I know basic python and I have a log file, also I have print the output of ports from the log file which there are so many ports in the output. I want to know how to take only the dangerous ports from the printed ports - Also I need to take the IP addresses from the dangerous ports - Finally how to know if the IP addresses are local IP or global IP
import os from collections import Counter asc_order = [] def openfile(filename): if os.path.exists(filename): return open(filename, "r").read() else: return None def parselog(logline): c = logline.split(" ") r = {} i = -1 for var in c: i += 1 if i == 1: a = var.split("\t") for el in a: if el.startswith("date="): r["date"] = el.split("=")[1] elif i > 1: v = var.split("=", 1) try: r[v[0]] = v[1].strip("\"") except: pass return r def splitline(logall): c = logall.split("\n") r = [] for el in c: r.append(el.strip("\r")) return r def main(): f = openfile("/Users/angelin/Desktop/new sec/2017-04-18_010.082.012.003.txt") if f is None: print("File not found") return s = splitline(f) counts = {} for el in s: if len(el) > 50: p = parselog(el) if "dstport" in p: # increment counter if p["dstport"] in counts: counts[str(p["dstport"])] += 1 else: counts[str(p["dstport"])] = 1 asc_order.append(p["dstport"]) ascending = map(int, asc_order) ascending.sort() for port in ascending: print ("Dest Port : %d" % port) print "" k = map(int, counts.keys()) k.sort() sorted(k, key=counts.get) y = sorted(counts.items(), key=lambda x: x[1], reverse=True) for x, z in y: print ('Dest Port %s Count: %s' % (x, z)) if __name__ == "__main__": main() example log file 2017-04-17 00:00:00 Local7.Info 10.82.12.3 date=2017-04-16 time=23:59:59 devname=IDS-DC14-001 devid=FGT90D3Z15018997 logid=1059028704 type=utm subtype=app-ctrl eventtype=app-ctrl-all level=information vd=root appid=27946 user="" srcip=10.80.10.249 srcport=9170 srcintf="wan1" dstip=208.91.112.198 dstport=53 dstintf="wan1" profiletype="applist" proto=17 service="DNS" policyid=3 sessionid=39717767 applist="sniffer-profile" appcat="Cloud.IT" app="Fortiguard.Search" action=pass msg="Cloud.IT: Fortiguard.Search," apprisk=medium -- https://mail.python.org/mailman/listinfo/python-list