FRP日志分析
这几天搞了群晖,部署了个FRP,把端口代{过}{滤}理出去。我的服务器是按流量计费的,本着流量不能浪费的原则,对安全这块还是比较在意的
昨天登录FRP发现,无缘无故的流量一直在跑
看了下FRP的日志,有请求一直在访问FRP。
我在服务器上开的端口,本来就很大,还是再被扫描
于是决定,写个脚本,分析下日志,把这些有问题的IP给封掉。
下面是我写的Python脚本,水平有限,大佬勿喷。
代码有什么问题,可以指出来,我不一定会改。
import datetime
import openpyxl
log_data = []
target_contents = ["get a user connection"]
target_content = "get a user connection"
start_time = datetime.datetime.strptime("2023-06-29 16:30:30", "%Y-%m-%d %H:%M:%S")
end_time = datetime.datetime.strptime("2023-06-29 16:31:30", "%Y-%m-%d %H:%M:%S")
log_map = {}
print_map = {}
print_list = []
# 读取文件
def read_file():
file = open("frp.log", encoding='utf-8')
content = file.readline().replace("\n", "")
if is_save(content):
log_data.append(content)
while content:
content = file.readline().replace("\n", "")
if is_save(content):
log_data.append(content)
# 判断是否需要保存该条日志记录
def is_save(content):
for i in target_contents:
if i in content:
return True
return False
# 日志数据解析 保存到map中
def print_data():
for i in log_data:
try:
content = str(i)
log_time = content.split("").replace("\x1b[1;34m", "").strip()
ip_str = content.split(target_content)
ip_str = ip_str.replace("[", "").replace("]", "").split(":").strip()
log_datetime = datetime.datetime.strptime(log_time, "%Y/%m/%d %H:%M:%S")
map_data = log_map.get(ip_str)
data_list = []
if map_data is None:
data_list.append(log_datetime)
log_map = data_list
else:
data_list = map_data
data_list.append(log_datetime)
log_map = data_list
except Exception as e:
continue
# 按日志时间保存数据到map中
def print_data_date():
for i in log_data:
try:
content = str(i)
log_time = content.split("").replace("\x1b[1;34m", "").strip()
ip_str = content.split(target_content)
ip_str = ip_str.replace("[", "").replace("]", "").split(":").strip()
log_datetime = datetime.datetime.strptime(log_time, "%Y/%m/%d %H:%M:%S")
if end_time > log_datetime > start_time:
map_data = log_map.get(ip_str)
data_list = []
if map_data is None:
data_list.append(log_datetime)
log_map = data_list
else:
data_list = map_data
data_list.append(log_datetime)
log_map = data_list
except Exception as e:
continue
# 数据处理
def handler_log_map():
for key, value in log_map.items():
ip_num = len(value)
begin_time = value
stop_time = value[-1]
request_duration = stop_time - begin_time
request_seconds = request_duration.seconds
# print(request_duration.seconds)
start_date_time = value
value.remove(start_date_time)
request_all_rate = 0
for i in value:
end_date_time = i
duration = end_date_time - start_date_time
request_all_rate = request_all_rate + duration.seconds
start_date_time = i
local_print_list = [key, begin_time, stop_time, ip_num, int(request_all_rate / ip_num), request_seconds,
int(request_seconds / 60), int(request_seconds / 3600), int(request_seconds / 86400)]
print_list.append(local_print_list)
print(
"IP地址{}: 开始请求时间{}, 最后一次请求时间{}, 请求次数{}, 请求频率 = {}, 请求跨度(秒) = {}, 请求跨度(分) = {}, 请求跨度(时) = {}, 请求跨度(天) = {}"
.format(key, begin_time, stop_time, ip_num, int(request_all_rate / ip_num), request_seconds,
int(request_seconds / 60), int(request_seconds / 3600), int(request_seconds / 86400)))
# 导出Excel
def save_excel():
book = openpyxl.Workbook()
ws = book.active
col = ('IP地址', '开始请求时间', "最后一次请求时间", "请求次数", "请求频率", "请求跨度(秒)", "请求跨度(分)",
"请求跨度(时)", "请求跨度(天)")
ws.append(col)# 先写表头
for key in print_list:
ws.append(key)
savepath = './FRP分析结果.xlsx'
book.save(savepath)
if __name__ == '__main__':
read_file()
print_data()
# print_data_date()
handler_log_map()
save_excel()
我觉得frp还需要多关注安全,估计好用的工具会被盯上,再加上是开源的,虽然不懂,但还是支持楼主分享。
页:
[1]