发表新帖
发表新帖

Parsing Snort Logs with PyParsing

后端 未结
关注
3 1455
别那么骄傲
别那么骄傲 2021-02-04 15:52

Having a problem with parsing Snort logs using the pyparsing module.

The problem is with separating the Snort log (which has multiline entries, separated by a blank line

3条回答
  • 鱼传尺愫
    鱼传尺愫 (楼主)
    2021-02-04 16:42

    Well, I don't know Snort or pyparsing, so apologies in advance if I say something stupid. I'm unclear as to whether the problem is with pyparsing being unable to handle the entries, or with you being unable to send them to pyparsing in the right format. If the latter, why not do something like this?

    def logreader( path_to_file ):
    chunk = [ ]
    with open( path_to_file ) as theFile:
        for line in theFile:
            if line:
                chunk.append( line )
                continue
            else:
                yield "".join( *chunk )
                chunk = [ ]

    Of course, if you need to modify each chunk before sending it to pyparsing, you can do so before yielding it.

    0 讨论(0)
 看不清?
提交回复
热议问题