Demo entry 6356196

py

   

Submitted by anonymous on Apr 17, 2017 at 10:32
Language: Python. Code size: 2.6 kB.

#! /usr/bin/python
# _*_ coding:utf-8 _*_

import xlrd
import xlwt
import time

workbook = xlrd.open_workbook('zhanghang.xlsx')
sheet = workbook.sheets()[0]
nrows = sheet.nrows
ncols = sheet.ncols

workbook1 = xlwt.Workbook()
sheet1 = workbook1.add_sheet('my sheet')
sheet1.write(0, 0, u'时间')
sheet1.write(0, 1, u'事件ID')
sheet1.write(0, 2, u'事件类型')
sheet1.write(0, 3, u'描述')

for i in range(1, nrows):
    row = sheet.row_values(i)
    timegenerated = xlrd.xldate_as_tuple(row[0], 0)
    timegenerated = '{}/{}/{}  {}:{}:{}'.format(timegenerated[0], timegenerated[1], timegenerated[2],
                                                timegenerated[3], timegenerated[4], timegenerated[5])
    eventid = int(row[1])
    string = str(row[2]).split('|')
    if eventid == 4648:
        event_type = u'尝试登录'
        account_name01 = string[1]
        account_domain01 = string[2]
        account_name02 = string[5]
        account_domain02 = string[6]
        destination_servername01 = string[8]
        ip_addr01 = string[12]
        result = u'使用者:{}:{},凭证:{}:{},目标服务器:{},网络信息:{}'.format(account_name01, account_domain01,
                                                               account_name02, account_domain02,
                                                               destination_servername01,
                                                               ip_addr01)
    elif eventid == 4624:
        event_type = u'登录成功'
        account_name11 = string[1]
        account_domain11 = string[2]
        account_name12 = string[5]
        account_domain12 = string[6]
        login_type11 = string[8]
        workstation11 = string[11]
        ip_addr11 = string[18]
        result = u'使用者:{}:{},登录用户:{}:{},登录类型:{},网络信息:{}:{}'.format(account_name11, account_domain11,
                                                                  account_name12, account_domain12, login_type11,
                                                                  workstation11, ip_addr11)
    elif eventid == 4634:
        event_type = u'注销'
        account_name21 = string[1]
        account_domain21 = string[2]
        login_type21 = string[4]
        result = u'使用者:{}:{},登录类型:{}'.format(account_name21, account_domain21, login_type21)

    else:
        result = string

    # print i, timegenerated, eventid, result
    sheet1.write(i, 0, timegenerated)
    sheet1.write(i, 1, eventid)
    sheet1.write(i, 2, event_type)
    sheet1.write(i, 3, result)

    workbook1.save('zhanghang.xls')

This snippet took 0.00 seconds to highlight.

Back to the Entry List or Home.

Delete this entry (admin only).