pyLogStatistic
a python log statistic tool
Configuration
pyLogStatistic supports two types of log.
syslog type
datetime=1900/01/01 00:00:01,name=traffic,srcip=192.168.0.1,dstip=192.168.0.254,dstport=8888,action=deny
csv type
datetime,name,srcip,dstip,dstport,action,aggregation
1900/01/01 00:00:01,traffic,192.168.0.1,192.168.0.254,8888,deny,100
Please edit settings.conf to suits your needs.
You MUST specify every single column name in settings.conf
Also, if you provide input_malicious_ip or input_client_ip, each IP will be mapped to its corresponding name via tag.
format of input_client_ip
name:begin_ip~end_ip
format of input_malicious_ip
DN/IP-List
1.1.1.1
2.2.2.2
Usage
./main.py LOGFILE1 LOGFILE2 ..
Eventually you will get a sqlite DB contains of all log entries and a XML-formatted result file including various top10 statistics.
- top10_name
- top10_source_ip
- top10_destination_ip
- top10_destination_port
- top10_action
- malicious_entry (if malicious_entry = yes in settings.conf)
SQLite Table Schema
CREATE TABLE IF NOT EXISTS syslog (filename text, line_number numeric, name text, source_ip text, destination_ip text, destination_port numeric, action text, aggregation numeric)
value of aggregation will be 1 if there is no aggregation column