/
logfiles.test
48 lines (48 loc) · 1.67 KB
/
logfiles.test
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
>>> from fg_log_parser import get_communication_matrix
>>> logformat = {'srcipfield': 'srcip',
... 'dstipfield': 'dstip',
... 'dstportfield': 'dstport',
... 'protofield': 'proto',
... 'sentbytesfield': 'sentbyte',
... 'rcvdbytesfield': 'rcvdbyte',
... 'actionfield': 'action'}
>>> get_communication_matrix('testlogs/fg.log', logformat)
{'192.168.1.1': {'8.8.8.8': {None: {None: {'count': 1}}, '53': {'UDP': {'count': 3}}}}}
>>> get_communication_matrix('testlogs/fgnone.log', logformat, noipcheck=True)
{'192.168.1.1': {None: {'53': {'UDP': {'count': 1}}}}}
>>> logformat = {'srcipfield': 'srcip',
... 'dstipfield': 'dstip',
... 'dstportfield': 'dstport',
... 'protofield': 'proto',
... 'sentbytesfield': 'sentbyte',
... 'rcvdbytesfield': 'rcvdbyte'}
>>> logformat = {'srcipfield': 'SRC',
... 'dstipfield': 'DST',
... 'protofield': 'PROTO',
... 'dstportfield': 'DPT',
... 'sentbytesfield': 'None',
... 'rcvdbytesfield': 'None',
... 'actionfield': 'action'}
>>> get_communication_matrix('testlogs/iptables', logformat)
{'192.168.1.1': {'8.8.8.8': {None: {'ICMP': {'count': 1}}, '22': {'TCP': {'count': 3}}}, '8.8.4.4': {'22': {'UDP': {'count': 1}}}}}
>>> from fg_log_parser import print_communication_matrix
>>> matrix = {'192.168.1.1': {'8.8.8.8': {None: {None: {'count': 1}}, '53': {'UDP': {'count': 3}}}}}
>>> print_communication_matrix(matrix)
192.168.1.1
8.8.8.8
None
None
count
1
53
UDP
count
3
>>> matrix = {'192.168.1.1': {None: {'53': {'UDP': {'count': 1}}}}}
>>> print_communication_matrix(matrix)
192.168.1.1
None
53
UDP
count
1