JSON日志檔案中的IPURL映射-有解無憂

我有一個 JSON 日志檔案，想要列印并計算 URL（requestURL）在同一個日志檔案中被 IP 命中的次數。輸出應如下所示：

IP(remoteIp): URL1-(Count), URL2-(Count), URL3...
127.0.0.1: http://www.google.com - 12, www.bing.com/servlet-server.jsp - 2, etc..

日志檔案的示例如下

"insertId": "kdkddkdmdkd",
"jsonPayload": {
  "@type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
  "enforcedSecurityPolicy": {
    "configuredAction": "DENY",
    "outcome": "DENY",
    "preconfiguredExprIds": [
      "owasp-crs-v030001-id942220-sqli"
    ],
    "name": "shbdbbddjdjdjd",
    "priority": 2000
  },
  "statusDetails": "body_denied_by_security_policy"
},
"httpRequest": {
  "requestMethod": "POST",
  "requestUrl": "https://dknnkkdkddkd/token",
  "requestSize": "3004",
  "status": 403,
  "responseSize": "274",
  "userAgent": "okhttp/3.12.2",
  "remoteIp": "127.0.0.1",
  "serverIp": "123.123.33.31",
  "latency": "0.018728s"
}

我正在使用的解決方案如下。我能夠獲得每個 IP 的總點擊量或 URL 被點擊的總次數等。

import json
from collections import Counter

unique_ip = {}
request_url = {}

def getAndSaveValueSafely(freqTable, searchDict, key):
    try:
        tmp = searchDict['httpRequest'][key]
        if tmp in freqTable:
            freqTable[tmp]  = 1

        else:
            freqTable[tmp] = 1
    except KeyError:
        if 'not_present' in freqTable:
            freqTable['not_present']  = 1
        else:
            freqTable['not_present'] = 1
with open("threat_intel_1.json") as file:
    data = json.load(file)

for d2 in data:
    getAndSaveValueSafely(unique_ip, d2, 'remoteIp')

    getAndSaveValueSafely(request_url, d2, 'requestUrl')
mc_unique_ip = (dict(Counter(unique_ip).most_common()))
mc_request_url = (dict(Counter(request_url).most_common()))
def printing():
    a = str(len(unique_ip))
    b = str(len(request_url))
    with open("output.txt", "w") as f1:
        print(
            f' Start Time of log = {minTs}'
            f' \n\n End Time of log = {maxTs} \n\n\n {a} Unique IP List = {mc_unique_ip} \n\n\n {b} Unique URL = {mc_request_url},file=f1)

uj5u.com熱心網友回復：

我認為您不需要使用柜臺，也不太可能看到任何好處

from collections import defaultdict
result = {} # start empty

with open("threat_intel_1.json") as file:
    data = json.load(file)

for d2 in data:
    req = d2.get('httpRequest',None)
    if not req:
       continue
    url = req['requestUrl']
    ip = req['remoteIp']
    result.setdefault(url,defaultdict(int))[ip]  = 1

print(result)
# {"/endpoint.html": {"127.2.3.4":15,"222.11.31.22":2}}

相反，如果您想要其他方式，那也很容易

for d2 in data:
    req = d2.get('httpRequest',None)
    if not req:
       continue
    url = req['requestUrl']
    ip = req['remoteIp']
    result.setdefault(ip,defaultdict(int))[url]  = 1

#{"127.1.2.3",{"/endpoint1.html":15,"/endpoint2.php":1},"33.44.55.66":{"/endpoint1.html":5}, ...}

而不是使用 defaultdict 你可以添加一行

   # result.setdefault(ip,defaultdict(int))[url]  = 1
   result.setdefault(ip,{})
   result[ip][url] = result[ip].get(url,0)   1

無論如何，這可以說更具可讀性......

轉載請註明出處，本文鏈接：https://www.uj5u.com/houduan/510063.html

標籤：Pythonjson列表字典解析

上一篇：如何在KinesisFirehose中指定JSON物件之間的分隔符

下一篇：如何讀取嵌套的JSON/陣列資料？