Hello.
I am writing a script to parse my logfiles to monitor sshd attempted
logins. I know I'm reinventing the wheel, but it's something I want
to do. The problem I am having is that upon the 4th or 5th pass in my
for statement I recieve an error
AttributeError: 'NoneType' object has no
attribute 'group'When I tested against a smaller
version of my logs that contained roughly 8 ip's (one ip appears 6
times another 2) it works fine without the AttributeError.
My question is if it is in my implementation of RE or could it be a
memory issue?
This is a sample of what the log looks like [code:1:eaa2962442]
Dec 25 11:30:17 linux sshd[2198]: Received
disconnect from ::ffff:200.91.12.4: 11: Bye Bye
Dec 25 11:30:18 linux sshd[2199]:
input_userauth_request: illegal user sibylla
Dec 25 11:30:18 linux sshd[2199]: Could not
reverse map address 200.91.12.4.
Dec 25 11:30:18 linux sshd[2199]: Failed password
for illegal user sibylla from ::ffff:200.91.12.4 port
55697 ssh2[/code:1:eaa2962442]
Actual script[code:1:eaa2962442]
import re, string
def main():
match = 'Failed password for illegal user'
pattern = re.compile(match)
f = open('xaf', 'r')
instance = 0
for line in f:
if pattern.findall(line):
this = re.sub(
r'^([a-zA-Z]+)\s*([0-9]+)\s*([0-9]+):([0-9]+):([0-9]+)\s*([a-z]+)\s*([a-z]+)\s*([^0-9]+)\s*([0-9]+)\s*([^0-9]+)',
'', line, 1)
ip =
re.match(r'^(?P<ip>([0-9]+).([0-9]+).([0-9]+).([0-9]))',
this)
of = open("out.txt", 'a')
print ip.group('ip')
instance = instance + 1
of.close()
f.close()
if instance != 0:
print "%s match(s) found for Failed password for
illegal user" % instance
if __name__ == "__main__":
main()
[/code:1:eaa2962442]
--
http://mail.python.org/mailman/listinfo/python-list
