trying it out but getting errors

Question

trying it out but getting errors

Opened this issue 2 years ago · 1 comments

When I ran the code, it only saves the LAST event. To clarify, suppose there are 100 events, the output file only has 1 row. This is the very last event in the modsec file.

I suspect it is related to this section of the code:

def process_mod_security_audit_file(file):
section = ''
sectiondata = ''
auditentry = {}
for line in file.splitlines():
if line.startswith('--'):
try:
auditentry.update(run_parser(section, sectiondata))
except:
print("Error in process_mod_security_audit_file")
section = line.split('-')[3]
sectiondata = ''
elif line :
sectiondata += ('%s\n' % line)
auditentry.update(run_parser(section, sectiondata))
return auditentry

Answer 1 · 2022-09-05T09:47:27.000Z

I found a work around.
apparently i need to append the dict results to a list via copy() to avoid replicating the LAST record

.
.
.
auditentry.update(run_parser(section, sectiondata))
audits.append(auditentry.copy())
.
.

then pass the [audits] as the returned results.