Dec 18 10:04:45 dragon logger: TCPWRAP: SERVICE=sshd@::ffff:192.168.0.1,TYPE=ALL_DENY,HOST_ADDRESS=::ffff:195.145.94.75,HOST_INFO=::ffff:195.145.94.75,HOST_NAME=unknown,USER_NAME=unknown,OTHERINFO=
This is the output of a tcpwrapper script I have, I am trying to write a script to parse this and tell me how many times host_address X has been denied access (among many other things). I have it working for the firewall rules just fine, but I am missing something somewhere to catch the string above. Below are the regex expressions I have tried:
------------------
initial regex to find the line and pass it back to the routine to sort all this out. This line works, I believe (least I can get it to print all the entries back to me I am looking for.
-----------------------------------------------------------------------------
rc('logger\S*\sTCPWRAP') : self.twist_failure
----------------------------------------------------------------------------
Here is where I seem to run into trouble, none of the regex strings I have used seem to catch and sort out the strings.
----------------------------------------------------------------------------
self.twist_fail_re = rc('SERVICE=\S*\sHOST_ADDRESS=\S*\sHOST_INFO=\S*\sHOST_NAME=\S*\sUSER_NAME=\S*\s')
------------------------------------------------------------------
rc is set as rc = re.compile at the early part of my script. I have tried every combination I can think of for the _expression_ above, below are the couple I still have written down.
self.twist_fail_re = rc('SERVICE=(\.)\.TYPE=(\.)\.HOST_ADDRESS=(\.)\.HOST_INFO=(\.)\.USER_NAME=(\.)')
self.twist_fail_re = rc('SERVICE=(\S*)\S*TYPE=(\S*)\S*HOST_ADDRESS=(\S*)\S*HOST_INFO=(\S*)\S*USER_NAME=(\S*)')
rc('SERVICE=\S*\sHOST_ADDRESS=\S*\sHOST_INFO=\S*\sHOST_NAME=\S*\sUSER_NAME=\S*\s')
But for some reason they are not picking up the strings. Any suggestions?
_______________________________________________ Tutor maillist - Tutor@python.org http://mail.python.org/mailman/listinfo/tutor
