Created
March 3, 2022 20:43
-
-
Save shollingsworth/e73d47124a5ba02109370a4f625f8998 to your computer and use it in GitHub Desktop.
Print out slack access logs ordered by number of instances and first access / latest access from IP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| # -*- coding: utf-8 -*- | |
| """Print out slack access logs ordered by number of instances and first access / latest access from IP.""" | |
| import csv | |
| import sys | |
| from collections import defaultdict | |
| from datetime import datetime | |
| from pathlib import Path | |
| FILE = Path("./access_logs.csv") | |
| IP_TRACK = defaultdict(dict) | |
| with open(FILE, "r") as f: | |
| reader = csv.reader(f) | |
| rows = [row for row in reader] | |
| header = rows[0] | |
| data = rows[1:] | |
| for da, uas, uaf, ip, numlog, lda in data: | |
| # print(da, uas, uaf, ip, numlog, lda) | |
| dataccess = da.split() | |
| stub = " ".join(dataccess[:5]) | |
| # Wed Mar 02 2022 20:01:00 GMT-0800 | |
| dto = datetime.strptime(stub, "%a %b %d %Y %H:%M:%S") | |
| ts = dto.timestamp() | |
| IP_TRACK[ip].setdefault("numlog", 0) | |
| first_ts = IP_TRACK[ip].get("first", sys.maxsize) | |
| latest_ts = IP_TRACK[ip].get("latest", 0) | |
| if ts < first_ts: | |
| IP_TRACK[ip]["first"] = ts | |
| if ts > latest_ts: | |
| IP_TRACK[ip]["latest"] = ts | |
| IP_TRACK[ip]["numlog"] += int(numlog) | |
| for ip, dat in sorted(IP_TRACK.items(), key=lambda x: x[1]["numlog"], reverse=True): | |
| first = datetime.fromtimestamp(dat["first"]) | |
| latest = datetime.fromtimestamp(dat["latest"]) | |
| print(ip, dat.get("numlog"), first, latest) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment