a python log statistic tool
pyLogStatistic supports two types of log.
datetime=1900/01/01 00:00:01,name=traffic,srcip=192.168.0.1,dstip=192.168.0.254,dstport=8888,action=deny
datetime,name,srcip,dstip,dstport,action,aggregation
1900/01/01 00:00:01,traffic,192.168.0.1,192.168.0.254,8888,deny,100
Please edit settings.conf to suits your needs.
You MUST specify every single column name in settings.conf
Also, if you provide input_malicious_ip or input_client_ip, each IP will be mapped to its corresponding name via tag.
name:begin_ip~end_ip
DN/IP-List
1.1.1.1
2.2.2.2
./main.py LOGFILE1 LOGFILE2 ..
Eventually you will get a sqlite DB contains of all log entries and a XML-formatted result file including various top10 statistics.
- top10_name
- top10_source_ip
- top10_destination_ip
- top10_destination_port
- top10_action
- malicious_entry (if malicious_entry = yes in settings.conf)
CREATE TABLE IF NOT EXISTS syslog (filename text, line_number numeric, name text, source_ip text, destination_ip text, destination_port numeric, action text, aggregation numeric)
value of aggregation will be 1 if there is no aggregation column