Python-CSV文件中列的计数器
[英]Python - Counter For Column In CSV File
问题描述
I'm auditing a SecurityLog CSV file and I have to count the most common event ID number for both the "audit Successes" and "audit failures. I can find the most occurring event ID for the whole file but not for each one. My script isn't the most efficient or perfect, but I can't find any way to do this. 
我正在审核一个SecurityLog CSV文件,并且我必须为“审核成功”和“审核失败”计算最常见的事件ID号。我可以找到整个文件中最常发生的事件ID,但不是每个文件都可以找到。脚本不是最有效或最完美的脚本,但我找不到任何方法可以做到这一点。
import csv
from collections import Counter
with open('SecLog.csv') as csvfile: #Open Security Log
readCSV = csv.reader(csvfile, delimiter=',')
data = list(readCSV) #to get number of entries in entire log
row_count=len(data)-1
data = open('SecLog.csv').read()
SucCount = data.count('Success') #counts the occurences of "Successes"
FailCount = data.count('Failure') #counts the occurences of "failures"
print "Number of Audit Failures:", FailCount, "Failures of", row_count, "entries"
print "Number of Audit Successes:", SucCount,"Successes of", row_count, "entries"
SECURITY LOG: Keywords,Date and Time,Source,Event ID,Task Category Audit Success,3/1/2018 4:52:36 PM,Microsoft-Windows-Security-Auditing,4798,User Account Management,"A user's local group membership was enumerated. 安全日志:关键字,日期和时间,源,事件ID,任务类别审核成功,3/1/2018 4:52:36 PM,Microsoft-Windows-Auditing,4798,用户帐户管理,“用户的本地组”枚举成员。
Subject: Security ID: DESKTOP-1PQOUT8\\Mack Naylor Account Name: Mack Naylor Account Domain: DESKTOP-1PQOUT8 Logon ID: 0x26723 主题:安全ID:DESKTOP-1PQOUT8 \\ Mack Naylor帐户名:Mack Naylor帐户域:DESKTOP-1PQOUT8登录ID:0x26723
User: Security ID: DESKTOP-1PQOUT8\\Mack Naylor Account Name: Mack Naylor Account Domain: DESKTOP-1PQOUT8 用户:安全ID:DESKTOP-1PQOUT8 \\ Mack Naylor帐户名:Mack Naylor帐户域:DESKTOP-1PQOUT8
Process Information: Process ID: 0x1e14 Process Name: C:\\Windows\\System32\\mmc.exe" Audit Success,3/1/2018 4:52:10 PM,Microsoft-Windows-Security-Auditing,4798,User Account Management,"A user's local group membership was enumerated. 进程信息:进程ID:0x1e14进程名称:C:\\ Windows \\ System32 \\ mmc.exe“审核成功,2018年3月1日下午4:52:10,Microsoft-Windows-Security-Auditing,4798,用户帐户管理, “列举了用户的本地组成员身份。
Subject: Security ID: DESKTOP-1PQOUT8\\Mack Naylor Account Name: Mack Naylor Account Domain: DESKTOP-1PQOUT8 Logon ID: 0x26723 主题:安全ID:DESKTOP-1PQOUT8 \\ Mack Naylor帐户名:Mack Naylor帐户域:DESKTOP-1PQOUT8登录ID:0x26723
User: Security ID: DESKTOP-1PQOUT8\\Mack Naylor Account Name: Mack Naylor Account Domain: DESKTOP-1PQOUT8 用户:安全ID:DESKTOP-1PQOUT8 \\ Mack Naylor帐户名:Mack Naylor帐户域:DESKTOP-1PQOUT8
Process Information: Process ID: 0x1e14 Process Name: C:\\Windows\\System32\\mmc.exe" Audit Success,3/1/2018 4:51:41 PM,Microsoft-Windows-Security-Auditing,4672,Special Logon,"Special privileges assigned to new logon. 进程信息:进程ID:0x1e14进程名称:C:\\ Windows \\ System32 \\ mmc.exe“审核成功,2018/3/1下午4:51:41,Microsoft-Windows-Security-Auditing,4672,Special Logon,”分配给新登录的特殊特权。
Subject: Security ID: SYSTEM Account Name: SYSTEM Account Domain: NT AUTHORITY Logon ID: 0x3E7 主题:安全ID:SYSTEM帐户名:SYSTEM帐户域:NT AUTHORITY登录ID:0x3E7
Privileges: SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege 特权:SeAssignPrimaryTokenPrivilege SeTcbPrivilege SeSecurityPrivilege
1 个解决方案
解决方案1
0 2018-03-03 01:54:55
If you know how to find the most occuring event ID for the whole file, why not sort the CSV by successes/failures and then split to two datasets. 如果您知道如何查找整个文件中最常出现的事件ID,为什么不按成功/失败对CSV排序,然后分成两个数据集。 Then you can find the most occuring event ID by the same aforementioned method for each dataset respectively. 然后,您可以通过上述相同的方法分别为每个数据集找到发生次数最多的事件ID。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.