[Tutor] Parsing iptables log files
Sean 'Shaleh' Perry
shalehperry@attbi.com
Tue, 3 Sep 2002 09:13:57 -0700
On Tuesday 03 September 2002 08:43, Amaya Rodrigo Sastre wrote:
>
> And it's still Tuesday ;-)
>
> Thanks for your time...
Another suggestion:
Why not extend your regex slightly instead of using both a regex and spli=
t?
match_pat =3D re.compile(r'(SRC=3D[0-9.]+)[\t ](DST=3D[0-9.]+)[\t ](.*TCP=
|UDP)[\t=20
](SPT=3D[0-9]+)[\t ](DPT=3D[0-9]+)[\t ](SEQ=3D[0-9]+)[\t ](ACK=3D[0-9]+)'=
)
is your current regex.
if you add '(\w{3}\s\d{1,2}\s\d{1,2}:\d{2}:\d{2}).+' to the front of your=
=20
regex you can catch the date/time as well in one group.
The {} syntax specifies a number of repititions. So {3} means '3 of thes=
e'=20
and {1,2} means at least 1 up to 2. So {1,7} would mean at least one but=
no=20
more than 7.
\s means 'whitespace' and is generally better than [\t ].
\d means a number and is better than [0-9].