Hi, everyone this is my second thread, I'm currently curios with my python program which the basic goal is to parse the character in mytestfile;
let's see the code
Code:
f=open('/home/andrewraharjo/Desktop/snort.log','r')
j=f.read()
i=0
l=len(j)
l1=l
i=0
m=0
while(l1>=150):
for k in range(149):
print j[k+i],
#I believe I've should modify this line
#but how??
l1=l1-150
i=i+150
m=m+1
l1=m*150
#print the rest of the character
for k in range(l-l1):
print j[k+l1],
and the files snortlog:
Code:
TCP/IP message flooding directed to SIP proxy [Priority: 2] 11/05-09:54:30.831216 122.200.1.134:58319 -> 122.200.6.120:22
TCP/IP message flooding directed to SIP proxy [Priority: 2] 11/05-09:55:10.105621 122.200.6.120:60012 -> 91.189.92.172:80
TCP/IP message flooding directed to SIP proxy [Priority: 2] 11/05-09:57:38.982365 122.200.6.120:51490 -> 74.86.51.5:80
ICMP PING CyberKit 2.2 Windows [Priority: 3] 11/05-12:43:36.892309 122.200.54.42 -> 122.200.6.120
the goal is
python read until 160 character then print the 0-160 lines
python read untl >160 charater then print the 160-end lines
but my code printed out something like this
Code:
T C P / I P m e s s a g e f l o o d i n g d i r e c t e d t o S I P p r o x y [ P r i o r i t y : 2 ] 1 1 / 0 5 - 0 9 : 5 4 : 3 0 . 8 3 1 2 1 6 1 2 2 . 2 0 0 . 1 . 1 3 4 : 5 8 3 1 9 - > 1 2 2 . 2 0 0 . 6 . 1 2 0 : 2 2
T C P / I P m e s s a g e f l o o d i n g d i r c t e d t o S I P p r o x y [ P r i o r i t y : 2 ] 1 1 / 0 5 - 0 9 : 5 5 : 1 0 . 1 0 5 6 2 1 1 2 2 . 2 0 0 . 6 . 1 2 0 : 6 0 0 1 2 - > 9 1 . 1 8 9 . 9 2 . 1 7 2 : 8 0 << here's the 160 1st character printed out
here's the 160-end character
T C P / I P m e s s a g e f l o o d i n g d i r e c t e d t o S I P p r o x y [ P r i o r i t y 2 ] 1 1 / 0 5 - 0 9 : 5 7 : 3 8 . 9 8 2 3 6 5 1 2 2 . 2 0 0 . 6 . 1 2 0 : 5 1 4 9 0 - > 7 4 . 8 6 . 5 1 . 5 : 8 0
I C M P P I N G C y b e r K i t 2 . 2 W i n d o w s [ P r i o r i t y : 3 ] 1 1 / 0 5 - 1 2 : 4 3 : 3 6 . 8 9 2 3 0 9 1 2 2 . 2 0 0 . 5 4 . 4 2 - > 1 2 . 2 0 0 . 6 . 1 2 0
now my question is;
what's wrong with my code ? help me to figure it out cause I'm currently new with python...
here's my expectation with the output
Code:
TCP/IP message flooding directed to SIP proxy [Priority: 2] 11/05-09:54:30.831216 122.200.1.134:58319 -> 122.200.6.120:22
TCP/IP message flooding directed to SIP proxy [Priority: 2] 11/05-09:55:10.105621 122.200.6.120:60012 -> 91.189.92.172:80
(160 chars)
print it
(look foward next 160 chars)
print it
TCP/IP message flooding directed to SIP proxy [Priority: 2] 11/05-09:57:38.982365 122.200.6.120:51490 -> 74.86.51.5:80
ICMP PING CyberKit 2.2 Windows [Priority: 3] 11/05-12:43:36.892309 122.200.54.42 -> 122.200.6.120
print the rest of the character file
anyway another question that came to me;
Is there other way to print new snort alert log with python ? So the program will print the last information (log) in the last line in a new file.(I know for using swatch for alert monitoring-but I still confused with using it) Any suggestion with bash programming or python programming are welcome..
Please help me to find out this solution
Cheers
Best Regards,
Andrew
