python如何通过日志分析加入黑名单

python通过日志分析加入黑名单

监控nginx日志，若有人攻击，则加入黑名单，操作步骤如下：

1.读取日志文件

2.分隔文件，取出ip

3.将取出的ip放入list，然后判读ip的次数

4.若超过设定的次数，则加入黑名单

日志信息如下：

178.210.90.90?-?-?[04/Jun/2017:03:44:13?+0800]?"GET?/wp-includes/logo_img.php?HTTP/1.0"?302?161?"
http://nnzhp.cn/wp-includes/logo_img.php"?"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?
(KHTML,?like?Gecko)?Chrome/5.0.375.99?Safari/533.4"?"10.3.152.221"
178.210.90.90?-?-?[04/Jun/2017:03:44:13?+0800]?"GET?/blog?HTTP/1.0"?301?233?"?
logo_img.php"?"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?(KHTML,?like?Gecko)?
Chrome/5.0.375.99?Safari/533.4"?"10.3.152.221"
178.210.90.90?-?-?[04/Jun/2017:03:44:15?+0800]?"GET?/blog/?HTTP/1.0"?200?38278?"?
logo_img.php"?"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?(KHTML,?like?Gecko)?Chrome/
5.0.375.99?Safari/533.4"?"10.3.152.221"
66.249.75.29?-?-?[04/Jun/2017:03:45:55?+0800]?"GET?/bbs/forum.php?mod=forumdisplay&fid=574&filter=hot?HTTP/1.1"?
200?17482?"-"?"Mozilla/5.0?(compatible;?Googlebot/2.1;?+http://www.google.com/bot.html)"?"-"
37.9.169.20?-?-?[04/Jun/2017:03:47:59?+0800]?"GET?/wp-admin/security.php?HTTP/1.1"?302?161?"?
/security.php"?"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?(KHTML,?like?Gecko)?Chrome
/5.0.375.99?Safari/533.4"?"-"
37.9.169.20?-?-?[04/Jun/2017:03:48:01?+0800]?"GET?/blog?HTTP/1.1"?301?233?"?
security.php"?"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?(KHTML,?like?Gecko)?
Chrome/5.0.375.99?Safari/533.4"?"-"
37.9.169.20?-?-?[04/Jun/2017:03:48:02?+0800]?"GET?/blog/?HTTP/1.1"?200?38330?"?
security.php"?"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?(KHTML,?like?Gecko)
?Chrome/5.0.375.99?Safari/533.4"?"-"
37.9.169.20?-?-?[04/Jun/2017:03:48:21?+0800]?"GET?/wp-admin/security.php?HTTP/1.1"?302?161?"?
wp-admin/security.php"?"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?(KHTML,?like?Gecko)?
Chrome/5.0.375.99?Safari/533.4"?"-"
37.9.169.20?-?-?[04/Jun/2017:03:48:21?+0800]?"GET?/blog?HTTP/1.1"?301?233?"?
?"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?(KHTML,?like?Gecko)?Chrome/5.0.375.99?
?Safari/533.4"?"-"
37.9.169.20?-?-?[04/Jun/2017:03:48:23?+0800]?"GET?/blog/?HTTP/1.1"?200?38330?"http://nnzhp.cn/wp-admin/security.php"?
"Mozilla/5.0?(Windows;?U;?Windows?NT?5.1;?en-US)?AppleWebKit/533.4?(KHTML,?like?Gecko)?Chrome/5.0.375.99?
Safari/533.4"?"-"

代码如下：

import?os
import?time
#os.system('ipconfig')??#用来操作系统命令
while?True:
????list_ip?=?[]
????with?open('access.log')?as?fp:
????????for?line?in?fp:
????????????ip?=?line.split()[0]???#获取ip
????????????list_ip.append(ip)
????os.system('>access.log')???#清空文件内容
????set_ips?=?set(list_ip)?????#去除重复的ip值
????for?ip?in?set_ips:
????????if?list_ip.count(ip)?>200:??#若list_ip内重复出现的ip次数大于200，则加入黑名单
????????????os.system('iptables?-I?INPUT?1?-p?tcp?-s?%s??-j?DROP'?%?ip)
????time.sleep(60)