Problem scenario:
You have a log like this:
Sep 18 07:28:11 server1 sshd[29284]: Received disconnect from 125.52.17.109 port 46970:11: Bye Bye [preauth]
Sep 18 07:28:11 server1 sshd[29284]: Disconnected from 125.52.17.109 port 46970 [preauth]
Sep 18 07:28:11 server1 sshd[29282]: Failed password for root from 51.12.19.109 port 24844 ssh2
Sep 18 07:28:13 server1 sshd[29287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.155.214 user=root
Sep 18 07:28:13 server1 sshd[29282]: Failed password for root from 51.12.19.109 port 24844 ssh2
Sep 18 07:28:14 server1 sshd[29282]: Received disconnect from 51.12.19.109 port 24844:11: [preauth]
Sep 18 07:28:14 server1 sshd[29282]: Disconnected from 51.12.19.109 port 24844 [preauth]
Sep 18 07:28:14 server1 sshd[29282]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.12.19.109 user=root
Sep 18 07:28:15 server1 sudo: jdoe : TTY=pts/0 ; PWD=/home/jdoe/ ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.log
Sep 18 07:28:15 server1 sudo: pam_unix(sudo:session): session opened for user root by jdoe(uid=0)
You want to extract lines that happen on a specific day using Python with only four lines of code. You do not want to use an "import" statement. What do you do?
Solution
Here is how to extract the "Jun 17" days:
log_reader = open('auth.log', 'r')
for line in log_reader:
if line.startswith("Jun 15"):
print(line)
This solution assumes the text log starts with the day in the format provided; it is an example, and your logs may require a different solution.