[Tutor] regex
Will Harris
mosinu at gmail.com
Tue Dec 27 08:05:21 CET 2005
Does anyone see anything that jumps out at them on why these regex strings
aren't catching this line:
Dec 18 10:04:45 dragon logger: TCPWRAP: SERVICE=sshd@::ffff:192.168.0.1
,TYPE=ALL_DENY,HOST_ADDRESS=::ffff:195.145.94.75,HOST_INFO=::ffff:
195.145.94.75,HOST_NAME=unknown,USER_NAME=unknown,OTHERINFO=
This is the output of a tcpwrapper script I have, I am trying to write a
script to parse this and tell me how many times host_address X has been
denied access (among many other things). I have it working for the firewall
rules just fine, but I am missing something somewhere to catch the string
above. Below are the regex expressions I have tried:
------------------
initial regex to find the line and pass it back to the routine to sort all
this out. This line works, I believe (least I can get it to print all the
entries back to me I am looking for.
-----------------------------------------------------------------------------
rc('logger\S*\sTCPWRAP') : self.twist_failure
----------------------------------------------------------------------------
Here is where I seem to run into trouble, none of the regex strings I have
used seem to catch and sort out the strings.
----------------------------------------------------------------------------
self.twist_fail_re =
rc('SERVICE=\S*\sHOST_ADDRESS=\S*\sHOST_INFO=\S*\sHOST_NAME=\S*\sUSER_NAME=\S*\s')
------------------------------------------------------------------
rc is set as rc = re.compile at the early part of my script. I have tried
every combination I can think of for the expression above, below are the
couple I still have written down.
self.twist_fail_re =
rc('SERVICE=(\.)\.TYPE=(\.)\.HOST_ADDRESS=(\.)\.HOST_INFO=(\.)\.USER_NAME=(\.)')
self.twist_fail_re =
rc('SERVICE=(\S*)\S*TYPE=(\S*)\S*HOST_ADDRESS=(\S*)\S*HOST_INFO=(\S*)\S*USER_NAME=(\S*)')
rc('SERVICE=\S*\sHOST_ADDRESS=\S*\sHOST_INFO=\S*\sHOST_NAME=\S*\sUSER_NAME=\S*\s')
But for some reason they are not picking up the strings. Any suggestions?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.python.org/pipermail/tutor/attachments/20051227/5c8ba3d1/attachment.htm
More information about the Tutor
mailing list