Using Python How Do You Print Log Entries for a Given Time Range?

0 Comments

Problem scenario
Using Python, you want to parse a log file. You want to print out entries that have a datetime stamp that are within 24 hours of a given date.

The log file is in this format:

Sep 18 07:28:11 server1 sshd[29284]: Received disconnect from 115.52.17.109 port 46970:11: Bye Bye [preauth]
Sep 18 07:28:11 server1 sshd[29284]: Disconnected from 115.52.17.109 port 46970 [preauth]
Sep 18 07:28:11 server1 sshd[29282]: Failed password for root from 51.10.7.109 port 24844 ssh2
Sep 18 07:28:13 server1 sshd[29287]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.155.214 user=root
Sep 18 07:28:13 server1 sshd[29282]: Failed password for root from 51.10.7.109 port 24844 ssh2
Sep 18 07:28:14 server1 sshd[29282]: Received disconnect from 51.10.7.109 port 24844:11: [preauth]
Sep 18 07:28:14 server1 sshd[29282]: Disconnected from 51.10.7.109 port 24844 [preauth]
Sep 18 07:28:14 server1 sshd[29282]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.10.7.109 user=root
Sep 18 07:28:15 server1 sudo: jdoe : TTY=pts/0 ; PWD=/home/jdoe/ ; USER=root ; COMMAND=/usr/bin/tail /var/log/auth.log
Sep 18 07:28:15 server1 sudo: pam_unix(sudo:session): session opened for user root by jdoe(uid=0)

You want to convert the strings to the datetime data type. What do you do?

Possible Solution #1

Use this program:

from datetime import datetime, timedelta
log_reader = open('auth.log', 'r')
for line in log_reader:
    dt_of_log = datetime.strptime('2021 ' + line[:6], '%Y %b %d')
    fixed_date = datetime(2021, 6, 15)
    diff = abs(dt_of_log - fixed_date)
    if diff > timedelta(days = 1):
        print(dt_of_log - fixed_date)

Possible Solution #2
See this: https://serverfault.com/questions/101744/fast-extraction-of-a-time-range-from-syslog-logfile

Possible Solution #3
If you do not want to import a module, see this posting: https://stackoverflow.com/questions/12660164/the-best-way-to-filter-a-log-by-a-dates-range-in-python

Leave a comment

Your email address will not be published. Required fields are marked *