|
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# Set HKLM\SOFTWARE\Fortinet\FSAE\dcagent, REG_DWORD enable_log to 1.
# Default Filename path: C:\Program Files\Fortinet\FSAE\dcagentlog.txt or C:\dcagentlog.txt
#
# Author: Francois Ropert (Copyright - Fortinet)
#
import sys
import os
from datetime import datetime
fdlog = open(sys.argv[1])
# Map the whole file into memory
dcagentlog = fdlog.readlines()
fdlog.close deltas = []
previous_ts = ""
logons_cnt = 0
for line in dcagentlog:
if " Logon " in line:
try:
if line[19] == ".": # file version detection
logon_ts = line.split('.')[0]
else:
logon_ts = line.split(': ')[0]
if previous_ts == "":
previous_ts = logon_ts
tdelta = datetime.strptime(logon_ts, "%m/%d/%Y %H:%M:%S") - datetime.strptime(previous_ts, "%m/%d/%Y %H:%M:%S") except:
continue
try:
if str(tdelta) == "0:00:00":
logons_cnt += 1
else:
deltas.append(logons_cnt)
logons_cnt = 1
previous_ts = logon_ts
except:
continue
# handle dcagentlog.txt with logons in the same second.
if logons_cnt > 1:
deltas.append(logons_cnt)
min_rate = deltas[0]
for rate in deltas[1:]:
if rate < min_rate:
min_rate = rate
max_rate = deltas[0]
for rate in deltas[1:]:
if rate > max_rate:
max_rate = rate
print "Minimum logons per second rate:" + str(min_rate)
print "Maximum logons per second rate:" + str(max_rate)
print "Average logons per second rate:" + str(sum(deltas) / float(len(deltas)))
|
