如何用python做相同字符串的提取、时间做差
2012-04-16 17:23:01.832641 IP 192.168.19.70.48635 > 125.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 0
2012-04-16 17:23:09.832641 IP 192.168.19.81.48635 > 203.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 0
2012-04-16 17:24:01.925775 IP 192.168.19.70.48637 > 125.64.93.204.65533: Flags [S], seq 1551096059, win 14600, options [mss 1460,sackOK,TS val 380146618 ecr 0,nop,wscale 6], length 0
2012-04-16 17:25:01.020266 IP 192.168.19.70.48638 > 125.64.93.204.65533: Flags [S], seq 2643095877, win 14600, options [mss 1460,sackOK,TS val 380205712 ecr 0,nop,wscale 6], length 0
2012-04-16 17:23:19.832641 IP 192.168.19.81.48635 > 203.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 0
2012-04-16 17:26:01.104927 IP 192.168.19.70.48639 > 125.64.93.204.65533: Flags [S], seq 4022318958, win 14600, options [mss 1460,sackOK,TS val 380265797 ecr 0,nop,wscale 6], length 0
2012-04-16 17:27:01.187470 IP 192.168.19.70.48640 > 125.64.93.204.65533: Flags [S], seq 2529893861, win 14600, options [mss 1460,sackOK,TS val 380325879 ecr 0,nop,wscale 6], length 0
2012-04-16 17:28:01.271459 IP 192.168.19.70.48641 > 125.64.93.204.65533: Flags [S], seq 1322747235, win 14600, options [mss 1460,sackOK,TS val 380385963 ecr 0,nop,wscale 6], length 0
我的需求是这样的
1、提取出源ip 目地ip 相同行
2、对1中得到的行的时间进行做差 即第二行时间减第一行 第三行减第二行 第N行减(N-1)行
每行格式可以这么理解 提权sip和dip相同的行 然后相邻行的时间做差
date sip dip
如何用python实现 求各位大神指点啊
[解决办法]
import refrom datetime import datetimestr = '''2012-04-16 17:23:01.832641 IP 192.168.19.70.48635 > 125.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 02012-04-16 17:23:09.832641 IP 192.168.19.81.48635 > 203.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 02012-04-16 17:24:01.925775 IP 192.168.19.70.48637 > 125.64.93.204.65533: Flags [S], seq 1551096059, win 14600, options [mss 1460,sackOK,TS val 380146618 ecr 0,nop,wscale 6], length 02012-04-16 17:25:01.020266 IP 192.168.19.70.48638 > 125.64.93.204.65533: Flags [S], seq 2643095877, win 14600, options [mss 1460,sackOK,TS val 380205712 ecr 0,nop,wscale 6], length 02012-04-16 17:23:19.832641 IP 192.168.19.81.48635 > 203.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 02012-04-16 17:26:01.104927 IP 192.168.19.70.48639 > 125.64.93.204.65533: Flags [S], seq 4022318958, win 14600, options [mss 1460,sackOK,TS val 380265797 ecr 0,nop,wscale 6], length 02012-04-16 17:27:01.187470 IP 192.168.19.70.48640 > 125.64.93.204.65533: Flags [S], seq 2529893861, win 14600, options [mss 1460,sackOK,TS val 380325879 ecr 0,nop,wscale 6], length 02012-04-16 17:28:01.271459 IP 192.168.19.70.48641 > 125.64.93.204.65533: Flags [S], seq 1322747235, win 14600, options [mss 1460,sackOK,TS val 380385963 ecr 0,nop,wscale 6], length 0'''pat = re.compile( r"^(.*)\s+IP\s+(\d+.\d+.\d+.\d).*>\s*(\d+.\d+.\d+.\d+)" )ipDict = {}lines = str.split( '\n' )for line in lines: line = line.strip() if line: found = pat.match( line ) if found: print( found.groups() ) key = found.group( 2 ), found.group( 3 ) value = found.group( 1 ) if key in ipDict: dt = ipDict[ key ] last = dt[ -1 ] dt.append( value ) diff = datetime.strptime( value, "%Y-%m-%d %H:%M:%S.%f" ) - datetime.strptime( last, "%Y-%m-%d %H:%M:%S.%f" ) print( "%s ==> %s" % ( key, diff ) ) else: ipDict[ key ] = [ value ]
[解决办法]
楼主是不是想把时间按照ip归类啊,ip一样的时间得弄在一起
import refrom datetime import datetimestr = '''2012-04-16 17:23:01.832641 IP 192.168.19.70.48635 > 125.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 02012-04-16 17:23:09.832641 IP 192.168.19.81.48635 > 203.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 02012-04-16 17:24:01.925775 IP 192.168.19.70.48637 > 125.64.93.204.65533: Flags [S], seq 1551096059, win 14600, options [mss 1460,sackOK,TS val 380146618 ecr 0,nop,wscale 6], length 02012-04-16 17:25:01.020266 IP 192.168.19.70.48638 > 125.64.93.204.65533: Flags [S], seq 2643095877, win 14600, options [mss 1460,sackOK,TS val 380205712 ecr 0,nop,wscale 6], length 02012-04-16 17:23:19.832641 IP 192.168.19.81.48635 > 203.64.93.204.65533: Flags [S], seq 692947831, win 14600, options [mss 1460,sackOK,TS val 380086525 ecr 0,nop,wscale 6], length 02012-04-16 17:26:01.104927 IP 192.168.19.70.48639 > 125.64.93.204.65533: Flags [S], seq 4022318958, win 14600, options [mss 1460,sackOK,TS val 380265797 ecr 0,nop,wscale 6], length 02012-04-16 17:27:01.187470 IP 192.168.19.70.48640 > 125.64.93.204.65533: Flags [S], seq 2529893861, win 14600, options [mss 1460,sackOK,TS val 380325879 ecr 0,nop,wscale 6], length 02012-04-16 17:28:01.271459 IP 192.168.19.70.48641 > 125.64.93.204.65533: Flags [S], seq 1322747235, win 14600, options [mss 1460,sackOK,TS val 380385963 ecr 0,nop,wscale 6], length 0'''res = r'(.*?) IP (.*?) > (.*?)\:.*?'lines = str.split('\n')sourceDest = {}for line in lines: m = re.findall(res,line.strip()) if len(m)>0 and len(m[0])==3: newkey = m[0][1][:m[0][1].rindex('.')]+' > '+m[0][2][:m[0][2].rindex('.')] if sourceDest.has_key(newkey): sourceDest[newkey].append(m[0][0]) else: sourceDest[newkey] = [m[0][0]]for k,v in sourceDest.items(): print '\n=============================\n%s\n=============================\n' % k if len(v)==1: print v[0] else: for i in range(1,len(v)): print 'Start: \t\t%s\nEnd: \t\t%s\nDuration: \t%s\n' % (v[i-1],v[i],datetime.strptime(v[i], "%Y-%m-%d %H:%M:%S.%f")-datetime.strptime(v[i-1], "%Y-%m-%d %H:%M:%S.%f"))