parsing - Remove line pattern script in Python not fully functional -

-

for logs parsing, need remove pattern in log file:

pattern:

acces : lecture donnees (ou liste de repertoire) privileges : - nombre de sid restreint : 0 masque d acces : 0x1 "

log sample: 

# line has kept 2014-03-03 09:50:20,2014-03-03 09:50:20,560,success audit event,accès aux objets,security,la\user1,la-server1,"objet ouvert : serveur de l’objet : security type d’objet : file objet : \vol\vol01\prod\prod.conf identificateur du handle : 554 identificateur de l’opération : - id du processus : 2050 nom du fichier image : server soft utilisateur principal : user1 domaine principal : la id d’ouv. de session principale : (0x0, 0x9596) utilisateur client : 1.2.3.4 domaine client : - id d’ouv. de session client : - acces : lecture données (ou liste de répertoire) Écriture données (ou ajout fichier) ajout données (ou ajout sous-répertoire ou créer instance de canal) write_dac privilèges : - nombre de sid restreint : 0 masque d’accès : 0x40007 " # line has removed 2014-03-03 09:52:20,2014-03-03 09:50:20,560,success audit event,accès aux objets,security,la\user2,la-server1,"objet ouvert : serveur de l’objet : security type d’objet : file objet : \vol\vol01\prod\prod.conf identificateur du handle : 554 identificateur de l’opération : - id du processus : 2050 nom du fichier image : server soft utilisateur principal : user1 domaine principal : la id d’ouv. de session principale : (0x0, 0x9597) utilisateur client : 1.2.3.5 domaine client : - id d’ouv. de session client : - **acces : lecture donnees (ou liste de repertoire) privileges : - nombre de sid restreint : 0 masque d acces : 0x1 "** # line has removed 2014-03-03 09:53:20,2014-03-03 09:50:20,560,success audit event,accès aux objets,security,la\user3,la-server1,"objet ouvert : serveur de l’objet : security type d’objet : file objet : \vol\vol01\prod\prod.conf identificateur du handle : 554 identificateur de l’opération : - id du processus : 2050 nom du fichier image : server soft utilisateur principal : user1 domaine principal : la id d’ouv. de session principale : (0x0, 0x9597) utilisateur client : 1.2.3.6 domaine client : - id d’ouv. de session client : - **acces : lecture donnees (ou liste de repertoire) privileges : - nombre de sid restreint : 0 masque d acces : 0x1 "**

i found script here (thx atoztoa) job (i added sys module): 

import sys fname = sys.argv[1]  def delete_line(dello):      data = open(fname).readlines()      = 0     line in data:         if dello in line:            data.pop(i)         += 1     open(fname, "w").write("".join(data)) delete_line("acces : lecture donnees (ou liste de repertoire) privileges : - nombre de sid restreint : 0 masque d acces : 0x1\"")

when run script, didn't remove 2 lines of logs contain pattern : 1 of two.

i have run once or twice again script delete lines

i don't know why.

you shouldn't increment i when calling pop(). also, shouldn't use pop() when iterating on list. because if remove element middle of list, skip items while iterating.

you should rewrite delete_line() follows:

def delete_line(dello):     open(fname) f:         data = [line line in f if dello not in line]     open(fname, 'w') f:         f.write(''.join(data))

(note there room improvement.)

an problem giving delete_line() wrong argument: there's space between 0x1 , ". correct line:

delete_line('acces : lecture donnees (ou liste de repertoire) privileges : - nombre de sid restreint : 0 masque d acces : 0x1 "')

by way, there's excellent program filters out lines file: it's grep (with -v option).


Comments

Post a Comment

Popular posts from this blog

c# - How to get the current UAC mode -

-
can check current uac type set in device before running application through c#. i got know approach check whether current user administrator or not. but, need know uac type set (i.e. default/never notify) internal logic. is possible? please help. this article self-elevation , checking level program runs in. due security reasons i'm afraid won't able retrieve uac level set. http://code.msdn.microsoft.com/windowsdesktop/csuacselfelevation-644673d3
Read more

postgresql - Lazarus + Postgres: incomplete startup packet -

-
i've been building lazarus pascal program using postgresql on back-end. used work fine following lines opening db. dbconn:= tpqconnection.create(nil); dbconn.hostname := 'localhost'; dbconn.databasename:= 'dbhrs'; dbconn.username:='mizk'; dbconn.password:='123'; dbconn.open; if dbconn.connected openhrsdb := true else openhrsdb := false; but moment change localhost server's ip (on lan), program stops. no errors or warnings. have no clue happening. here related details may narrow down problem. the program i'm running workstation on same lan server. both machines run ubuntu 12.04 desktop i can access postgres db on server using pgadmin iii, guess it's not firewall issue. i have allowed postgresql ufw , ufw disabled. strangely, when firewall disabled, can ssh server terminal using workstation. when it's enabled, can't my biggest concern right why pascal program not working when i...
Read more

angularjs - ng-repeat duplicating items after page reload -

-
i have angularjs application, node.js , express backend, i'm not using angular's routings. when refresh page using browser's refresh button, items on page loaded in ng-repeat duplicate. i'm not sure why occurs, i'm wondering happens controller when page reloaded? old controller destroyed, , new 1 created, or controller added, causing duplications? here part of html file, relvevant controller code: (trans.html) <div class="pure-u-1-2" ng-repeat="trans in transactions | filter:searchtext"> <div class="transaction" ng-style="{'border-style': 'solid', 'border-color': categorycolours[trans.category.name]}"> <h2 id="transname">{{ trans.name }}</h2> <h4>{{ trans.description }}</h4> <h4>{{ trans.date }}</h4> <div class="pure-u-1-1"> <h3 id="categor...
Read more