsing methods and found this interesting pastebin on a Joseph McCray video!
Dumping here for later use.
Slightly edited, original is at https://pastebin.com/WEDwpcz9.
It has multiple sections which may be useful if you are looking for CLI stuff (bash/pshell).
Snippet below.

#################################
# Using Python for log analysis #
#################################

########################################################
# Lesson 10: Use Python to read in a file line by line #
########################################################
 
Reference:
http://cmdlinetips.com/2011/08/three-ways-to-read-a-text-file-line-by-line-in-python/
 
 
Let's have some fun.....
 
 
>>> f = open('access_log', "r")
 
>>> lines = f.readlines()
 
>>> print lines
 
>>> lines[0]
 
>>> lines[10]
 
>>> lines[50]
 
>>> lines[1000]
 
>>> lines[5000]
 
>>> lines[10000]
 
>>> print len(lines)
 
 
---------------------------------------------------------
vi logread1.py
 
 
## Open the file with read only permit
f = open('access_log', "r")
 
## use readlines to read all lines in the file
## The variable "lines" is a list containing all lines
lines = f.readlines()
 
print lines
 
 
## close the file after reading the lines.
f.close()
 
---------------------------------------------------------
 
Google the following:
        - python difference between readlines and readline
        - python readlines and readline
 
 
#################################
# Lesson 11: A quick challenge #
#################################
 
Can you write an if/then statement that looks for this IP and print "Found it"? 
141.101.81.187
 

Reference:
http://www.wellho.net/mouth/1789_Looking-for-a-value-in-a-list-Python.html

Reference:
http://www.cyberciti.biz/faq/python-raw_input-examples/

Reference:
http://stackoverflow.com/questions/4843158/check-if-a-python-list-item-contains-a-string-inside-another-string
 

-------------------
$ python
>>> f = open('access_log', "r")
>>> lines = f.readlines()
>>> ip = '141.101.81.187'
>>> for string in lines:
...     if ip in string:
...             print(string)
 

-------------------------------------------------------------------------------------
#!/usr/bin/python
 
f = open('access_log')
 
strUsrinput = raw_input("Enter IP Address: ")
 
for line in iter(f):
    ip = line.split(" - ")[0] 
    # Find " - ", and show me what's directly to the left (index0) of that! 
    # In the example log file, it looks like "192.168.0.1 - date: otherstuff"
    if ip == strUsrinput:
        print line
 
f.close()
 
 
-------------------------------
#!/usr/bin/env python
 
 
# This line opens the log file
f=open('access_log',"r")
 
# This line takes each line in the log file and stores it as an element in the list
lines = f.readlines()
 
 
# This lines stores the IP that the user types as a var called userinput
userinput = raw_input("Enter the IP you want to search for: ")
 
 
# This combination for loop and nested if statement looks for the IP in the list called lines and prints the entire line if found.
for ip in lines:
    if ip.find(userinput) != -1:
        print ip
 
-------------------------------

logs

I feedback.
Let me know what you think of this article on twitter @cpardue09 or leave a comment below!