je ne sais pas si c'est la bonne section pour poster le script ci-dessous. Libre aux admins de le déplacer...
Comme son nom l'indique, le script ne fait rien d'autre que de mettre en forme les logs d'apache2.
Il lit dans /var/log/apache2/access.log et acces.log.1 .
exemple de sortie :
Code : Tout sélectionner
192.xxx.xxx.xxx - 31 Mar 2022 04:50 - 400 BAD_REQUEST - 623 - GET / HTTP/1.0
221.xxx.xxx.xxx - 31 Mar 2022 05:09 - 301 MOVED_PERMANENTLY - 0 - POST /cgi-bin/ViewLog.asp HTTP/1.1
221.xxx.xxx.xxx - 31 Mar 2022 05:09 - 400 BAD_REQUEST - 1087 - m+-rf+NW_BBBarm7%3b%23&remoteSubmit=Save
121.xxx.xxx.xxx - 31 Mar 2022 05:22 - 301 MOVED_PERMANENTLY - 0 - POST /cgi-bin/ViewLog.asp HTTP/1.1
121.xxx.xxx.xxx - 31 Mar 2022 05:22 - 400 BAD_REQUEST - 1087 - ame.arm7;rm+-rf+BinName.arm7%3b%23&remoteSubmit=Save
Code : Tout sélectionner
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
########################################################################
#
# affichage logs apache
#
########################################################################
import string, re, csv
r_ip = '(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})'
r_date = '\[(\d{1,2}\/\D{1,3}\/\d{1,4})\:(\d{1,2}\:\d{1,3})\:(.*)\]'
r_page = ' \"(.*)\" (\d*) (\d*)'
########################################################################
def tableau_codes():
codes = { "103":"RESPONSE_CODES",
"100":"CONTINUE",
"101":"SWITCHING_PROTOCOLS",
"102":"PROCESSING",
"200":"OK",
"201":"CREATED",
"202":"ACCEPTED",
"203":"NON_AUTHORITATIVE",
"204":"NO_CONTENT",
"205":"RESET_CONTENT",
"206":"PARTIAL_CONTENT",
"207":"MULTI_STATUS",
"208":"ALREADY_REPORTED",
"226":"IM_USED",
"300":"MULTIPLE_CHOICES",
"301":"MOVED_PERMANENTLY",
"302":"MOVED_TEMPORARILY",
"303":"SEE_OTHER",
"304":"NOT_MODIFIED",
"305":"USE_PROXY",
"307":"TEMPORARY_REDIRECT",
"308":"PERMANENT_REDIRECT",
"400":"BAD_REQUEST",
"401":"UNAUTHORIZED",
"402":"PAYMENT_REQUIRED",
"403":"FORBIDDEN",
"404":"NOT_FOUND",
"405":"METHOD_NOT_ALLOWED",
"406":"NOT_ACCEPTABLE",
"407":"PROXY_AUTHENTICATION_REQUIRED",
"408":"REQUEST_TIME_OUT",
"409":"CONFLICT",
"410":"GONE",
"411":"LENGTH_REQUIRED",
"412":"PRECONDITION_FAILED",
"413":"REQUEST_ENTITY_TOO_LARGE",
"414":"REQUEST_URI_TOO_LARGE",
"415":"UNSUPPORTED_MEDIA_TYPE",
"416":"RANGE_NOT_SATISFIABLE",
"417":"EXPECTATION_FAILED",
"418":"IM_A_TEAPOT",
"421":"MISDIRECTED_REQUEST",
"422":"UNPROCESSABLE_ENTITY",
"423":"LOCKED",
"424":"FAILED_DEPENDENCY",
"425":"TOO_EARLY",
"426":"UPGRADE_REQUIRED",
"428":"PRECONDITION_REQUIRED",
"429":"TOO_MANY_REQUESTS",
"431":"REQUEST_HEADER_FIELDS_TOO_LARGE",
"451":"UNAVAILABLE_FOR_LEGAL_REASONS",
"500":"INTERNAL_SERVER_ERROR",
"501":"NOT_IMPLEMENTED",
"502":"BAD_GATEWAY",
"503":"SERVICE_UNAVAILABLE",
"504":"GATEWAY_TIME_OUT",
"505":"VERSION_NOT_SUPPORTED",
"506":"VARIANT_ALSO_VARIES",
"507":"INSUFFICIENT_STORAGE",
"508":"LOOP_DETECTED",
"510":"NOT_EXTENDED",
"511":"NETWORK_AUTHENTICATION_REQUIRED"
}
return codes
def lit_logs(nom):
with open(nom, 'r') as f:
l = f.readlines()
f.close()
return l
def zones(ligne):
if len(ligne) > 0:
for i in range(0,len(ligne)):
m = re.search(r,ligne[i])
if m:
ip = m.group(1)
date = m.group(3).replace('/', ' ')
heure = m.group(4)
page = m.group(6).replace('%20',' ')
num_code = m.group(7)
taille = m.group(8)
print(ip.rjust(15), '-', date.rjust(11), heure.rjust(5),'-', num_code.rjust(3),' ',codes[str(num_code)].rjust(32),' - ', taille.rjust(6),'-', page[:80])
else:
print("Vide.")
########################################################################
r = re.compile(r_ip+'(.*)'+r_date+r_page)
codes = tableau_codes()
zones(lit_logs("/var/log/apache2/access.log.1"))
print ("-----------------------------------------------------------------")
zones(lit_logs("/var/log/apache2/access.log"))