Skip to content

Commit 78f310d

Browse files
HainishHainish
committed
Adding ipv6 support
1 parent 283fdda commit 78f310d

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

cryptolog.py

+12-3
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,8 @@ def __init__(self, regex=None, field_list=None, delete_list=None):
6363

6464
defSetRegex(self, regex):
6565
self._regex=regex
66+
# get a list of named groups from the regex, in order
67+
self._named=map(lambdax: x[0], sorted(self._regex.groupindex.items(), key=lambdax: x[1]))
6668

6769
defSetFields(self, field_list, delete_list):
6870
self._field_list=field_list
@@ -73,6 +75,7 @@ def IsInitialized(self):
7375

7476
defReset(self):
7577
self._regex=None
78+
self._named=None
7679
self._field_list=None
7780

7881
defEncryptSingleLogEntry(self, log_entry):
@@ -90,7 +93,11 @@ def EncryptSingleLogEntry(self, log_entry):
9093
results=self._regex.search(log_entry)
9194
ifnotresults:
9295
raiseLogParseError("Log format does not match regex.")
93-
split_log=list(results.groups())
96+
printself._regex.groupindex.items()
97+
98+
# create a list of matches based on named gropus, preserving order
99+
results_dict=results.groupdict()
100+
split_log=map(lambdax: results_dict[x], self._named)
94101

95102
# TODO(dtauerbach): this is inefficient but regex
96103
# doesn't seem quite powerful enough to avoid it
@@ -151,9 +158,11 @@ def EncryptField(self, field, hashed_size):
151158
p=Popen(args.command, stdin=PIPE, shell=True)
152159

153160
entities=args.entities.split(',')
154-
regex=re.compile(r'(?P<IP>\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?)( )(?P<OTHER>.*)')
161+
ipv6_exp='([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])'
162+
ipv4_exp='\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?'
163+
regex=re.compile(r'(?P<IP>'+ipv4_exp+'|'+ipv6_exp+')( )(?P<OTHER>.*)')
155164
# todo:dta improve this regex for common log format
156-
apache_regex=re.compile(r'(?P<IP>\d\d?\d?\.\d\d?\d?\.\d\d?\d?\.\d\d?\d?) (?P<SAVE1>-) (?P<SAVE2>-) (?P<DATETIME>\[.*\]) (?P<REQUEST>".*") (?P<SAVE3>\d*|\-) (?P<SAVE4>\d*|\-) (?P<OTHER>.*)')
165+
apache_regex=re.compile(r'(?P<IP>'+ipv4_exp+'|'+ipv6_exp+') (?P<SAVE1>-) (?P<SAVE2>-) (?P<DATETIME>\[.*\]) (?P<REQUEST>".*") (?P<SAVE3>\d*|\-) (?P<SAVE4>\d*|\-) (?P<OTHER>.*)')
157166
delete_list= []
158167

159168
# hack for pound logs

0 commit comments

Comments
 (0)
close