[Tutor] Parsing iptables log files
Amaya Rodrigo Sastre
arodrigo@genasys.com
Tue, 3 Sep 2002 09:47:23 +0200
Sean 'Shaleh' Perry dijo:
> You didn't actually give us permission for those files ......
Sorry, fixed now...
> Could you just post the python errors and the offending section of
> code?
The problem is that it's not really a piece of code that's giving me
trouble. Right now it is just not going inside the loop:
IndexError: list index out of range
But my main concern if is my approach is right, and I wanted a more
experienced programmer's advice.
I'll explain what I am trying to do. My iptables gives me a log line
like this (this is what my regex seems to be obtaining) for a complete
request and its answers:
0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8
------------------------------------------------------------------------------
num | date | time | src_addr | dst_addr | s_p | d_p | seq | ack
------------------------------------------------------------------------------
0 Aug 22 09:35:23 192.168.3.9 192.168.3.1 37192 80 1899023795 0
1 Aug 22 09:35:33 192.168.3.1 192.168.3.9 80 37192 1906765896 1899023795
2 Aug 22 09:35:43 192.168.3.9 192.168.3.1 37192 80 1899023795 1906765896
3 Aug 22 09:35:53 192.168.3.1 192.168.3.9 80 37192 1906765896 1899023795
The thing is that I know that a request is being answered beacuse:
- a request's source port equals it's answer's destination port and it's
always higher than 1024.
- the request's ACK equals its answer SEQ.
Each http request has several lines, and I have to get the first
request's time, and the last answer's and then know how long it took the
request to be over. And then of course make statistics with the data,
but that is the easiest part, I think.
Thanks for your time...
--
Amaya M. Rodrigo Sastre Genasys II Spain, S.A.U.
MLS Sysadmin Ventura de la Vega, 5.
Phone: +34.91.3649100 28014 Madrid. Spain