Year of Python (YOP) – Week Forty Five


Hello Reader!

This weeks script comes from a case I’m working on right now for my job, and while I didn’t HAVE to write a python script for it, when I was talking with my co-worker about looking through some Windows DNS logs, he said to me…”There’s your python script for the week.”

And thus, YOP Week Forty Five was born!

The case I’m working on currently revolves around reviewing DNS logs for some specific information.  The Windows DNS logs themselves aren’t that bad to look through, until they are several hundred/thousand/billion megs in size…then you want to create some way to search through it rather easily.  I was starting to look through the data with Notepad++ when I realized it would be a lot nicer if there was an easy way to filter the data down.

So for this week, my script begins the process of what I want the end result script to be.  I did some looking online and there are a few Python scripts out there that parse Windows DNS logs, but they were designed for specific purposes, and I was looking to add some flexibility to mine.

But for this first stage, my goal was to clean up the file, and then output it to CSV format so I can filter it in Excel.  My plan for the next stage is to allow you to search, and clean up some of the formatting errors that are present in this version.

The first part of this script takes the DNS file and runs it through two stages, the first gets rid of the 34 lines at the start of the file.  These lines define the fields in the report.  My plan is to add them in as a header row in the second run through of this script.  The second function gets rid of the new lines in between each of the DNS log entires in the file itself.  For this part I actually create a backup file, since during some of my earlier testing I removed ALL the contents of the file.  Again in the second version I’ll move the backup portion to the first function, so that they entire script works off the backup file instead of the original file.

Finally I walk through the script and split the fields up to output into a CSV file.  The downside to Windows DNS logs is that they are field separated by spaces.  Where that becomes a problem is when you get to the Opcode field.  Since that field can have more than one value, you can have spaces between them, which the script interprets as two separate fields (even through it’s not).  I’m still trying to figure out the logic on that one, so you’ll need to be careful with the final CSV output, you might have some fields that have shifted over on accident.

Like I said this is the first pass on this script.  There are a few more things I need to tweak and fix.  But it’ll be enough to get me started with what I need it for on this case!

Until next week!


No Responses Yet to “Year of Python (YOP) – Week Forty Five”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: