get_stats.py

1. #!/usr/bin/env python3
2.  
3. """
4. Just for fun
5.  
6. # https://www.youtube.com/watch?v=-jexCDc7n5E
7. """
8.  
9. import csv
10. from collections import Counter
11. from datetime import datetime as DateTime
12. from datetime import timedelta as TimeDelta
13. from enum import Enum
14. from ipaddress import ip_address
15.  
16.  
17. class Kind(Enum):
18.     CONNECT = "connected"
19.     DISCONNECT = "disconnected"
20.  
21.  
22. def get_stats(file="tarpit.csv"):
23.     def ts_parser(ts: str) -> DateTime:
24.         return DateTime.strptime(ts, "%Y-%m-%d %H:%M:%S")
25.  
26.     connected_set = set()
27.     disconnected_set = set()
28.     all_data = []
29.  
30.     with open(file, "rt", newline="", encoding="ascii") as fd:
31.         reader = csv.reader(fd, delimiter=",")
32.         for row in reader:
33.             try:
34.                 ts, ip, port, kind = row
35.             except ValueError:
36.                 if "INFO" in row[0] or "WARNING" in row[0]:
37.                     continue
38.                 print(f"Incomplete input: {row}")
39.                 continue
40.  
41.             ts = ts_parser(ts)
42.             ip = ip_address(ip)
43.             port = int(port)
44.             try:
45.                 kind = Kind(kind)
46.             except ValueError:
47.                 print(f"Unknown kind: {kind}")
48.                 continue
49.  
50.             all_data.append((ts, ip, port, kind))
51.             client = ip, port
52.             if kind == Kind.CONNECT:
53.                 connected_set.add(client)
54.             elif kind == Kind.DISCONNECT:
55.                 disconnected_set.add(client)
56.  
57.     active_clients = connected_set - disconnected_set
58.     active_count = len(active_clients)
59.     del connected_set, disconnected_set
60.  
61.     active_connections = [row for row in all_data if tuple(row[1:3]) in active_clients]
62.     del active_clients
63.  
64.     log_duration = all_data[-1][0] - all_data[0][0]
65.     top10_attacking_ips = Counter(
66.         (row[1] for row in all_data if row[-1] == Kind.CONNECT)
67.     ).most_common(10)
68.  
69.     return all_data, active_count, active_connections, log_duration, top10_attacking_ips
70.  
71.  
72. if __name__ == "__main__":
73.     all_data, active_count, active_clients, duration, top10 = get_stats()
74.     day = TimeDelta(days=1)
75.  
76.     print(f"Logzeitraum: {duration // day} Tage")
77.     print(f"{active_count} aktive Verbindungen")
78.     print()
79.     print("Top 10")
80.  
81.     for ip, anzahl in top10:
82.         print(f"{ip!s:<16} => {anzahl}")