- 论坛徽章:
- 0
|
说明:
1。按IP对数据文件分类
2。对初次分类文件再按端口分类、统计、排序、输出排名在11位以前的
- #!/usr/bin/python
- # -*- coding: cp936 -*-
- #diff_nights.py write by rwx_hc 2006-11-05
- #此程序用于统计输出夜间访问记录
- #本程序雏形由weqboy提供
- import string
- import sys
- import os #处理路径分割符
- import time #延时处理
- #定义数据文件和比对文件路径
- path_input = '..' + os.sep + 'input' + os.sep
- path_dat = '..' + os.sep + 'dat' + os.sep
- #从config.txt读入配置,取得日期数据
- try:
- f_config = file('..' + os.sep + 'config.txt')
- config_list = f_config.readlines()
- f_config.close()
- except IOError:
- print 'Error:config.txt could not opened!'
- sys.exit()
- str_date = config_list[1][0:-1]#取得日期
- #定义原始数据文件名
- str_file_data = path_input + 'nights_' + str_date + '.csv'
- #定义比对文件,五大系统的IP文件
- file_bi_ip = path_dat + 'bi_ip.dat'
- file_mis_ip = path_dat + 'mis_ip.dat'
- file_crm_ip = path_dat + 'crm_ip.dat'
- file_intelligent_ip = path_dat + 'intelligent_ip.dat'
- file_cmod_ip = path_dat + 'cmod_ip.dat'
- file_boss3_ip = path_dat + 'boss3_ip.dat'
- file_boss_ip = path_dat + 'boss_ip.dat'
-
- #定义函数filter_ip,区分IP输出数据文件
- def filter_ip(file_data):
- #打开IP文件存入不同列表
- try:
- f_bi_ip = file(file_bi_ip, 'r')
- bi_ip_list = f_bi_ip.readlines()
- f_bi_ip.close()
-
- f_mis_ip = file(file_mis_ip, 'r')
- mis_ip_list = f_mis_ip.readlines()
- f_mis_ip.close()
-
- f_crm_ip = file(file_crm_ip, 'r')
- crm_ip_list = f_crm_ip.readlines()
- f_crm_ip.close()
-
- f_intelligent_ip = file(file_intelligent_ip, 'r')
- intelligent_ip_list = f_intelligent_ip.readlines()
- f_intelligent_ip.close()
-
- f_cmod_ip = file(file_cmod_ip, 'r')
- cmod_ip_list = f_cmod_ip.readlines()
- f_cmod_ip.close()
-
- f_boss_ip = file(file_boss_ip, 'r')
- boss_ip_list = f_boss_ip.readlines()
- f_boss_ip.close()
-
- f_boss3_ip = file(file_boss3_ip, 'r')
- boss3_ip_list = f_boss3_ip.readlines()
- f_boss3_ip.close()
-
- except IOError:
- print 'Error:ip_file could not opened!'
- sys.exit
-
- #只读方式打开数据文件
- try:
- f_data = file(file_data, 'r')
- #filelist=fsock.readlines()
- #fsock.close()
- except IOError:
- print 'Error:data_file could not opened!'
- sys.exit()
-
- #处理数据文件
- str_title = f_data.readline() #得到标题栏
-
- #新建文件以写入数据
- f_bi_all = file(path_input + 'bi_ip_' + str_date, 'w')
- f_mis_all = file(path_input + 'mis_ip_' + str_date, 'w')
- f_crm_all = file(path_input + 'crm_ip_' + str_date, 'w')
- f_intelligent_all = file(path_input + 'intelligent_ip_' + str_date, 'w')
- f_cmod_all = file(path_input + 'cmod_ip_' + str_date, 'w')
- f_boss_all = file(path_input + 'boss_ip_' + str_date, 'w')
- f_boss3_all = file(path_input + 'boss3_ip_' + str_date, 'w')
-
- #写入标题栏
- f_bi_all.write(str_title)
- f_mis_all.write(str_title)
- f_crm_all.write(str_title)
- f_intelligent_all.write(str_title)
- f_cmod_all.write(str_title)
- f_boss_all.write(str_title)
- f_boss3_all.write(str_title)
-
- #数据部分
-
- while True:
- line = f_data.readline()
- if len(line) == 0: # 文件尾退出
- break
- tmp = line.split('|')
- if(len(tmp) < 4):
- continue
- else:
- tmp = tmp[2] + '\n' #IP文件得到的列表元素都含有一个'\n'
- if tmp in bi_ip_list:
- f_bi_all.write(line)
- continue
- if tmp in mis_ip_list:
- f_mis_all.write(line)
- continue
- if tmp in crm_ip_list:
- f_crm_all.write(line)
- continue
- if tmp in intelligent_ip_list:
- f_intelligent_all.write(line)
- continue
- if tmp in cmod_ip_list:
- f_cmod_all.write(line)
- continue
- if tmp in boss_ip_list:
- f_boss_all.write(line)
- continue
- if tmp in boss3_ip_list:
- f_boss3_all.write(line)
- continue
-
- #关闭文件
- f_data.close() # close the file
- f_bi_all.close()
- f_mis_all.close()
- f_crm_all.close()
- f_intelligent_all.close()
- f_cmod_all.close()
- f_boss_all.close()
- f_boss3_all.close()
-
- #filter_ip函数结束
- #定义filter_port函数
- def filter_port(file_data):
- #只读方式打开数据文件
- try:
- f_data = file(path_input + file_data + str_date, 'r')
- except IOError:
- print 'Error:' + path_input + file_data + str_date + 'could not opened!'
- sys.exit()
-
- #处理数据文件
- str_title = f_data.readline()
- str_title = 'user_id|user_name|count|uplen|downlen\n'#得到标题栏
- #新建文件以写入数据
- f_port_all = file(path_input + 'all_' + file_data + str_date + '.csv', 'w')
- f_port_telnet = file(path_input + 'telnet_' + file_data + str_date + '.csv', 'w')
- f_port_ftp = file(path_input + 'ftp_' + file_data + str_date + '.csv', 'w')
- f_port_oracle = file(path_input + 'oracle_' + file_data + str_date + '.csv', 'w')
- f_port_db2 = file(path_input + 'db2_' + file_data + str_date + '.csv', 'w')
- f_port_1445 = file(path_input + '1445_' + file_data + str_date + '.csv', 'w')
-
- #写入标题栏
- f_port_all.write(str_title)
- f_port_telnet.write(str_title)
- f_port_ftp.write(str_title)
- f_port_oracle.write(str_title)
- f_port_db2.write(str_title)
- f_port_1445.write(str_title)
-
- dic_user_all = {} #用字典类保存用户ID-访问次数
- dic_user_telnet = {}
- dic_user_ftp = {}
- dic_user_oracle = {}
- dic_user_db2 = {}
- dic_user_1445 = {}
-
- dic_username_all = {} #用字典类保存用户ID-用户名
- dic_username_telnet = {}
- dic_username_ftp = {}
- dic_username_oracle = {}
- dic_username_db2 = {}
- dic_username_1445 = {}
-
- dic_uplen_all = {} #用字典类保存上行数据
- dic_uplen_telnet = {}
- dic_uplen_ftp = {}
- dic_uplen_oracle = {}
- dic_uplen_db2 = {}
- dic_uplen_1445 = {}
-
- dic_downlen_all = {} #用字典类保存下行数据
- dic_downlen_telnet = {}
- dic_downlen_ftp = {}
- dic_downlen_oracle = {}
- dic_downlen_db2 = {}
- dic_downlen_1445 = {}
-
- #数据部分
- while True:
- line = f_data.readline()
-
- if len(line) == 0: # 文件尾退出
- break
-
- tmp = line.split('|') #取得一行记录字段列表
-
- #all
- if(dic_user_all.has_key(tmp[0])):#所有端口访问次数统计
- dic_user_all[tmp[0]] += 1
- else:
- dic_user_all[tmp[0]] = 1
-
- dic_username_all[tmp[0]] = tmp[1]#用户ID与用户名关联
-
- if(dic_uplen_all.has_key(tmp[0])):#所有端口上行流量求和
- dic_uplen_all[tmp[0]] += long(tmp[4])
- else:
- dic_uplen_all[tmp[0]] = long(tmp[4])
-
- if(dic_downlen_all.has_key(tmp[0])):#所有端口下行流量求和
- dic_downlen_all[tmp[0]] += long(tmp[5])
- else:
- dic_downlen_all[tmp[0]] = long(tmp[5])
-
- #telnet
- if tmp[3] == '23':
- if(dic_user_telnet.has_key(tmp[0])):
- dic_user_telnet[tmp[0]] += 1
- else:
- dic_user_telnet[tmp[0]] = 1
-
- dic_username_telnet[tmp[0]] = tmp[1]#用户ID与用户名关联
-
- if(dic_uplen_telnet.has_key(tmp[0])):#23端口上行流量求和
- dic_uplen_telnet[tmp[0]] += long(tmp[4])
- else:
- dic_uplen_telnet[tmp[0]] = long(tmp[4])
-
- if(dic_downlen_telnet.has_key(tmp[0])):#23端口下行流量求和
- dic_downlen_telnet[tmp[0]] += long(tmp[5])
- else:
- dic_downlen_telnet[tmp[0]] = long(tmp[5])
- continue
-
- #ftp
- if tmp[3] == '21':
- if(dic_user_ftp.has_key(tmp[0])):
- dic_user_ftp[tmp[0]] += 1
- else:
- dic_user_ftp[tmp[0]] = 1
-
- dic_username_ftp[tmp[0]] = tmp[1]#用户ID与用户名关联
-
- if(dic_uplen_ftp.has_key(tmp[0])):#23端口上行流量求和
- dic_uplen_ftp[tmp[0]] += long(tmp[4])
- else:
- dic_uplen_ftp[tmp[0]] = long(tmp[4])
-
- if(dic_downlen_ftp.has_key(tmp[0])):#23端口下行流量求和
- dic_downlen_ftp[tmp[0]] += long(tmp[5])
- else:
- dic_downlen_ftp[tmp[0]] = long(tmp[5])
- continue
-
- #oracle
- if tmp[3] == '1521':
- if(dic_user_oracle.has_key(tmp[0])):
- dic_user_oracle[tmp[0]] += 1
- else:
- dic_user_oracle[tmp[0]] = 1
-
- dic_username_oracle[tmp[0]] = tmp[1]#用户ID与用户名关联
-
- if(dic_uplen_oracle.has_key(tmp[0])):#23端口上行流量求和
- dic_uplen_oracle[tmp[0]] += long(tmp[4])
- else:
- dic_uplen_oracle[tmp[0]] = long(tmp[4])
-
- if(dic_downlen_oracle.has_key(tmp[0])):#23端口下行流量求和
- dic_downlen_oracle[tmp[0]] += long(tmp[5])
- else:
- dic_downlen_oracle[tmp[0]] = long(tmp[5])
- continue
-
- #db2
- if tmp[3] in ('50000','51000','56000','58000','60000'):
- if(dic_user_db2.has_key(tmp[0])):
- dic_user_db2[tmp[0]] += 1
- else:
- dic_user_db2[tmp[0]] = 1
-
- dic_username_db2[tmp[0]] = tmp[1]#用户ID与用户名关联
-
- if(dic_uplen_db2.has_key(tmp[0])):#23端口上行流量求和
- dic_uplen_db2[tmp[0]] += long(tmp[4])
- else:
- dic_uplen_db2[tmp[0]] = long(tmp[4])
-
- if(dic_downlen_db2.has_key(tmp[0])):#23端口下行流量求和
- dic_downlen_db2[tmp[0]] += long(tmp[5])
- else:
- dic_downlen_db2[tmp[0]] = long(tmp[5])
- continue
-
- #1445
- if tmp[3] == '1445':
- if(dic_user_1445.has_key(tmp[0])):
- dic_user_1445[tmp[0]] += 1
- else:
- dic_user_1445[tmp[0]] = 1
-
- dic_username_1445[tmp[0]] = tmp[1]#用户ID与用户名关联
-
- if(dic_uplen_1445.has_key(tmp[0])):#23端口上行流量求和
- dic_uplen_1445[tmp[0]] += long(tmp[4])
- else:
- dic_uplen_1445[tmp[0]] = long(tmp[4])
-
- if(dic_downlen_1445.has_key(tmp[0])):#23端口下行流量求和
- dic_downlen_1445[tmp[0]] += long(tmp[5])
- else:
- dic_downlen_1445[tmp[0]] = long(tmp[5])
- continue
- f_data.close()
-
- #生成uplen列表并逆排序
- #get all
- value_list_uplen_all = dic_uplen_all.values()
- value_list_uplen_all.sort(reverse=True)
- value_list_uplen_all = value_list_uplen_all[:11]
- for user in dic_user_all:
- if dic_uplen_all[user] in value_list_uplen_all:
- strtmp = user + '|' + dic_username_all[user] + '|' + str(dic_user_all[user]) \
- + '|' + str(dic_uplen_all[user]) + '|' + str(dic_downlen_all[user]) + '\n'
- f_port_all.write(strtmp)
- f_port_all.close()
-
- #get telnet
- value_list_uplen_telnet = dic_uplen_telnet.values()
- value_list_uplen_telnet.sort(reverse=True)
- value_list_uplen_telnet = value_list_uplen_telnet[:11]
- for user in dic_user_telnet:
- if dic_uplen_telnet[user] in value_list_uplen_telnet:
- strtmp = user + '|' + dic_username_telnet[user] + '|' + str(dic_user_telnet[user]) \
- + '|' + str(dic_uplen_telnet[user]) + '|' + str(dic_downlen_telnet[user]) + '\n'
- f_port_telnet.write(strtmp)
- f_port_telnet.close()
-
- #get ftp
- value_list_uplen_ftp = dic_uplen_ftp.values()
- value_list_uplen_ftp.sort(reverse=True)
- value_list_uplen_ftp = value_list_uplen_ftp[:11]
- for user in dic_user_ftp:
- if dic_uplen_ftp[user] in value_list_uplen_ftp:
- strtmp = user + '|' + dic_username_ftp[user] + '|' + str(dic_user_ftp[user]) \
- + '|' + str(dic_uplen_ftp[user]) + '|' + str(dic_downlen_ftp[user]) + '\n'
- f_port_ftp.write(strtmp)
- f_port_ftp.close()
-
- #get oracle
- value_list_uplen_oracle = dic_uplen_oracle.values()
- value_list_uplen_oracle.sort(reverse=True)
- value_list_uplen_oracle = value_list_uplen_oracle[:11]
- for user in dic_user_oracle:
- if dic_uplen_oracle[user] in value_list_uplen_oracle:
- strtmp = user + '|' + dic_username_oracle[user] + '|' + str(dic_user_oracle[user]) \
- + '|' + str(dic_uplen_oracle[user]) + '|' + str(dic_downlen_oracle[user]) + '\n'
- f_port_oracle.write(strtmp)
- f_port_oracle.close()
-
- #get db2
- value_list_uplen_db2 = dic_uplen_db2.values()
- value_list_uplen_db2.sort(reverse=True)
- value_list_uplen_db2 = value_list_uplen_db2[:11]
- for user in dic_user_db2:
- if dic_uplen_db2[user] in value_list_uplen_db2:
- strtmp = user + '|' + dic_username_db2[user] + '|' + str(dic_user_db2[user]) \
- + '|' + str(dic_uplen_db2[user]) + '|' + str(dic_downlen_db2[user]) + '\n'
- f_port_db2.write(strtmp)
- f_port_db2.close()
-
- #get 1445
- value_list_uplen_1445 = dic_uplen_1445.values()
- value_list_uplen_1445.sort(reverse=True)
- value_list_uplen_1445 = value_list_uplen_1445[:11]
- for user in dic_user_1445:
- if dic_uplen_1445[user] in value_list_uplen_1445:
- strtmp = user + '|' + dic_username_1445[user] + '|' + str(dic_user_1445[user]) \
- + '|' + str(dic_uplen_1445[user]) + '|' + str(dic_downlen_1445[user]) + '\n'
- f_port_1445.write(strtmp)
- f_port_1445.close()
- #filter_port函数结束
- #程序体部分
- start_time = time.time()#记录程序开始时间
- #调用filter_ip()函数
- filter_ip(str_file_data)
- #调用filter_port()函数
- filter_port('bi_ip_')
- filter_port('mis_ip_')
- filter_port('crm_ip_')
- filter_port('intelligent_ip_')
- filter_port('cmod_ip_')
- filter_port('boss_ip_')
- filter_port('boss3_ip_')
- #记录程序结束时间
- end_time = time.time()
- #计算程序耗时并输出信息
- used_time = str(end_time - start_time)
- print '成功完成夜间访问记录文件比对操作' + '数据文件日期:' + str_date + ' 程序用时:' + used_time + '秒'
- time.sleep(3)
复制代码 |
|