I know absolutely nothing about Python. My background is shell scripts assembly language and C programming. Currently I work network support.
This is a portion of a Python script written by aaronsinclair. the full script can be found at: http://forums.ev1servers.net/printthread.php?t=50435&page=3&pp=25 It monitors sendmail logfiles for dictionary attacks, and blocks with additions to iptables. The part I am having a problem with is the regular expression in the re.search function. Basicly, it is insufficiently qualified. Troublesome example logfile line: Sep 6 00:46:32 tabor sendmail[26642]: k867kMH5026642: dsl-kk-dynamic-013.38.22.125.touchtelindia.net [125.22.38.13] (may be forged) Possible SMTP RCPT flood, throttling. (all one line in the logfile) What is happenning, is there are two sections that will qualify in this logfile line, and it matches on the wrong one. What I would like to happen, is to return the value from within the brackets, in every successful match. I have tried putting \[ in the beginning of the string, but am unsuccessful editting the qualifying character back out again, and returning the real ip string. (If indeed I did even get a match). This script runs in the background, and I would have to build a complete test environ, and rewrite the whole darn thing to run visibly, and use different files. I thought asking -- like a beginner -- for the trivial solution. (besides being up all night and all day). Thanks in advance for any help. Quick searches online for tutorial documentation and the books I have.. met with horrible results in finding a solution. I would like to match [123.123.123.123] (including the qualifying brackets), but be able to simply return the contents, without the brackets. (Perl would be easy, but it's not Python) def identifyHost(self): for line in self.fileContents: if re.search("throttling", line.lower()): ip = re.search("[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}", line) if ip.group() in self.ignoreList: continue if not ip.group() in self.banList: self.banList.append(ip.group()) -- http://mail.python.org/mailman/listinfo/python-list
