[Tutor] RegEx [Was: Parsing iptables log files]
Danny Yoo
dyoo@hkn.eecs.berkeley.edu
Wed, 4 Sep 2002 10:44:57 -0700 (PDT)
On Wed, 4 Sep 2002, Amaya Rodrigo Sastre wrote:
> I am now struggling with the regex:
>
> One sample line in my logs looks like this:
>
> Aug 17 20:41:55 martinika kernel: --logtrack-- IN= OUT=lo
> SRC=192.168.100.10 DST=192.168.100.10 LEN=60 TOS=0x00 PREC=0x00 TTL=64
> ID=0 DF PROTO=TCP SPT=43085 DPT=80 SEQ=307515611 ACK=0 WINDOW=32767
> RES=0x00 SYN URGP=0
I'd actually approach this in a slightly different way: the log file has
enough structure to make it possible to just do this without regular
expressions:
###
sample_line = """Aug 17 20:41:55 martinika kernel: --logtrack-- IN=
OUT=lo SRC=192.168.100.10 DST=192.168.100.10 LEN=60 TOS=0x00 PREC=0x00
TTL=64 ID=0 DF PROTO=TCP SPT=43085 DPT=80 SEQ=307515611 ACK=0
WINDOW=32767 RES=0x00 SYN URGP=0"""
def getNameValuePairs(log_line):
anchor = '--logtrack--'
name_values_line = log_line[log_line.find(anchor)
+ len(anchor) + 1 :]
pairs = name_values_line.split()
return pairs
if __name__ == '__main__':
print getNameValuePairs(sample_line)
###
It's wimpy, but it works. *grin* In any case, this may make it easier to
parse out those values that you're looking for.
Hope this helps!