J
Jim Britain
I know absolutely nothing about Python. My background is shell
scripts assembly language and C programming. Currently I work network
support.
This is a portion of a Python script written by aaronsinclair. the
full script can be found at:
http://forums.ev1servers.net/printthread.php?t=50435&page=3&pp=25
It monitors sendmail logfiles for dictionary attacks, and blocks with
additions to iptables.
The part I am having a problem with is the regular expression in the
re.search function.
Basicly, it is insufficiently qualified.
Troublesome example logfile line:
Sep 6 00:46:32 tabor sendmail[26642]: k867kMH5026642:
dsl-kk-dynamic-013.38.22.125.touchtelindia.net [125.22.38.13] (may be
forged)
Possible SMTP RCPT flood, throttling.
(all one line in the logfile)
What is happenning, is there are two sections that will qualify in
this logfile line, and it matches on the wrong one.
What I would like to happen, is to return the value from within the
brackets, in every successful match.
I have tried putting \[ in the beginning of the string, but am
unsuccessful editting the qualifying character back out again, and
returning the real ip string. (If indeed I did even get a match).
This script runs in the background, and I would have to build a
complete test environ, and rewrite the whole darn thing to run
visibly, and use different files.
I thought asking -- like a beginner -- for the trivial solution.
(besides being up all night and all day).
Thanks in advance for any help. Quick searches online for tutorial
documentation and the books I have.. met with horrible results in
finding a solution.
I would like to match [123.123.123.123] (including the qualifying
brackets), but be able to simply return the contents, without the
brackets.
(Perl would be easy, but it's not Python)
def identifyHost(self):
for line in self.fileContents:
if re.search("throttling", line.lower()):
ip = re.search("[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}",
line)
if ip.group() in self.ignoreList:
continue
if not ip.group() in self.banList:
self.banList.append(ip.group())
scripts assembly language and C programming. Currently I work network
support.
This is a portion of a Python script written by aaronsinclair. the
full script can be found at:
http://forums.ev1servers.net/printthread.php?t=50435&page=3&pp=25
It monitors sendmail logfiles for dictionary attacks, and blocks with
additions to iptables.
The part I am having a problem with is the regular expression in the
re.search function.
Basicly, it is insufficiently qualified.
Troublesome example logfile line:
Sep 6 00:46:32 tabor sendmail[26642]: k867kMH5026642:
dsl-kk-dynamic-013.38.22.125.touchtelindia.net [125.22.38.13] (may be
forged)
Possible SMTP RCPT flood, throttling.
(all one line in the logfile)
What is happenning, is there are two sections that will qualify in
this logfile line, and it matches on the wrong one.
What I would like to happen, is to return the value from within the
brackets, in every successful match.
I have tried putting \[ in the beginning of the string, but am
unsuccessful editting the qualifying character back out again, and
returning the real ip string. (If indeed I did even get a match).
This script runs in the background, and I would have to build a
complete test environ, and rewrite the whole darn thing to run
visibly, and use different files.
I thought asking -- like a beginner -- for the trivial solution.
(besides being up all night and all day).
Thanks in advance for any help. Quick searches online for tutorial
documentation and the books I have.. met with horrible results in
finding a solution.
I would like to match [123.123.123.123] (including the qualifying
brackets), but be able to simply return the contents, without the
brackets.
(Perl would be easy, but it's not Python)
def identifyHost(self):
for line in self.fileContents:
if re.search("throttling", line.lower()):
ip = re.search("[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}",
line)
if ip.group() in self.ignoreList:
continue
if not ip.group() in self.banList:
self.banList.append(ip.group())