forked from quiccklabs/Labs_solutions
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Log Analysis Using Regular Expressions
102 lines (81 loc) · 2.87 KB
/
Log Analysis Using Regular Expressions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
cat > user_emails.csv <<EOF
Full Name, Email Address
Blossom Gill, [email protected]
Hayes Delgado, [email protected]
Petra Jones, [email protected]
Oleg Noel, [email protected]
Ahmed Miller, [email protected]
Macaulay Douglas, [email protected]
Aurora Grant, [email protected]
Madison Mcintosh, [email protected]
Montana Powell, [email protected]
Rogan Robinson, [email protected]
Simon Rivera, [email protected]
Benedict Pacheco, [email protected]
Maisie Hendrix, [email protected]
Xaviera Gould, [email protected]
Oren Rollins, [email protected]
Flavia Santiago, [email protected]
Jackson Owens, [email protected]
Britanni Humphrey, [email protected]
Kirk Nixon, [email protected]
Bree Campbell, [email protected]
EOF
sudo mkdir /var/www/
sudo mkdir /var/www/html
sudo chmod +x csv_to_html.py
sudo chmod o+w /var/www/html
./csv_to_html.py user_emails.csv /var/www/html/files1.html
cat > ticky_check.py <<EOF
#!/usr/bin/env python3
import re
import csv
import operator
error_messages = {}
per_user = {}
logfile =r"/home/$USER/syslog.log"
pattern = r"(INFO|ERROR) ([\w' ]+|[\w\[\]#' ]+) (\(\w+\)|\(\w+\.\w+\))$"
with open(logfile, "r") as f:
for line in f:
result = re.search(pattern, line)
if result is None:
continue
if result.groups()[0] == "INFO":
category = result.groups()[0]
message = result.groups()[1]
name = str(result.groups()[2])[1:-1]
if name in per_user:
user = per_user[name]
user[category] += 1
else:
per_user[name] = {'INFO':1, 'ERROR':0}
if result.groups()[0] == "ERROR":
category = result.groups()[0]
message = result.groups()[1]
name = str(result.groups()[2])[1:-1]
error_messages[message] = error_messages.get(message, 0) + 1
if name in per_user:
user = per_user[name]
user[category] += 1
else:
per_user[name] = {'INFO':0, 'ERROR':1}
sorted_messages = [("Error", "Count")] + sorted(error_messages.items(), key = operator.itemgetter(1), reverse=True)
#sorted_messages = [("Error", "Count")] + sorted(error_messages.items(), key = lambda x: x[1], reverse=True)
sorted_users = [("$USER", "INFO", "ERROR")] + sorted(per_user.items())[0:8]
#sorted_users = [("$USER", "INFO", "ERROR")] + sorted(per_user.items())
with open("error_message.csv", "w") as error_file:
for line in sorted_messages:
error_file.write("{}, {}\n".format(line[0], line[1]))
with open("user_statistics.csv", "w") as user_file:
for line in sorted_users:
if isinstance(line[1], dict):
user_file.write("{}, {}, {}\n".format(line[0], line[1].get("INFO"), line[1].get("ERROR")))
else:
user_file.write("{}, {}, {}\n".format(line[0], line[1], line[2]))
EOF
chmod +x ticky_check.py
./ticky_check.py
./csv_to_html.py error_message.csv /var/www/html/file2.html
./csv_to_html.py user_statistics.csv /var/www/html/file3.html
./csv_to_html.py error_message.csv /var/www/html/file4.html
./csv_to_html.py user_statistics.csv /var/www/html/file5.html