Snort alert tail...
holger krekel
pyth at devel.trillke.net
Sun Jun 16 09:27:31 EDT 2002
Jan-Eric wrote:
> HEllo !
> I'm trying to write a dynamic firewall script in python that scans the Snort
> alert file like 'tail -f' and takes action based on the infomation it gets
> from that file. But I can't get the 'tail' function to work.It reads the
> file, but any new information that Snort is writing to the file doesn't
> show up to the script.
>
> ex.
> file = open('/var/log/snort', 'r')
> while 1:
> file = file.read()
> print file
> ....
>
> Any suggestions???
yes, here's a snippet for unix/posix:
import os
tailoutputfile = os.popen('tail -f syslog')
while 1:
line = tailoutputfile.readline()
if len(line)==0:
break
process_line(line)
the regular popen call returns a file from which you can
read. It's a blocking read while 'tail -f' has nothing to offer.
the alternative is to implement the 'tail -f' algorithm yourself.
basically you have to do (untested)
lastsize=os.path.getsize('filename')
while 1:
size=os.path.getsize('filename')
if size>lastsize:
f=open('filename')
f.seek(lastsize)
part = f.read(size-lastsize)
f.close()
process_next_part(part)
elif size==lastsize:
time.sleep(0.2) # seconds to wait
elif size<lastsize:
print >>sys.stderr, "file filename got truncated"
lastsize=size
i guess you get the idea.
regards,
holger
More information about the Python-list
mailing list