Requirements: monitoring logs, if there are attacks, put the ip blacklist
analysis:
1, open the log file, read all of the contents of the file
2, extract the contents of ip
3, put the ip to the list to go, in with a set weight to obtain the number of different independent IP
. 4, set in the IP cycle, to list the number of IP to statistics, more than 50 is added to the blacklist
Time Import
COUNT = 0 # Initial file pointer is set to 0
the while True:
ip_list = [] # emptied when every cycle the list, because it is the statistics of one minute
( "access.log", "r" with open, = encoding "UTF-. 8") AS fr:
fr.seek (COUNT) to read the contents of files # The file pointer
for line in fr: # in each row cycle to get content
ip_list.append (line.split ( "-") [ 0]) # ip taking each row
count = fr.tell () # updated after reading the file pointer
for ip in set (ip_list): # ip loop to read the set of statistics to the list and
if ip_list.count (ip)> 50:
Print ( "% s is the ip added to the blacklist"% ip)
fr.close () # close the file handle
time.wait (60)
