Parsing log in SQL DB to change IPs to hostnames

KDawg44 KDawg44 at gmail.com
Tue Apr 10 17:37:43 CEST 2007


Hi,

I am brand new to Python.  In learning anything, I find it useful to
actually try to write a useful program to try to tackle an actual
problem.

I have a syslog server and I would like to parse the syslog messages
and try to change any ips to resolved hostnames.  Unfortunately, I am
not getting any matches on my regular expression.

A message will look something like this:
 Apr 10 2007 00:30:58 DEVICE : %DEVICEINFO: 1.1.1.1 Accessed URL
10.10.10.10:/folder/folder/page.html

I would like to change the message to have the hostnames, or even
better actually, have it appear as hostname-ip address.  So a changed
message would look like:

 Apr 10 2007 00:30:58 DEVICE : %DEVICEINFO: pcname-1.1.1.1 Accessed
URL www.asite.com-10.10.10.10:/folder/folder/page.html

or some equivalent.

Here is what i have so far.  Please be kind as it is my first python
program.... :)

#! /usr/bin/python

import socket
import re
import string
import MySQLdb

ipRegExC = r"\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}"
ipRegEx = re.compile(ipRegExC)

try:
        conn = MySQLdb.connect(host="REMOVED", user="REMOVED",
passwd="REMOVED", db="REMOVED")

except MySQLdb.Error, e:
        print "Error connecting to the database: %d - %s " %
(e.args[0], e.args[1])
        sys.exit(1)

cursor = conn.cursor()
cursor.execute("SELECT msg, seq FROM `logs` WHERE seq = 507702")
# one specific message so that it doesn't parse the whole DB during
testing...
while(1):
        row = cursor.fetchone()
        if row == None:
                break
        if ipRegEx.match(row[0]):
                print "regex match!" + ipRegEx.match(row[0])
# does not make it here.....
                newMsg = ipRegEx.sub(query(ipRegEx.match(row[0])),
row[0])
                if newMsg != 0:
                        cursor.execute("" "UPDATE logs SET msg = %s
WHERE seq = &d""", (newMsg,row[1]))


def query(ipAddress):
        try:
                return socket.gethostbyaddr(ipAddress)[0]
        except:
                return 0


This is built to sub the name... I would like to change it to the
hsotname-ipaddress instead since ip's can resolve to many
hostnames....

it runs but does not pass the if statements so it quietly does
absolutely nothing....  :)

Thanks so much for any advice....




More information about the Python-list mailing list