2

I am beginner to python and I have a log file which contains MBX_AUTHENTICATION_FAILED where I already took the information of username, timestamp and IP address.

My question is how can I take a username who has changed password for 10 times from log file, because the condition is whenever a user changes password for 10 times, we need the detail of the user such as username, timestamp and IP address. This is my log file:

20170119 193739188+0900 elim1td001p imapserv 52324 75559 132341478487808 Note;UserDataException(504/1) MBX_AUTHENTICATION_FAILED:{protocolType=[imap], userName=[teasst_emailrei_6000], password=[XXXXX]}:AuthenticateAndGetMailboxService\3aPOST:Authenticating Failed.::user=test_emaili_3000:cmd=1 LOGIN teasst_emailrei_6000 <password>:fromhost=129.0.0.1:sid=b34f10a-fd04-11e7-b246-7f629ba04def

This is my python code

import re
from csv import writer
import datetime
log_file = '/Users/kiya/Desktop/ip.txt'
output_file = '/Users/kiya/Desktop/output.csv'

name_to_check = 'MBX_AUTHENTICATION_FAILED'

with open(log_file,encoding="utf-8") as infile:
    for line in infile:
        if name_to_check in line:
            username = re.search(r'(?<=userName=\[)(.*)(?=\],)', line)
            username = username.group()

            date = re.search(r'(?P<date>\d{8})\s+(?P<time>\d{9})\+(?P<zone>\d{4})', line)
            date = datetime.datetime.strptime(date.group('date'), "%Y%m%d").strftime("%Y-%m-%d")
            print(date)

            time = re.search(r'(?P<date>\d{8})\s+(?P<time>\d{9})\+(?P<zone>\d{4})', line)
            time = datetime.datetime.strptime(time.group('time'), "%H%M%S%f").strftime("%H:%M:%S")
            print(time)

            ip = re.search(r'(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])',line)
            ip = ip.group()

            with open(output_file, 'w') as outfile:
                csv_writer = writer(outfile)
                csv_writer.writerow(["Username","Date","Time","Ip"])
                csv_writer.writerow([username,date,time,ip])
Improve this question
5
  • 2
    What about this doesn't work? In order for us to help you better we need you to tell us what's wrong with the code you have. Commented May 27, 2018 at 6:54
  • @RThomP I want to know that how can I take a username who has changed the password for 10 times from the string MBX_AUTHENTICATION_FAILED. We need to take from here since there are many log files with the capacity of 20tb Commented May 27, 2018 at 6:59
  • I understand what you're trying to do with your code, but why isn't the code you've written working? Commented May 27, 2018 at 7:01
  • Are you able find the username of a user that changed it once with the message MBX_AUTHENTICATION_FAILED using the current code? Commented May 27, 2018 at 7:01
  • @ThomasAyoub yes the code is working and it shows all username, but it does not show the specific username who has changed the password for 10 times and I need to know how to take it Commented May 27, 2018 at 7:07

1 Answer 1

Reset to default
1

you can append the username into a list then use collection.counter to get the count:

from collections import Counter
usernamelist = []
usernamelist.append('tom')
usernamelist.append('tom')
usernamelist.append('tom')
usernamelist.append('sam')
usernamelist.append('louis')
c = Counter(usernamelist)
list_of_user_more_than_one = [i for i in c if c[i] > 1]
print(list_of_user_more_than_one)
--->['tom']
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

But i have lots of users in that 20tb, how can I write it one by one
You add usernamelist.append(username) in your for loop
This is the kind of solution you want to use @KatarinaAlves. Of course you'll not write all the usernames by hand. But each time your loop will match a user, add it to the list
@LouisNg I have tried the code you gave, but this shows the result of whole users detail, not the user who has changed password for 10 times. The point is that whenever a user makes a wrong password for many times
ex: If the user type wrong password for 2 times, he is still the user. If the stranger type wrong password for 10 times, then he is the anonymous user, not the real user.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.