[Tutor] Parsing iptables log files

Amaya Rodrigo Sastre arodrigo@genasys.com
Tue, 3 Sep 2002 09:47:23 +0200


Sean 'Shaleh' Perry dijo:
> You didn't actually give us permission for those files ......

Sorry, fixed now...

> Could you just post the python errors and the offending section of
> code?

The problem is that it's not really a piece of code that's giving me
trouble. Right now it is just not going inside the loop:

IndexError: list index out of range

But my main concern if is my approach is right, and I wanted a more
experienced programmer's advice. 

I'll explain what I am trying to do. My iptables gives me a log line
like this (this is what my regex seems to be obtaining) for a complete
request and its answers:

0   | 1    | 2     | 3          | 4         | 5   | 6   | 7        | 8
------------------------------------------------------------------------------
num | date | time  | src_addr   | dst_addr  | s_p | d_p | seq      | ack
------------------------------------------------------------------------------
0 Aug 22  09:35:23  192.168.3.9  192.168.3.1 37192 80    1899023795 0
1 Aug 22  09:35:33  192.168.3.1  192.168.3.9 80    37192 1906765896 1899023795
2 Aug 22  09:35:43  192.168.3.9  192.168.3.1 37192 80    1899023795 1906765896
3 Aug 22  09:35:53  192.168.3.1  192.168.3.9 80    37192 1906765896 1899023795

The thing is that I know that a request is being answered beacuse:
- a request's source port equals it's answer's destination port and it's
  always higher than 1024.
- the request's ACK equals its answer SEQ. 

Each http request has several lines, and I have to get the first
request's time, and the last answer's and then know how long it took the
request to be over. And then of course make statistics with the data,
but that is the easiest part, I think.

Thanks for your time...

-- 
Amaya M. Rodrigo Sastre       Genasys II Spain, S.A.U. 
MLS Sysadmin                    Ventura de la Vega, 5. 
Phone: +34.91.3649100              28014 Madrid. Spain