IIS Logs Parsing

Question

I have requirement for IIS Logs parsing using python. PFB sample logs for your reference. Requirement:

->>Unique IPs List with 443 port and ->>Unique IPs List with 8080 port

#Software: Microsoft Internet Information Services 7.5
#Version: 1.0
#Date: 2021-06-01 00:00:00
#Fields: date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs-version cs(User-Agent) sc-status sc-substatus sc-win32-status sc-bytes cs-bytes time-taken
2021-06-01 00:00:00 172.12.120.95 POST /login - 443 - 53.101.10.78 HTTP/1.1 - 200 0 0 1038 3882 3249
2021-06-01 00:00:00 172.12.120.95 POST /login - 443 - 52.104.10.78 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.2;+WOW64;+Trident/7.0;+.NET4.0E;+.NET4.0C;+.NET+CLR+3.5.30729;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729) 200 0 0 1013 4749 3437
2021-06-01 00:00:00 172.12.120.95 POST /login - 8080 - 32.23.11.134 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.2;+WOW64;+Trident/7.0;+.NET4.0C;+.NET4.0E;+.NET+CLR+2.0.50727;+.NET+CLR+3.0.30729;+.NET+CLR+3.5.30729) 200 0 0 1173 3449 4218

Please help. Thank you.

What is your question about this? – mkrieger1 Jun 02 '21 at 18:35 — mkrieger1, Jun 02 '21 at 18:35

score 1 · Answer 1 · answered Jun 02 '21 at 18:46

Generally this forum isn't for writing your code for you. It's about helping you troubleshoot or understand the code you've already been working with. You post the code that isn't "behaving properly" and we help out.

I didn't fully test this, but this should at least get you started.

import re

with open("your_logfile", 'r') as log:
    for line in log:
        found = re.search(r"/login - (443|8080) - \d{1,3}.\d{1,3}.\d{1,3}.\d{1,3}", log)
        if found:
            result = found.group()
            data = result.split('-').strip()
            print("IP: %s   Port: %s" % (data[1].strip(),data[2].strip()))

IIS Logs Parsing

1 Answers1