Blame view
RabbitMQ_sub/src/parser.py
1.25 KB
4d8ee1534 adding rabbitmq c... |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
import json import pandas as pd import matplotlib.pyplot as plt import numpy as np import base64 import re log_file = open("/home/thanasis/Downloads/events_fphag.log","r") events_list = [] for line in log_file.readlines(): jsonObj = json.loads(line.replace('"','\\"').replace("'message'",'"message"').replace("'",'"')) message = json.loads(jsonObj["message"]) event = message["event"] event_body = {} log = base64.b64decode(event["log"]).decode('utf8') m = re.search(r'\[Classification\:\s(.+)\]\s\[', log) event_body["event_alarm_id"] = m.group(1) event_body["asset_id"] = event["organization"] event_body["timestamp"] = int(event["date"]) # event_body["event_alarm_id"] = event["event_id"] event_body["event_alarm_char"] = event["type"] event_body["name"] = event["type"] event_body["source_ip"] = event["src_ip"] event_body["source_port"] = int(event["src_port"]) event_body["destination_ip"] = event["dst_ip"] event_body["dst_port"] = int(event["dst_port"]) events_list.append(event_body) df = pd.DataFrame.from_dict(events_list) df["timestamp"] = pd.to_datetime(df["timestamp"]) df.set_index(pd.DatetimeIndex(df['timestamp'])) df.plot(y='dst_port') plt.show() a_df=np.unique(df[['asset_id']], axis=0) |