python通过配置文件进行日志构造
logtest.py:
# !/usr/bin/env python
# -*- coding:utf-8 -*-
import ConfigParser
import time
import random
#随机构造num条日志
def getLogRandom(type,num,typeLog):
if(type == 1):
Timer = time.ctime()
sysIP = 'localhost'
Type = ['sshd','ssshd']
shd = int(random.uniform(100, 100000))
User = ['root']
srcIP = (str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255))) +
'.' + str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255))))
srcPort = int(random.uniform(0,65535))
for i in range(0,num):
srcIP=''
srcIP = (str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255))) +
'.' + str(int(random.uniform(0, 255))) + '.' + str(int(random.uniform(0, 255))))
Log1 = (Timer + ' ' + sysIP + ' ' + Type[int(random.uniform(0,1))] + '[' + str(shd) +
']: ' + typeLog + ' for ' + User[int(random.uniform(0,0))] + ' from ' +
srcIP + ' port ' + str(srcPort) + ' ssh2')
print Log1
elif(type == 2):
pass
else:
pass
#日志基类
class Log():
sysIP = ''
logType = ''
Type = ''
shd = ''
user = ''
srcIP = ''
srcPort = ''
def __init__(self, sys = '', logType = '', Type = '', shd = '', user = '', srcIP = '', srcPort = ''):
self.srcIP = srcIP
self.logType = logType
self.shd = shd
self.srcPort = srcPort
self.sysIP = sys
self.user = user
#ssh日志
class ssh(Log):
sshType = ''
def __init__(self, sys = '', logType = '', Type = '', shd = '', user = '', srcIP = '', srcPort = '', sshType = ''):
Log.__init__(self,sys,logType,Type,shd,user,srcIP,srcPort)
self.sshType = sshType
def printLog(self):
print("%s %s %s[%s]: %s for %s from %s port %s ssh2"%
(time.ctime(),self.sysIP,self.Type,self.shd,self.sshType,self.user,self.srcIP,self.srcPort))
#apachAccess日志
class apachAccess(Log):
request = ''
code = 200
size = 0
def __init__(self, sys = '', logType = '', Type = '', shd = '', user = '', srcIP = '', srcPort = '', sshType = '', request = '',code = 0, size = 0):
Log.__init__(self,sys,logType,Type,shd,user,srcIP,srcPort)
self.request = request
self.code = code
self.size = size
def printLog(self):
print(("%s - - [%s +%s] '%s' %i %i")%(self.srcIP,time.ctime(),self.srcPort,self.request,self.code,self.size))
#apachError日志
class apachError(Log):
state = ''
data = ''
def __init__(self, sys = '', logType = '', Type = '', shd = '', user = '', srcIP = '', srcPort = '', sshType = '', state = '', data = ''):
Log.__init__(self,sys,logType,Type,shd,user,srcIP,srcPort)
self.state = state
self.data = data
def printLog(self):
print(("[%s] [%s] [client %s] %s")%(time.ctime(),self.state,self.srcIP,self.data))
#通过读取配置文件完成参数设置
cf = ConfigParser.ConfigParser()
cf.read("test.conf")
logType = cf.get("conf", "logType")
sysIP = cf.get("conf", "sysIP")
Type = cf.get("conf", "Type")
shd = cf.get("conf", "shd")
user = cf.get("conf", "user")
srcIP = cf.get("conf", "srcIP")
srcPort = cf.get("conf", "srcPort")
sshType = cf.get("conf", "sshType")
randomNum = cf.getint("conf", "random")
request = cf.get("apachAccessLog", "request")
code = cf.getint("apachAccessLog", "code")
size = cf.getint("apachAccessLog", "size")
data = cf.get("apachAccessLog", "data")
state = cf.get("apachAccessLog", "state")
#构造日志类别逻辑
if(logType == 'ssh'):
sshLog = ssh(sysIP,logType,Type,shd,user,srcIP,srcPort,sshType)
sshLog.printLog()
elif(logType == "apach_access"):
apachAccessLog = apachAccess(sysIP,logType,Type,shd,user,srcIP,srcPort,sshType,request,code,size)
apachAccessLog.printLog()
elif(logType == "apach_error"):
apachErrorLog = apachError(sysIP,logType,Type,shd,user,srcIP,srcPort,sshType,state,data)
apachErrorLog.printLog()
elif(randomNum == 1):
getLogRandom(1,100,sshType)
配置文件
test.conf
[conf]
logType = apach_error
sysIP = localhost
Type = sshd
shd = 66666
user = root
srcIP = 127.0.0.1
srcPort = 6666
sshType = Failed password
random = 1
[apachAccessLog]
request = /favicon.ico HTTP/1.1
code = 200
size = 1150
state = error
data = PHP 6. Outlink_attack_screen_model->get_real_time_list_info($access_relation_info = *uninitialized*) /home/fantom/apps/secvisual/appserver/models/outlink_screen/Outlink_attack_screen_model.php:145, referer: https://172.16.250.134/apps/secvisual/shared/securitySence/index.html