apache日志分析

任务：

通过ssh连接后将var/log/apache2/access.log.1日志文件下载下来改为txt根据查看可知:

1.

黑客ip 为192.168.200.2

2.

浏览器指纹为:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
转为md5:2d6330f380f44ac20f3a02eed0958f66

3.

通过脚本得到 index.php页面被访问了27次

import re
t=0
with open(r"C:\Users\32541\Desktop\fsdownload\access.log.txt",'r') as fp:
    t= fp.read()
print(len(re.findall(f'/index.php',t)))

4.

通过脚本得到 黑客ip访问了6555次

import re
t=0
with open(r"C:\Users\32541\Desktop\fsdownload\access.log.txt",'r') as fp:
    t= fp.read()
    print(len(re.findall(f'192.168.200.2 \- \- \[03\/Aug\/',t)))

5.

通过脚本得到 一小时内有5个ip访问了网站

import re
t=0
with open(r"C:\Users\32541\Desktop\fsdownload\access.log.txt",'r') as fp:
    t= fp.read()
    print(set(re.findall(f'(.*) \- \- \[03\/Aug\/',t)))