From abc8150ddf81697b1811ec5cd44d2a2a3e6d8abb Mon Sep 17 00:00:00 2001 From: acidvegas Date: Fri, 26 May 2023 17:57:53 -0400 Subject: [PATCH] Added a parser for searching logs with ease --- README.md | 4 +--- parser.py | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 parser.py diff --git a/README.md b/README.md index 14ddfe2..1c4f136 100644 --- a/README.md +++ b/README.md @@ -89,10 +89,8 @@ All of the raw data from a server is logged & stored. The categories below are s ## Todo * Capture `IRCOPS` & `STATS p` command outputs * Built in identd -* Checking for IPv6 availability *(Need to find the server DNS, link names are not required to have DNS entries)* +* Checking for IPv6 availability *(SSL= in 005 responses may help verify IPv6)* * Random nick changes for stealth on larger networks -* Create a helper script for parsing logs & generating statistics on data -* Parse only certain information for numerics to cut down on log sizes *(Important for scaling)* ## Mirrors - [acid.vegas](https://git.acid.vegas/ircp) diff --git a/parser.py b/parser.py new file mode 100644 index 0000000..3c399ec --- /dev/null +++ b/parser.py @@ -0,0 +1,60 @@ +#!/usr/bin/env python +# ircp logs parser - developed by acidvegas in python (https://git.acid.vegas/ircp) + +import json +import os +import sys + +def parse(line, raw): # TODO: finish adding custom outputs for certain fields + if not raw: + args = line.split() + numeric = args[1] + data = ' '.join(args[3:]) + if data[:1] == ':': + data = data[1:] + if numeric == '001' and len(args) >= 7 and data.lower().startswith('welcome to the '): + return args[6] + elif numeric == '002' and len(line.split('running version ')) == 2: + return line.split('running version ')[1] + elif numeric == '003': + check = [item for item in ('This server was cobbled together ','This server was created ','This server has been started ','This server was last re(started) on ','This server was last (re)started on ') if data.startswith(item)] + if check: + return data.replace(check[0],'') + elif numeric == '004' and len(args) >= 5: + return args[4] + elif numeric == '005': + return data.split(' :')[0] + elif numeric == '006': + while data[:1] in ('-','|',' ','`'): + data = data[1:] + return data.split()[0] + return line if raw else data + +# Main +if len(sys.argv) >= 2: + check = sys.argv[1] + raw = True + if len(sys.argv) == 3: + if sys.argv[2] == 'clean': + raw = False + logs = os.listdir('logs') + found = 0 + for log in logs: + with open('logs/'+log) as logfile: + data = json.loads(logfile.read()) + if check in data: + found += 1 + data = data[check] + if type(data) == str: + print(parse(data, raw)) + elif type(data) == list: + for item in data: + print(parse(item, raw)) + else: + print(f'error: \'{check}\' is an invalid or missing field') + break + print(f'\nFound {found} results in {len(logs)} logs') +else: + print('usage: python parser.py [clean]\n') + print(' may be any item in the snapshots (001, NOTICE, 464, etc)') + print(' [clean] may be optionally used to display a cleaner output') \ No newline at end of file