Snort alert tail...
holger krekel
pyth at devel.trillke.net
Sun Jun 16 14:04:39 EDT 2002
Cliff Wells wrote:
> On Sun, 2002-06-16 at 05:51, Jan-Eric wrote:
> > HEllo !
> > I'm trying to write a dynamic firewall script in python that scans the Snort
> > alert file like 'tail -f' and takes action based on the infomation it gets
> > from that file. But I can't get the 'tail' function to work.It reads the
> > file, but any new information that Snort is writing to the file doesn't
> > show up to the script.
> >
> > ex.
> > file = open('/var/log/snort', 'r')
> > while 1:
> > file = file.read()
> > print file
> > ....
>
>
> import os, stat
> import time
>
> def snort(pathname):
> size = os.stat(pathname)[stat.ST_SIZE]
>
> while 1:
> lastsize = size
> size = os.stat(pathname)[stat.ST_SIZE]
> if size > lastsize: # there's new data
> f = open(pathname, 'r')
> f.seek(lastsize)
> print f.readlines()
> f.close()
> else:
> time.sleep(2)
i'd recommend checking for 'size<lastsize' also and setting lastsize=0
in this case. Otherwise a rewritten/truncated file gets you bad
behaviour.
regards,
holger
More information about the Python-list
mailing list